Boris Unckel created IO-712: ------------------------------- Summary: SecurityExceptions are hidden instead of breaking the regular flow Key: IO-712 URL: https://issues.apache.org/jira/browse/IO-712 Project: Commons IO Issue Type: Bug Components: Utilities Affects Versions: 2.8.0 Reporter: Boris Unckel
Several points in the code hide SecurityException. These _must_ always _break_ the regular control flow, if you're not the SecurityManager. UseCase A: One wants to configure the SecurityManager and grant permissions. Part of the application is to delete a file. If the permission is missing, cleaning does not work. The missing exception does not allow to recognize that. UseCase B: One has activated the SecurityManager. An attacker abuses the relevant method. The missing SecurityException hides this attempt, ones IDS can't alarm. UseCase C: One utilizes the SecurityManager to test the system, to ensure every property (like file location) is set properly. The missing SecurityException does not support this UseCase. -- This message was sent by Atlassian Jira (v8.3.4#803005)