Closed
Description
Description
Unpermitted operations can be called implicitly. Need to sandbox them too.
- in constructors of used classes
- in static blocks
- in private methods of other classes
- in separate threads
- ? probably, there are other cases to be added ?
To Reproduce
Steps to reproduce the behavior:
- Open IntelliJ IDEA with installed UTBot plugin (with Security Manager turned on)
- Open/create a project with JDK 8/11
- Add the following class:
import java.io.File;
import java.io.IOException;
class A {
A () throws IOException {
File a = new File("a.txt");
a.createNewFile();
}
}
public class SecurityCheck {
public int read(A a) {
return 10;
}
}- Generate tests for the SecurityCheck.read method - with Mocking on
Expected behavior
Generated test is supposed to be disabled with sandbox-related comment.
No file must be created by user's code during test generation.
Actual behavior
Successful test is generated.
File "a.txt" is created during test generation.
Visual proofs (screenshots, logs, images)
@Test
@DisplayName("read: a = A() -> return 10")
public void testReadReturns10() throws IOException {
SecurityCheck securityCheck = new SecurityCheck();
A a = new A();
int actual = securityCheck.read(a);
assertEquals(10, actual);
}
Environment
IntelliJ IDEA 2022.1 - 2022.1.4
JDK 8/11
Additional context
Static blocks are being executed without sandbox either:
import java.io.File;
class A {
static {
new File("a.txt").renameTo(new File("b.txt"));
}
}
public class AnotherCheck {
public int read(A a) {
return 10;
}
}Metadata
Metadata
Assignees
Labels
Type
Projects
Status
Done