[jbosstools-issues] [JBoss JIRA] (JBIDE-14843) arquillian validator security concerns
Petr Suchý (JIRA)
jira-events at lists.jboss.org
Tue Jun 25 10:19:21 EDT 2013
[ https://issues.jboss.org/browse/JBIDE-14843?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Petr Suchý closed JBIDE-14843.
------------------------------
Verified in JBT 4.1.0.Beta2a v20130623-0706-B341
> arquillian validator security concerns
> --------------------------------------
>
> Key: JBIDE-14843
> URL: https://issues.jboss.org/browse/JBIDE-14843
> Project: Tools (JBoss Tools)
> Issue Type: Bug
> Components: testing-tools
> Reporter: Max Rydahl Andersen
> Assignee: Max Rydahl Andersen
> Priority: Blocker
> Fix For: 4.1.0.Beta2
>
>
> the arquillian validator seem to be running automatically and without a controlling security manager.
> With that behavior we are vunerable to file deletions, system exits and malicious code.
> Just try adding this to a @Deployment method:
> System.exit(0);
> or even worse file deletions.
> This is not okey - we need next release to not allow this to happen.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jbosstools-issues
mailing list