JDK-8230407 : SocketPermission and FilePermission action list allows leading comma
- Type: Bug
- Component: security-libs
- Affected Version: 14
- Priority: P4
- Status: Closed
- Resolution: Fixed
- Submitted: 2019-08-30
- Updated: 2022-01-19
- Resolved: 2019-10-16
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 14 |
|---|
14 b20Fixed  |
Related Reports
|
CSR :
|
|
|
Duplicate :
|
Description
The constructor of SocketPermission(String host, String action) expects the action argument to be a comma-separated list of possible actions, like connect, accept, listen, resolve.
The string must contain at least one action and is allowed to contain white spaces, which are ignored.
It turns out that if the string is immediately started with a comma, the argument is parsed Okay.
new SocketPermission("localhost", " , connect, accept"); <<-- throws IllegalArgumentException: invalid permission: , connect, accept
new SocketPermission("localhost", ", connect, accept"); <<-- does not throw
It would be better to make parsing more consistent.
Also, it may be a good idea to update the javadoc and specify the possible exceptions to be thrown.
Comments
|