| java.lang.Object org.apache.derbyTesting.functionTests.util.SecurityCheck
SecurityCheck | public class SecurityCheck (Code) | | Code to aid in checking the Security of Derby.
This initial implementation only handles the emebdded code.
Future work could expand to the client driver and network server.
|
Method Summary | |
public static void | checkEmbeddedPublicApi() Perform security analysis of the public api for the embedded engine. | public static void | inspect(Object o, String declared) Inspect the class of the passed in Object for security risks.
This inspects, at this level only, the actual type of
the object, not the declared type. | public static void | inspectClass(String className) Inspect a class for security risks. | public static void | report() Produce a report on System.out of all inspected classes
that have risks associated with them. |
inspect | public static void inspect(Object o, String declared)(Code) | | Inspect the class of the passed in Object for security risks.
This inspects, at this level only, the actual type of
the object, not the declared type. E.g. for DriverManager.getConnection
the declared type is java.sql.Connection which has no security risks,
but the implementation type returned may have many.
Connection conn = DriverManager.getConnection(url);
// will inspect the implementation call, eg. EmbedConnection30
SecurityManager.inspect(conn);
No output is generated by this call,
the caller must call report() to obtain the risks.
Parameters: o - Obejct to be inspected Parameters: declared - the declared type of the object. |
report | public static void report()(Code) | | Produce a report on System.out of all inspected classes
that have risks associated with them.
|
|
|