[CALCITE-1830] ProcessBuilder is security sensitive; move it to test suite to prevent accidents - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.13.0
Component/s: None
Labels:
None

Description

The java.lang.ProcessBuilder class is security-sensitive because it creates operating system processes. It would be a security concern only if Calcite called it with user data, and that is not and never has been the case.

It is currently only used by the test suite. This change moves use of the method into the test module, to prevent developers accidentally introducing security issues in future.

Public method Util.runAppProcess is removed without notice; two methods named Util.newAppProcess and one named Util.runApplication were previously marked "deprecated, to be removed before 2.0" and are also removed.

Attachments

Activity

People

Assignee:: Julian Hyde

Reporter:: Julian Hyde

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 05/Jun/17 18:23

Updated:: 27/Feb/24 22:23

Resolved:: 06/Jun/17 03:04