Boris Unckel created IO-712:
-------------------------------
Summary: SecurityExceptions are hidden instead of breaking the
regular flow
Key: IO-712
URL: https://issues.apache.org/jira/browse/IO-712
Project: Commons IO
Issue Type: Bug
Components: Utilities
Affects Versions: 2.8.0
Reporter: Boris Unckel
Several points in the code hide SecurityException. These _must_ always _break_
the regular control flow, if you're not the SecurityManager.
UseCase A: One wants to configure the SecurityManager and grant permissions.
Part of the application is to delete a file. If the permission is missing,
cleaning does not work. The missing exception does not allow to recognize that.
UseCase B: One has activated the SecurityManager. An attacker abuses the
relevant method. The missing SecurityException hides this attempt, ones IDS
can't alarm.
UseCase C: One utilizes the SecurityManager to test the system, to ensure
every property (like file location) is set properly. The missing
SecurityException does not support this UseCase.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
