Permission Analysis Report
Analysis of: org.eclipse.core.runtime
Detail
Class: org.eclipse.core.internal.preferences.PreferencesService (Application)
DoPrivileged location: Line# 665 org.eclipse.core.runtime.preferences.IExportedPreferences readPreferences( java.io.InputStream )
Permission: java.util.PropertyPermission "java.vendor.url.bug", "read"
Primordial/void java.util.Properties.load( java.io.InputStream )
CODE
public IExportedPreferences readPreferences(InputStream input) throws CoreException {
if (input == null)
throw new IllegalArgumentException();
if (InternalPlatform.DEBUG_PREFERENCE_GENERAL)
Policy.debug("Reading preferences from stream..."); //$NON-NLS-1$
// read the file into a properties object
Properties properties = new Properties();
try {
properties.load(input);
} catch (IOException e) {
throw new CoreException(createStatusError(Messages.preferences_importProblems, e));
} finally {
try {
input.close();
} catch (IOException e) {
// ignore
}
}
// an empty file is an invalid file format
if (properties.isEmpty())
throw new CoreException(createStatusError(Messages.preferences_invalidFileFormat, null));
// manipulate the file if it from a legacy preference export
if (isLegacy(properties)) {
if (InternalPlatform.DEBUG_PREFERENCE_GENERAL)
Policy.debug("Read legacy preferences file, converting to 3.0 format..."); //$NON-NLS-1$
properties = convertFromLegacy(properties);
} else {
if (InternalPlatform.DEBUG_PREFERENCE_GENERAL)
Policy.debug("Read preferences file."); //$NON-NLS-1$
properties.remove(VERSION_KEY);
}
// convert the Properties object into an object to return
return convertFromProperties(properties);
}
Tainted variable reference trace:
Permission Requirements:
- permission java.util.PropertyPermission "java.vendor.url.bug", "read";
Conclusion:
Wrap the identified location as the shown in the following:
public IExportedPreferences readPreferences(InputStream input) throws CoreException {
if (input == null)
throw new IllegalArgumentException();
if (InternalPlatform.DEBUG_PREFERENCE_GENERAL)
Policy.debug("Reading preferences from stream..."); //$NON-NLS-1$
// read the file into a properties object
Properties properties = new Properties();
try {
if(System.getSecurityManager() == null) {
properties.load(input);
} else {
AccessController.doPrivileged(new LoadPropertyFromInputStreamAction(properties, input));
}
} catch (IOException e) {
throw new CoreException(createStatusError(Messages.preferences_importProblems, e));
} catch (PrivilegedActionException pae) {
throw (CoreException) new CoreException(createStatusError(Messages.preferences_importProblems, pae)).initCause(pae);
} finally {
try {
input.close();
} catch (IOException e) {
// ignore
}
}
// an empty file is an invalid file format
if (properties.isEmpty())
throw new CoreException(createStatusError(Messages.preferences_invalidFileFormat, null));
// manipulate the file if it from a legacy preference export
if (isLegacy(properties)) {
if (InternalPlatform.DEBUG_PREFERENCE_GENERAL)
Policy.debug("Read legacy preferences file, converting to 3.0 format..."); //$NON-NLS-1$
properties = convertFromLegacy(properties);
} else {
if (InternalPlatform.DEBUG_PREFERENCE_GENERAL)
Policy.debug("Read preferences file."); //$NON-NLS-1$
properties.remove(VERSION_KEY);
}
// convert the Properties object into an object to return
return convertFromProperties(properties);
}
Grant the above permission to this plug-in via OSGI-INF/permissinos.perm file.
DoPrivileged location: Line# 780 org.eclipse.core.runtime.IStatus validateVersions( org.eclipse.core.runtime.IPath )
Permission: java.io.FilePermission "???file???", "read"
Primordial/void java.io.FileInputStream.FileInputStream( java.io.File )
CODE
public IStatus validateVersions(IPath path) {
final MultiStatus result = new MultiStatus(Platform.PI_RUNTIME, IStatus.INFO, Messages.preferences_validate, null);
IPreferenceNodeVisitor visitor = new IPreferenceNodeVisitor() {
public boolean visit(IEclipsePreferences node) {
if (!(node instanceof ExportedPreferences))
return false;
// calculate the version in the file
ExportedPreferences realNode = (ExportedPreferences) node;
String version = realNode.getVersion();
if (version == null || !PluginVersionIdentifier.validateVersion(version).isOK())
return true;
PluginVersionIdentifier versionInFile = new PluginVersionIdentifier(version);
// calculate the version of the installed bundle
String bundleName = getBundleName(node.absolutePath());
if (bundleName == null)
return true;
String stringVersion = getBundleVersion(bundleName);
if (stringVersion == null || !PluginVersionIdentifier.validateVersion(stringVersion).isOK())
return true;
PluginVersionIdentifier versionInMemory = new PluginVersionIdentifier(stringVersion);
// verify the versions based on the matching rules
IStatus verification = validatePluginVersions(bundleName, versionInFile, versionInMemory);
if (verification != null)
result.add(verification);
return true;
}
};
InputStream input = null;
try {
input = new BufferedInputStream(new FileInputStream(path.toFile()));
IExportedPreferences prefs = readPreferences(input);
prefs.accept(visitor);
} catch (FileNotFoundException e) {
// ignore...if the file does not exist then all is OK
} catch (CoreException e) {
result.add(createStatusError(Messages.preferences_validationException, e));
} catch (BackingStoreException e) {
result.add(createStatusError(Messages.preferences_validationException, e));
}
return result;
}
Tainted variable reference trace:
Permission Requirements:
- permission java.io.FilePermission "???file???", "read";
Conclusion:
The path variable is tained and provided by the caller.
Grant the permission to this plug-in via OSGI-INF/permissions.perm file.