search

propensive / fury-old

A new build tool for JVM languages
Apache License 2.0
413 stars 34 forks source link

Impossible to add a wildcard permission #772

Open odisseus opened 4 years ago

odisseus commented 4 years ago

Example

Command

fury permission require -C java.util.PropertyPermission -T \* -A 'read,write'

Entry in the layer file

java.util.PropertyPermission * read,write       className       java.util.PropertyPermission
        target  *
        action  Some    read,write

Entry in the permissions list

293   java.util.PropertyPermission  layers out target src test  read,write

Stack trace

java.security.policy: error parsing file:~/.cache/fury/policies/45c2eafc-34f8-4844-b71b-66322f13e515:
        line 9: expected [;], found [*]
Exception in thread "ScalaTest-main" java.lang.ExceptionInInitializerError
        at scala.compat.Platform$.<init>(Platform.scala:114)
        at scala.compat.Platform$.<clinit>(Platform.scala)
        at org.scalactic.Prettifier$.<init>(Prettifier.scala:341)
        at org.scalactic.Prettifier$.<clinit>(Prettifier.scala)
        at org.scalatest.tools.ArgsParser$.parseSuiteArgs(ArgsParser.scala:1012)
        at org.scalatest.tools.Runner$.runOptionallyWithPassFailReporter(Runner.scala:893)
        at org.scalatest.tools.Runner$.main(Runner.scala:827)
        at org.scalatest.tools.Runner.main(Runner.scala)
Caused by: java.security.AccessControlException: access denied ("java.util.PropertyPermission" "scala.maven.version.number" "read")
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
        at java.security.AccessController.checkPermission(AccessController.java:886)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
        at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1294)
        at java.lang.System.getProperty(System.java:753)

Generated entry in the policy file

permission java.util.PropertyPermission ""*"", "read,write";
odisseus commented 4 years ago

It turns out that the problem was caused by a bad entry in the global policy configuration:

0WdAKHigtwbDdi0mhDKcLy6gKNhPBw6K6crBww7ZiSI     scope   ProjectScope    unicorn
        permission      className       java.util.PropertyPermission
                target  \*
                action  Some    read,write
odisseus commented 4 years ago

The wildcards have different effect if Fury is invoked in standalone mode:

$ set -o noglob
$ fury permission require -C java.util.PropertyPermission -T * -A 'read,write'
54bb16098c4d5d4efcbc86a4f7c00b9976dce7a038ca719ea693bfd1a50bf966
$ fury standalone permission require -C java.util.PropertyPermission -T * -A 'read,write'
2614b50c9de54c3c2fb2160fd103c3c3bb7838a20ac665e84fa55e3eee0a1f8d
$ fury permission list
~/devel/virtus_fury/beholder/test
HASH  CLASS                         TARGET     ACTION    
261   java.util.PropertyPermission  *          read,write
54b   java.util.PropertyPermission  README.md  read,write