/*
* Copyright (C) 2006-2016 DLR, Germany
*
* All rights reserved
*
* http://www.rcenvironment.de/
*/
package de.rcenvironment.core.communication.common;
import static org.junit.Assert.assertFalse;
import java.io.IOException;
import org.apache.commons.logging.LogFactory;
import org.junit.Test;
import de.rcenvironment.core.utils.common.security.AbstractDeserializationClasspathCheck;
import de.rcenvironment.core.utils.testing.CommonTestOptions;
/**
* Checks for potential security issues related to deserialization of data received from external sources, running in the classpath of the
* "utils.common" bundle.
*
* @author Robert Mischke
*/
public class CommunicationBundleDeserializationSafetyTest extends AbstractDeserializationClasspathCheck {
/**
* Checks the current classpath for classes known or suspected to be unsafe for deserialization of external data.
*
* @throws IOException
*/
@Test
public void testForKnownUnsafeClassesInClasspath() {
if (!CommonTestOptions.isExtendedTestingEnabled()) {
LogFactory.getLog(getClass()).info(
"Skipping classpath check for potentially insecure classes; only performed in 'extended' testing");
return;
}
boolean unsafeClassFound = checkForKnownUnsafeClassesInClasspath();
assertFalse("Found at least one known unsafe or suspicious class in the available classpath; check log output for details",
unsafeClassFound);
}
}