[jbosstools-issues] [JBoss JIRA] (JBIDE-14843) arquillian validator security concerns

[Max Rydahl Andersen (JIRA)]

    [ https://issues.jboss.org/browse/JBIDE-14843?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12781224#comment-12781224 ] 

Max Rydahl Andersen commented on JBIDE-14843:
---------------------------------------------

see http://stackoverflow.com/questions/502218/sandbox-against-malicious-code-in-a-java-application for how to do this.

But for beta2 I would say its better we simply disable this to avoid problems.
                
> arquillian validator security concerns
> --------------------------------------
>
>                 Key: JBIDE-14843
>                 URL: https://issues.jboss.org/browse/JBIDE-14843
>             Project: Tools (JBoss Tools)
>          Issue Type: Bug
>          Components: testing-tools
>            Reporter: Max Rydahl Andersen
>            Assignee: Snjezana Peco
>            Priority: Blocker
>             Fix For: 4.1.0.Beta2
>
>
> the arquillian validator seem to be running automatically and without a controlling security manager.
> With that behavior we are vunerable to file deletions, system exits and malicious code.
> Just try adding this to a @Deployment method:
> System.exit(0);
> or even worse file deletions.
> This is not okey - we need next release to not allow this to happen.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira