/* * Copyright 2009-2012 Michael Dalton * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package jtaint; /* For concurrency reasons, all fields in our Configuration must be final. * However, it is very inconvenient to build a config file parser with * final fields for parsed output, as the parsing process can be dynamic and * fields may be * set once, twice, etc (or not at all - and then must be set to * a default value). For this reason, we perform parsing in the ConfigParser * class, and then store all parsing results in the final fields of the * Configuration class. By using only final fields, we ensure that all threads * will see up-to-date values for our fields without requiring additional * locking or synchronization */ import java.util.Map; public final class Configuration { /* We keep track of policy states using booleans rather than policy * objects so that all configuration checks can be constant-folded by the * JVM */ public static final boolean execPolicyEnabled; public static final boolean execPolicyLogAttack; public static final boolean filePolicyEnabled; public static final boolean filePolicyLogAttack; public static final boolean sqlPolicyEnabled; public static final boolean sqlPolicyLogAttack; public static final boolean sqlPolicyLogVuln; public static final boolean xssPolicyEnabled; public static final boolean xssPolicyLogAttack; public static final boolean xssPolicyLogVuln; public static final Map xssFilters; public static final Map execWhitelist; public static final Map fileWhitelist; public static final Map sqlWhitelist; public static final Map xssWhitelist; static { ConfigParser cp = new ConfigParser(); cp.parse(); Policy p = cp.execPolicy(); execPolicyEnabled = p.getEnabled(); execPolicyLogAttack = p.getLogAttack(); p = cp.filePolicy(); filePolicyEnabled = p.getEnabled(); filePolicyLogAttack = p.getLogAttack(); p = cp.sqlPolicy(); sqlPolicyEnabled = p.getEnabled(); sqlPolicyLogAttack = p.getLogAttack(); sqlPolicyLogVuln = p.getLogVuln(); p = cp.xssPolicy(); xssPolicyEnabled = p.getEnabled(); xssPolicyLogAttack = p.getLogAttack(); xssPolicyLogVuln = p.getLogVuln(); xssFilters = cp.xssFilters(); execWhitelist = cp.execWhitelist(); fileWhitelist = cp.fileWhitelist(); sqlWhitelist = cp.sqlWhitelist(); xssWhitelist = cp.xssWhitelist(); } }