Permission Analysis Report
Analysis of: org.eclipse.core.runtime
Detail
Class: org.eclipse.core.internal.runtime.PlatformURLConfigConnection (Application)
DoPrivileged location: Line# 91 java.io.OutputStream getOutputStream( )
Permission: java.io.FilePermission "???file???", "read"
Primordial/boolean java.io.File.mkdirs( )
Permission: java.io.FilePermission "???file???", "write"
Primordial/boolean java.io.File.mkdirs( )
Permission: java.util.PropertyPermission "user.dir", "read"
Primordial/boolean java.io.File.mkdirs( )
CODE
public OutputStream getOutputStream() throws IOException {
if (parentConfiguration || Platform.getConfigurationLocation().isReadOnly())
throw new UnknownServiceException(NLS.bind(Messages.url_noOutput, url));
//This is not optimal but connection is a private ivar in super.
URL resolved = getResolvedURL();
if (resolved != null) {
String fileString = resolved.getFile();
if (fileString != null) {
File file = new File(fileString);
String parent = file.getParent();
if (parent != null)
new File(parent).mkdirs();
return new FileOutputStream(file);
}
}
return null;
}
Tainted variable reference trace:
Permission Requirements:
- permission java.io.FilePermission "???file???", "read";
- permission java.io.FilePermission "???file???", "write";
- permission java.util.PropertyPermission "user.dir", "read";
Conclusion:
The the parent variable is eventually set by the resolvedURL which is in the super class.
Grant the above required permission permission to this plug-in via OSGI-INF/permissions.perm file.
DoPrivileged location: Line# 92 java.io.OutputStream getOutputStream( )
Permission: java.io.FilePermission "???file???", "write"
Primordial/void java.io.FileOutputStream.FileOutputStream( java.io.File )
CODE
public OutputStream getOutputStream() throws IOException {
if (parentConfiguration || Platform.getConfigurationLocation().isReadOnly())
throw new UnknownServiceException(NLS.bind(Messages.url_noOutput, url));
//This is not optimal but connection is a private ivar in super.
URL resolved = getResolvedURL();
if (resolved != null) {
String fileString = resolved.getFile();
if (fileString != null) {
File file = new File(fileString);
String parent = file.getParent();
if (parent != null)
new File(parent).mkdirs();
return new FileOutputStream(file);
}
}
return null;
}
Tainted variable reference trace:
Permission Requirements:
- permission java.io.FilePermission "???file???", "write";
Conclusion:
See prior conclusion.
DoPrivileged location: Line# 47 java.net.URL resolve( )
Permission: java.lang.RuntimePermission "getClassLoader"
Primordial/void java.net.URL.URL( java.net.URL, java.lang.String )
Permission: java.lang.RuntimePermission "modifyThread"
Primordial/void java.net.URL.URL( java.net.URL, java.lang.String )
Permission: java.net.NetPermission "specifyStreamHandler"
Primordial/void java.net.URL.URL( java.net.URL, java.lang.String )
Permission: java.net.SocketPermission "???host???", "resolve"
Primordial/void java.net.URL.URL( java.net.URL, java.lang.String )
Permission: java.net.SocketPermission "???host???:???port???", "connect"
Primordial/void java.net.URL.URL( java.net.URL, java.lang.String )
Permission: java.net.SocketPermission "localhost", "resolve"
Primordial/void java.net.URL.URL( java.net.URL, java.lang.String )
Permission: java.net.SocketPermission "localhost:1024-", "resolve"
Primordial/void java.net.URL.URL( java.net.URL, java.lang.String )
Permission: java.net.SocketPermission "localhost:1024-:???port???", "connect"
Primordial/void java.net.URL.URL( java.net.URL, java.lang.String )
Permission: java.net.SocketPermission "localhost:???port???", "connect"
Primordial/void java.net.URL.URL( java.net.URL, java.lang.String )
Permission: java.util.PropertyPermission "java.protocol.handler.pkgs", "read"
Primordial/void java.net.URL.URL( java.net.URL, java.lang.String )
Permission: org.osgi.framework.ServicePermission "", ""
Primordial/void java.net.URL.URL( java.net.URL, java.lang.String )
Permission: org.osgi.framework.ServicePermission "", "get"
Primordial/void java.net.URL.URL( java.net.URL, java.lang.String )
Permission: org.osgi.framework.ServicePermission "java.net.ContentHandler", ""
Primordial/void java.net.URL.URL( java.net.URL, java.lang.String )
Permission: org.osgi.framework.ServicePermission "java.net.ContentHandler", "get"
Primordial/void java.net.URL.URL( java.net.URL, java.lang.String )
Permission: org.osgi.framework.ServicePermission "org.osgi.service.url.URLStreamHandlerService", ""
Primordial/void java.net.URL.URL( java.net.URL, java.lang.String )
Permission: org.osgi.framework.ServicePermission "org.osgi.service.url.URLStreamHandlerService", "get"
Primordial/void java.net.URL.URL( java.net.URL, java.lang.String )
CODE
protected URL resolve() throws IOException {
String spec = url.getFile().trim();
if (spec.startsWith("/")) //$NON-NLS-1$
spec = spec.substring(1);
if (!spec.startsWith(CONFIG))
throw new IOException(NLS.bind(Messages.url_badVariant, url.toString()));
String path = spec.substring(CONFIG.length() + 1);
// resolution takes parent configuration into account (if it exists)
Location localConfig = Platform.getConfigurationLocation();
Location parentConfig = localConfig.getParentLocation();
// assume we will find the file locally
URL localURL = new URL(localConfig.getURL(), path);
if (!FILE_PROTOCOL.equals(localURL.getProtocol()) || parentConfig == null)
// we only support cascaded file: URLs
return localURL;
File localFile = new File(localURL.getPath());
if (localFile.exists())
// file exists in local configuration
return localURL;
// try to find in the parent configuration
URL parentURL = new URL(parentConfig.getURL(), path);
if (FILE_PROTOCOL.equals(parentURL.getProtocol())) {
// we only support cascaded file: URLs
File parentFile = new File(parentURL.getPath());
if (parentFile.exists()) {
// parent has the location
parentConfiguration = true;
return parentURL;
}
}
return localURL;
}
Tainted variable reference trace:
Permission Requirements:
- permission java.lang.RuntimePermission "getClassLoader";
- permission java.lang.RuntimePermission "modifyThread";
- permission java.net.NetPermission "specifyStreamHandler";
- permission java.net.SocketPermission "???host???", "resolve";
- permission java.net.SocketPermission "???host???:???port???", "connect";
- permission java.net.SocketPermission "localhost", "resolve";
- permission java.net.SocketPermission "localhost:1024-", "resolve";
- permission java.net.SocketPermission "localhost:1024-:???port???", "connect";
- permission java.net.SocketPermission "localhost:???port???", "connect";
- permission java.util.PropertyPermission "java.protocol.handler.pkgs", "read";
- permission org.osgi.framework.ServicePermission "", "";
- permission org.osgi.framework.ServicePermission "", "get";
- permission org.osgi.framework.ServicePermission "java.net.ContentHandler", "";
- permission org.osgi.framework.ServicePermission "java.net.ContentHandler", "get";
- permission org.osgi.framework.ServicePermission "org.osgi.service.url.URLStreamHandlerService", "";
- permission org.osgi.framework.ServicePermission "org.osgi.service.url.URLStreamHandlerService", "get";
Conclusion:
Wrap the identified location as shown in the following:
protected URL resolve() throws IOException {
String spec = url.getFile().trim();
if (spec.startsWith("/")) //$NON-NLS-1$
spec = spec.substring(1);
if (!spec.startsWith(CONFIG))
throw new IOException(NLS.bind(Messages.url_badVariant, url.toString()));
String path = spec.substring(CONFIG.length() + 1);
// resolution takes parent configuration into account (if it exists)
Location localConfig = Platform.getConfigurationLocation();
Location parentConfig = localConfig.getParentLocation();
// create a local url appropriately assume we will find the file locally
URL localURL;
if(System.getSecurityManager() == null) {
localURL= new URL(localConfig.getURL(), path);
} else {
try {
localURL = (URL) AccessController.doPrivileged(new SecureURL(localConfig.getURL(), path));
} catch (PrivilegedActionException e) {
throw (IOException) new IOException().initCause(e);
}
}
if (!FILE_PROTOCOL.equals(localURL.getProtocol()) || parentConfig == null)
// we only support cascaded file: URLs
return localURL;
File localFile = new File(localURL.getPath());
if (localFile.exists())
// file exists in local configuration
return localURL;
// try to find in the parent configuration
URL parentURL;
if(System.getSecurityManager() == null) {
parentURL = new URL(parentConfig.getURL(), path);
} else {
try {
parentURL = (URL) AccessController.doPrivileged(new SecureURL(parentConfig.getURL(), path));
} catch (PrivilegedActionException e) {
throw (IOException) new IOException().initCause(e);
}
}
if (FILE_PROTOCOL.equals(parentURL.getProtocol())) {
// we only support cascaded file: URLs
File parentFile = new File(parentURL.getPath());
if (parentFile.exists()) {
// parent has the location
parentConfiguration = true;
return parentURL;
}
}
return localURL;
}
DoPrivileged location: Line# 52 java.net.URL resolve( )
Permission: java.io.FilePermission "???file???", "read"
Primordial/boolean java.io.File.exists( )
CODE
protected URL resolve() throws IOException {
String spec = url.getFile().trim();
if (spec.startsWith("/")) //$NON-NLS-1$
spec = spec.substring(1);
if (!spec.startsWith(CONFIG))
throw new IOException(NLS.bind(Messages.url_badVariant, url.toString()));
String path = spec.substring(CONFIG.length() + 1);
// resolution takes parent configuration into account (if it exists)
Location localConfig = Platform.getConfigurationLocation();
Location parentConfig = localConfig.getParentLocation();
// assume we will find the file locally
URL localURL = new URL(localConfig.getURL(), path);
if (!FILE_PROTOCOL.equals(localURL.getProtocol()) || parentConfig == null)
// we only support cascaded file: URLs
return localURL;
File localFile = new File(localURL.getPath());
if (localFile.exists())
// file exists in local configuration
return localURL;
// try to find in the parent configuration
URL parentURL = new URL(parentConfig.getURL(), path);
if (FILE_PROTOCOL.equals(parentURL.getProtocol())) {
// we only support cascaded file: URLs
File parentFile = new File(parentURL.getPath());
if (parentFile.exists()) {
// parent has the location
parentConfiguration = true;
return parentURL;
}
}
return localURL;
}
Tainted variable reference trace:
Permission Requirements:
- permission java.io.FilePermission "???file???", "read";
Conclusion:
Grant the permission to this plug-in via OSGI-INF/permissions.perm file.
DoPrivileged location: Line# 56 java.net.URL resolve( )
Permission: java.lang.RuntimePermission "getClassLoader"
Primordial/void java.net.URL.URL( java.net.URL, java.lang.String )
Permission: java.lang.RuntimePermission "modifyThread"
Primordial/void java.net.URL.URL( java.net.URL, java.lang.String )
Permission: java.net.NetPermission "specifyStreamHandler"
Primordial/void java.net.URL.URL( java.net.URL, java.lang.String )
Permission: java.net.SocketPermission "???host???", "resolve"
Primordial/void java.net.URL.URL( java.net.URL, java.lang.String )
Permission: java.net.SocketPermission "???host???:???port???", "connect"
Primordial/void java.net.URL.URL( java.net.URL, java.lang.String )
Permission: java.net.SocketPermission "localhost", "resolve"
Primordial/void java.net.URL.URL( java.net.URL, java.lang.String )
Permission: java.net.SocketPermission "localhost:1024-", "resolve"
Primordial/void java.net.URL.URL( java.net.URL, java.lang.String )
Permission: java.net.SocketPermission "localhost:1024-:???port???", "connect"
Primordial/void java.net.URL.URL( java.net.URL, java.lang.String )
Permission: java.net.SocketPermission "localhost:???port???", "connect"
Primordial/void java.net.URL.URL( java.net.URL, java.lang.String )
Permission: java.util.PropertyPermission "java.protocol.handler.pkgs", "read"
Primordial/void java.net.URL.URL( java.net.URL, java.lang.String )
Permission: org.osgi.framework.ServicePermission "", ""
Primordial/void java.net.URL.URL( java.net.URL, java.lang.String )
Permission: org.osgi.framework.ServicePermission "", "get"
Primordial/void java.net.URL.URL( java.net.URL, java.lang.String )
Permission: org.osgi.framework.ServicePermission "java.net.ContentHandler", ""
Primordial/void java.net.URL.URL( java.net.URL, java.lang.String )
Permission: org.osgi.framework.ServicePermission "java.net.ContentHandler", "get"
Primordial/void java.net.URL.URL( java.net.URL, java.lang.String )
Permission: org.osgi.framework.ServicePermission "org.osgi.service.url.URLStreamHandlerService", ""
Primordial/void java.net.URL.URL( java.net.URL, java.lang.String )
Permission: org.osgi.framework.ServicePermission "org.osgi.service.url.URLStreamHandlerService", "get"
Primordial/void java.net.URL.URL( java.net.URL, java.lang.String )
CODE
protected URL resolve() throws IOException {
String spec = url.getFile().trim();
if (spec.startsWith("/")) //$NON-NLS-1$
spec = spec.substring(1);
if (!spec.startsWith(CONFIG))
throw new IOException(NLS.bind(Messages.url_badVariant, url.toString()));
String path = spec.substring(CONFIG.length() + 1);
// resolution takes parent configuration into account (if it exists)
Location localConfig = Platform.getConfigurationLocation();
Location parentConfig = localConfig.getParentLocation();
// assume we will find the file locally
URL localURL = new URL(localConfig.getURL(), path);
if (!FILE_PROTOCOL.equals(localURL.getProtocol()) || parentConfig == null)
// we only support cascaded file: URLs
return localURL;
File localFile = new File(localURL.getPath());
if (localFile.exists())
// file exists in local configuration
return localURL;
// try to find in the parent configuration
URL parentURL = new URL(parentConfig.getURL(), path);
if (FILE_PROTOCOL.equals(parentURL.getProtocol())) {
// we only support cascaded file: URLs
File parentFile = new File(parentURL.getPath());
if (parentFile.exists()) {
// parent has the location
parentConfiguration = true;
return parentURL;
}
}
return localURL;
}
Tainted variable reference trace:
Permission Requirements:
- permission java.lang.RuntimePermission "getClassLoader";
- permission java.lang.RuntimePermission "modifyThread";
- permission java.net.NetPermission "specifyStreamHandler";
- permission java.net.SocketPermission "???host???", "resolve";
- permission java.net.SocketPermission "???host???:???port???", "connect";
- permission java.net.SocketPermission "localhost", "resolve";
- permission java.net.SocketPermission "localhost:1024-", "resolve";
- permission java.net.SocketPermission "localhost:1024-:???port???", "connect";
- permission java.net.SocketPermission "localhost:???port???", "connect";
- permission java.util.PropertyPermission "java.protocol.handler.pkgs", "read";
- permission org.osgi.framework.ServicePermission "", "";
- permission org.osgi.framework.ServicePermission "", "get";
- permission org.osgi.framework.ServicePermission "java.net.ContentHandler", "";
- permission org.osgi.framework.ServicePermission "java.net.ContentHandler", "get";
- permission org.osgi.framework.ServicePermission "org.osgi.service.url.URLStreamHandlerService", "";
- permission org.osgi.framework.ServicePermission "org.osgi.service.url.URLStreamHandlerService", "get";
Conclusion:
Wrap the line as shown in the following:
protected URL resolve() throws IOException {
String spec = url.getFile().trim();
if (spec.startsWith("/")) //$NON-NLS-1$
spec = spec.substring(1);
if (!spec.startsWith(CONFIG))
throw new IOException(NLS.bind(Messages.url_badVariant, url.toString()));
String path = spec.substring(CONFIG.length() + 1);
// resolution takes parent configuration into account (if it exists)
Location localConfig = Platform.getConfigurationLocation();
Location parentConfig = localConfig.getParentLocation();
// create a local url appropriately assume we will find the file locally
URL localURL;
if(System.getSecurityManager() == null) {
localURL= new URL(localConfig.getURL(), path);
} else {
try {
localURL = (URL) AccessController.doPrivileged(new SecureURL(localConfig.getURL(), path));
} catch (PrivilegedActionException e) {
throw (IOException) new IOException().initCause(e);
}
}
if (!FILE_PROTOCOL.equals(localURL.getProtocol()) || parentConfig == null)
// we only support cascaded file: URLs
return localURL;
File localFile = new File(localURL.getPath());
if (localFile.exists())
// file exists in local configuration
return localURL;
// try to find in the parent configuration
URL parentURL;
if(System.getSecurityManager() == null) {
parentURL = new URL(parentConfig.getURL(), path);
} else {
try {
parentURL = (URL) AccessController.doPrivileged(new SecureURL(parentConfig.getURL(), path));
} catch (PrivilegedActionException e) {
throw (IOException) new IOException().initCause(e);
}
}
if (FILE_PROTOCOL.equals(parentURL.getProtocol())) {
// we only support cascaded file: URLs
File parentFile = new File(parentURL.getPath());
if (parentFile.exists()) {
// parent has the location
parentConfiguration = true;
return parentURL;
}
}
return localURL;
}
DoPrivileged location: Line# 60 java.net.URL resolve( )
Permission: java.io.FilePermission "???file???", "read"
Primordial/boolean java.io.File.exists( )
CODE
protected URL resolve() throws IOException {
String spec = url.getFile().trim();
if (spec.startsWith("/")) //$NON-NLS-1$
spec = spec.substring(1);
if (!spec.startsWith(CONFIG))
throw new IOException(NLS.bind(Messages.url_badVariant, url.toString()));
String path = spec.substring(CONFIG.length() + 1);
// resolution takes parent configuration into account (if it exists)
Location localConfig = Platform.getConfigurationLocation();
Location parentConfig = localConfig.getParentLocation();
// assume we will find the file locally
URL localURL = new URL(localConfig.getURL(), path);
if (!FILE_PROTOCOL.equals(localURL.getProtocol()) || parentConfig == null)
// we only support cascaded file: URLs
return localURL;
File localFile = new File(localURL.getPath());
if (localFile.exists())
// file exists in local configuration
return localURL;
// try to find in the parent configuration
URL parentURL = new URL(parentConfig.getURL(), path);
if (FILE_PROTOCOL.equals(parentURL.getProtocol())) {
// we only support cascaded file: URLs
File parentFile = new File(parentURL.getPath());
if (parentFile.exists()) {
// parent has the location
parentConfiguration = true;
return parentURL;
}
}
return localURL;
}
Tainted variable reference trace:
Permission Requirements:
- permission java.io.FilePermission "???file???", "read";
Conclusion:
Grant the permissin to this plu-in via OSGI-INF/permissions.perm file.