rmuir commented on issue #11801: URL: https://github.com/apache/lucene/issues/11801#issuecomment-1254114559
for the tests i have a couple ideas: * use forbidden-apis more aggressively to statically prevent tests from doing stuff we don't want. Actually more powerful for our use-case in a lot of ways, e.g. we should ban `Thread.sleep()` :) * add `mockfs` layer to enforce tests only write to their own unique directory. Enforcing the filesystem access is isolated is key, but this should work almost as well as security manager (we don't have many dependencies using the old `java.io` etc that would bypass it) for the situation of being a library and needing to support apps that still rely on securitymanager, I don't see any immediate fix. because the only way to know the security code works, is to run our tests with security manager enabled... -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
