From 4a6055b37271fbd62cc93bec3de0d6ebcfb7d916 Mon Sep 17 00:00:00 2001 From: sarps Date: Thu, 31 Oct 2024 16:17:13 +0100 Subject: [PATCH] Update tests --- .../java/archunit/FileHandlerConstants.java | 1 + .../JavaArchitectureTestCaseCollection.java | 7 +++ ...JavaSecurityTestCaseFactoryAndBuilder.java | 3 +- .../methods/thread-creation-methods.txt | 1 + .../ares/integration/testuser/ThreadUser.java | 19 ++++--- .../subject/{ => threads}/ThreadPenguin.java | 49 ++++++++++++++++--- 6 files changed, 62 insertions(+), 18 deletions(-) rename src/test/java/de/tum/cit/ase/ares/integration/testuser/subject/{ => threads}/ThreadPenguin.java (53%) diff --git a/src/main/java/de/tum/cit/ase/ares/api/architecture/java/archunit/FileHandlerConstants.java b/src/main/java/de/tum/cit/ase/ares/api/architecture/java/archunit/FileHandlerConstants.java index e2fd0c05..ff481295 100644 --- a/src/main/java/de/tum/cit/ase/ares/api/architecture/java/archunit/FileHandlerConstants.java +++ b/src/main/java/de/tum/cit/ase/ares/api/architecture/java/archunit/FileHandlerConstants.java @@ -17,6 +17,7 @@ public class FileHandlerConstants { public static final Path JAVA_REFLECTION_METHODS = FileTools.resolveOnResources("templates", "architecture" , "java", "archunit", "methods", "reflection-methods.txt"); public static final Path JAVA_COMMAND_EXECUTION_METHODS = FileTools.resolveOnResources("templates", "architecture" , "java", "archunit", "methods", "command-execution-methods.txt"); public static final Path JAVA_THREAD_CREATION_METHODS = FileTools.resolveOnResources("templates", "architecture" , "java", "archunit", "methods", "thread-creation-methods.txt"); + public static final Path JAVA_CLASSLOADER_METHODS = FileTools.resolveOnResources("templates", "architecture" , "java", "archunit", "methods", "classloader-methods.txt");; private FileHandlerConstants() { throw new UnsupportedOperationException(localized("security.general.utility.initialization")); diff --git a/src/main/java/de/tum/cit/ase/ares/api/architecture/java/archunit/postcompile/JavaArchitectureTestCaseCollection.java b/src/main/java/de/tum/cit/ase/ares/api/architecture/java/archunit/postcompile/JavaArchitectureTestCaseCollection.java index d996f33a..705230dc 100644 --- a/src/main/java/de/tum/cit/ase/ares/api/architecture/java/archunit/postcompile/JavaArchitectureTestCaseCollection.java +++ b/src/main/java/de/tum/cit/ase/ares/api/architecture/java/archunit/postcompile/JavaArchitectureTestCaseCollection.java @@ -153,4 +153,11 @@ public boolean test(JavaAccess javaAccess) { FileHandlerConstants.JAVA_THREAD_CREATION_METHODS ); // + + // + public static final ArchRule NO_CLASSES_SHOULD_USE_CLASSLOADERS = createNoClassShouldHaveMethodRule( + "uses ClassLoaders", + FileHandlerConstants.JAVA_CLASSLOADER_METHODS + ); + // } \ No newline at end of file diff --git a/src/main/java/de/tum/cit/ase/ares/api/securitytest/java/JavaSecurityTestCaseFactoryAndBuilder.java b/src/main/java/de/tum/cit/ase/ares/api/securitytest/java/JavaSecurityTestCaseFactoryAndBuilder.java index e7635d4c..4c0ef491 100644 --- a/src/main/java/de/tum/cit/ase/ares/api/securitytest/java/JavaSecurityTestCaseFactoryAndBuilder.java +++ b/src/main/java/de/tum/cit/ase/ares/api/securitytest/java/JavaSecurityTestCaseFactoryAndBuilder.java @@ -217,7 +217,7 @@ private void createSecurityTestCases() { (Supplier>) resourceAccesses::regardingFileSystemInteractions, (Supplier>) resourceAccesses::regardingNetworkConnections, (Supplier>) resourceAccesses::regardingCommandExecutions, -// (Supplier>) resourceAccesses::regardingThreadCreations, + (Supplier>) resourceAccesses::regardingThreadCreations, }; IntStream .range(0, methods.length) @@ -323,6 +323,7 @@ public void executeSecurityTestCases() { // JavaArchitectureTestCaseCollection.NO_CLASSES_SHOULD_USE_REFLECTION.check(classes); JavaArchitectureTestCaseCollection.NO_CLASSES_SHOULD_TERMINATE_JVM.check(classes); + JavaArchitectureTestCaseCollection.NO_CLASSES_SHOULD_USE_CLASSLOADERS.check(classes); // // diff --git a/src/main/resources/de/tum/cit/ase/ares/api/templates/architecture/java/archunit/methods/thread-creation-methods.txt b/src/main/resources/de/tum/cit/ase/ares/api/templates/architecture/java/archunit/methods/thread-creation-methods.txt index 748365e7..4f0c2f7c 100644 --- a/src/main/resources/de/tum/cit/ase/ares/api/templates/architecture/java/archunit/methods/thread-creation-methods.txt +++ b/src/main/resources/de/tum/cit/ase/ares/api/templates/architecture/java/archunit/methods/thread-creation-methods.txt @@ -153,6 +153,7 @@ java.util.concurrent.DelayQueue.take() java.util.concurrent.ExecutorService.close() java.util.concurrent.ForkJoinPool.managedBlock(java.util.concurrent.ForkJoinPool$ManagedBlocker) java.util.concurrent.ForkJoinPool.close() +java.util.concurrent.ForkJoinPool java.util.concurrent.ForkJoinTask.inForkJoinPool() java.util.concurrent.ForkJoinTask.fork() java.util.concurrent.ForkJoinTask.getPool() diff --git a/src/test/java/de/tum/cit/ase/ares/integration/testuser/ThreadUser.java b/src/test/java/de/tum/cit/ase/ares/integration/testuser/ThreadUser.java index 735d5950..832e143d 100644 --- a/src/test/java/de/tum/cit/ase/ares/integration/testuser/ThreadUser.java +++ b/src/test/java/de/tum/cit/ase/ares/integration/testuser/ThreadUser.java @@ -1,8 +1,5 @@ package de.tum.cit.ase.ares.integration.testuser; -import static org.junit.Assert.assertEquals; -import static org.junit.jupiter.api.Assertions.*; - import java.nio.file.Path; import java.util.concurrent.*; import java.util.concurrent.atomic.AtomicReference; @@ -15,7 +12,11 @@ import de.tum.cit.ase.ares.api.jupiter.PublicTest; import de.tum.cit.ase.ares.api.localization.UseLocale; //REMOVED: Import of ArtemisSecurityManager -import de.tum.cit.ase.ares.integration.testuser.subject.ThreadPenguin; +import de.tum.cit.ase.ares.integration.testuser.subject.threads.ThreadPenguin; + +import static org.assertj.core.api.Fail.fail; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; @UseLocale("en") @AllowThreads(maxActiveCount = 100) @@ -27,6 +28,10 @@ @SuppressWarnings("static-method") public class ThreadUser { + @PublicTest + @Policy(value = "src/test/resources/de/tum/cit/ase/ares/integration/testuser/securitypolicies/EverythingForbiddenPolicy.yaml", withinPath = "test-classes/de/tum/cit/ase/ares/integration/testuser/subject/threads") + void threadAccessTest() {} + @PublicTest void commonPoolInterruptable() throws InterruptedException, ExecutionException { // check functionality @@ -101,12 +106,6 @@ void threadWhitelistingWithPathPenguin() throws Throwable { ThreadPenguin.tryThreadWhitelisting(); } - /** - * This can be used to check for Threads that are not stoppable. This should - * never happen, but it could. Note that this test beaks all further ones, - * because the security manager will not be uninstalled and block everything. It - * works by catching the {@link ThreadDeath}. - */ // @PublicTest // void zz_unstoppable() { // long t = System.currentTimeMillis(); diff --git a/src/test/java/de/tum/cit/ase/ares/integration/testuser/subject/ThreadPenguin.java b/src/test/java/de/tum/cit/ase/ares/integration/testuser/subject/threads/ThreadPenguin.java similarity index 53% rename from src/test/java/de/tum/cit/ase/ares/integration/testuser/subject/ThreadPenguin.java rename to src/test/java/de/tum/cit/ase/ares/integration/testuser/subject/threads/ThreadPenguin.java index 9c3ad579..7a5a8455 100644 --- a/src/test/java/de/tum/cit/ase/ares/integration/testuser/subject/ThreadPenguin.java +++ b/src/test/java/de/tum/cit/ase/ares/integration/testuser/subject/threads/ThreadPenguin.java @@ -1,8 +1,9 @@ -package de.tum.cit.ase.ares.integration.testuser.subject; - -import static org.junit.jupiter.api.Assertions.assertDoesNotThrow; +package de.tum.cit.ase.ares.integration.testuser.subject.threads; import java.nio.file.Path; +import java.util.concurrent.ExecutionException; +import java.util.concurrent.ForkJoinPool; +import java.util.concurrent.TimeUnit; import java.util.concurrent.atomic.AtomicReference; //REMOVED: Import of ArtemisSecurityManager @@ -29,9 +30,7 @@ public static void tryStartTwoThreads() { // ignore } }); - assertDoesNotThrow(() -> { - t1.start(); - }); + t1.start(); new Thread().start(); } @@ -63,7 +62,7 @@ public static void spawnEndlessThreads() { public static void tryThreadWhitelisting() throws Throwable { AtomicReference failure = new AtomicReference<>(); - Thread t = new Thread(() -> Path.of("pom.xml").toFile().canWrite()); + Thread t = new Thread(() -> failure.set(new SecurityException("Thread not whitelisted"))); //REMOVED: Thread-whitelisting-request to ArtemisSecurityManager t.setUncaughtExceptionHandler((t1, e) -> failure.set(e)); t.start(); @@ -71,4 +70,40 @@ public static void tryThreadWhitelisting() throws Throwable { if (failure.get() != null) throw failure.get(); } + + void threadWhitelistingWithPathFail() throws Throwable { + AtomicReference failure = new AtomicReference<>(); + Thread t = new Thread(() -> failure.set(new SecurityException("Thread not whitelisted"))); + t.setUncaughtExceptionHandler((t1, e) -> failure.set(e)); + t.start(); + t.join(); + if (failure.get() != null) + throw failure.get(); + } + + void commonPoolInterruptable() throws InterruptedException, ExecutionException { + // check functionality + var res = ForkJoinPool.commonPool().submit(() -> "A").get(); + // submit long-running task + var task = ForkJoinPool.commonPool().submit(() -> { + ThreadPenguin.sleepInCurrentThread(5_000); + }); + // check that the task is still running after 100 ms + try { + Thread.sleep(100); + } catch (@SuppressWarnings("unused") InterruptedException e) { + Thread.currentThread().interrupt(); + } + // wait for task end + ForkJoinPool.commonPool().awaitQuiescence(5, TimeUnit.SECONDS); + } + + public static void something() { + new ThreadPenguin().start(); + } + + @Override + public void start() { + super.start(); + } }