uschindler edited a comment on pull request #579: URL: https://github.com/apache/lucene/pull/579#issuecomment-1005928057
To conclude here: I was already thinking several times during the module system devlopment that it might be a good idea to have some pattern in forbidden/errorprone/... that detects if you call a caller-sensitive method like those in `AccessController#doPrivileged() / Class#getResourceAsStream() / Class#getResource()` or reflective invokes (not MethodHandles) and do that in some public/protected method that injects one of the method call parameters directly/indirectly into the caller-sensitive method. Because this pattern is mostly wrong and a security leak (or kills functionality of your public/protected method when used in module system encapsulation). Example of such a broken method (it is public and injects the `resource` parameter into `Class#getResourceAsStream()`, which is caller-sensitive: https://github.com/apache/lucene/blob/cc342ea7407c729a743123d8f7957aff6c6f9792/lucene/core/src/java/org/apache/lucene/util/IOUtils.java#L193-L212 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
