Skip to content

Commit

Permalink
remove serialization-stage secmgr to avoid spurious errors due to ext…
Browse files Browse the repository at this point in the history 
…ra surefire thread
  • Loading branch information
@frohoff
frohoff committed Nov 15, 2018
1 parent a1a40d2 commit 4088b8c
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 4 deletions.
2 changes: 1 addition & 1 deletion src/main/java/ysoserial/secmgr/ExecCheckingSecurityManager.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
import java.util.List;
import java.util.concurrent.Callable;

// TODO per-thread secmgr
public class ExecCheckingSecurityManager extends SecurityManager {
public ExecCheckingSecurityManager() {
this(true);
Expand Down Expand Up @@ -41,7 +42,6 @@ public void checkExec(final String cmd) {
}
};


@SuppressWarnings("serial")
public static class ExecException extends RuntimeException {
private final String threadName = Thread.currentThread().getName();
Expand Down
1 change: 0 additions & 1 deletion src/test/java/ysoserial/payloads/CommandExecTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@ public class CommandExecTest implements CustomTest {
@Override
public void run(Callable<Object> payload) throws Exception {
Assert.assertFalse("test file should not exist", testFile.exists());
Exception err;
try {
payload.call();
} catch (Exception e) {
Expand Down
4 changes: 2 additions & 2 deletions src/test/java/ysoserial/payloads/PayloadsTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,8 +107,8 @@ public static void testPayload ( final Class<? extends ObjectPayload<?>> payload
customDeserializer = ((CustomDeserializer)testHarness).getCustomDeserializer();
}

ExecCheckingSecurityManager sm = new ExecCheckingSecurityManager();
final byte[] serialized = sm.callWrapped(makeSerializeCallable(payloadClass, payloadCommand));
// TODO per-thread secmgr to enforce no detonation during deserialization
final byte[] serialized = makeSerializeCallable(payloadClass, payloadCommand).call();
Callable<Object> callable = makeDeserializeCallable(t, addlClassesForClassLoader, deps, serialized, customDeserializer);
if ( testHarness instanceof WrappedTest ) {
callable = ( (WrappedTest) testHarness ).createCallable(callable);
Expand Down

0 comments on commit 4088b8c

Please sign in to comment.