Permission Analysis Report


Analysis of: org.eclipse.osgi

Detail


Class: org.eclipse.osgi.framework.internal.protocol.StreamHandlerFactory (Application)
DoPrivileged location: Line# 67 java.net.URLStreamHandler createURLStreamHandler( java.lang.String )
   Permission: java.util.PropertyPermission "java.protocol.handler.pkgs", "read"
      Primordial/java.lang.String java.lang.System.getProperty( java.lang.String )


CODE

/**
	 * Creates a new URLStreamHandler instance for the specified
	 * protocol.
	 *
	 * @param protocol The desired protocol
	 * @return a URLStreamHandler for the specific protocol.
	 */
	//TODO consider refactoring this method - it is too long
	public URLStreamHandler createURLStreamHandler(String protocol) {

		//first check for built in handlers
		String builtInHandlers = System.getProperty(PROTOCOL_HANDLER_PKGS);
		Class clazz = null;
		if (builtInHandlers != null) {
			StringTokenizer tok = new StringTokenizer(builtInHandlers, "|"); //$NON-NLS-1$
			while (tok.hasMoreElements()) {
				StringBuffer name = new StringBuffer();
				name.append(tok.nextToken());
				name.append("."); //$NON-NLS-1$
				name.append(protocol);
				name.append(".Handler"); //$NON-NLS-1$
				try {
					clazz = secureAction.forName(name.toString());
					if (clazz != null) {
						return (null); //this class exists, it is a built in handler, let the JVM handle it	
					}
				} catch (ClassNotFoundException ex) {
				} //keep looking 
			}
		}

		//internal protocol handlers
		String name = INTERNAL_PROTOCOL_HANDLER_PKG + protocol + ".Handler"; //$NON-NLS-1$

		try {
			clazz = secureAction.forName(name);
		}
		//Now we check the service registry
		catch (Throwable t) {
			//first check to see if the handler is in the cache
			URLStreamHandlerProxy handler = (URLStreamHandlerProxy) proxies.get(protocol);
			if (handler != null) {
				return (handler);
			}
			//TODO avoid deep nesting of control structures - return early
			//look through the service registry for a URLStramHandler registered for this protocol
			org.osgi.framework.ServiceReference[] serviceReferences = handlerTracker.getServiceReferences();
			if (serviceReferences != null) {
				for (int i = 0; i < serviceReferences.length; i++) {
					Object prop = serviceReferences[i].getProperty(URLConstants.URL_HANDLER_PROTOCOL);
					if (prop != null && prop instanceof String[]) {
						String[] protocols = (String[]) prop;
						for (int j = 0; j < protocols.length; j++) {
							if (protocols[j].equals(protocol)) {
								handler = new URLStreamHandlerProxy(protocol, serviceReferences[i], context);
								proxies.put(protocol, handler);
								return (handler);
							}
						}
					}
				}
			}
			return (null);
		}

		if (clazz == null) {
			return null;
		}

		try {
			URLStreamHandler handler = (URLStreamHandler) clazz.newInstance();

			if (handler instanceof ProtocolActivator) {
				((ProtocolActivator) handler).start(context, adaptor);
			}

			return handler;
		} catch (Exception e) {
			return null;
		}
	}


Tainted variable reference trace:


Permission Requirements:




Conclusion: