Detail
Class: org.eclipse.help.internal.toc.TocFile (Application)
DoPrivileged location: Line# 66 java.io.InputStream getInputStream( )
Permission: java.io.FilePermission "???file???", "read"
Primordial/void java.io.FileInputStream.FileInputStream( java.lang.String )
CODE
protected InputStream getInputStream() {InputStream stream = null;
try {if (plugin != null)
stream = ResourceLocator.openFromPlugin(plugin, href, locale);
else
stream = new FileInputStream(href); } catch (IOException e) {}
return stream;
}
Tainted variable reference trace:
Permission Requirements:
· permission java.io.FilePermission "???file???", "read";Conclusion:
Grant the required permissions to runtime.jar. Any caller read from a file in the filesystem must have permission explicitly granted. - Fine grained access control.
protected InputStream getInputStream() {InputStream stream = null;
try {if (plugin != null)
stream = ResourceLocator.openFromPlugin(plugin, href, locale);
else{ if(System.getSecurityManager() == null) { stream = new FileInputStream(href);
}
else { stream = (InputStream) AccessController.doPrivileged( new PrivilegedExceptionAction() { public Object run() throws IOException { return new FileInputStream(href); } } );}
}
} catch (IOException e) {return null;
} catch (PrivilegedActionException e) {return null;
}
return stream;
}