Remove native chmod tool execution in tests

plamentotev · plamentotev · commit 526b85987d32 · 2021-05-01T18:34:37.000+03:00
`Runtime.getRuntime().exec( "chmod 440 " + ` causes
security warnings because it concatenates arguments
(there is a risk of argument injection).

The argument does not come from untrusted source,
but as we can use Java to change a file mode, it is
better to remove the `chmod` invocation altogether.
`chmod` was necessary before Java 7 as there
was no support for changing file modes.
diff --git a/src/test/java/org/codehaus/plexus/archiver/tar/TarFileAttributesTest.java b/src/test/java/org/codehaus/plexus/archiver/tar/TarFileAttributesTest.java
@@ -9,6 +9,7 @@
 import org.codehaus.plexus.archiver.Archiver;
 import org.codehaus.plexus.archiver.UnArchiver;
 import org.codehaus.plexus.archiver.util.DefaultArchivedFileSet;
+import org.codehaus.plexus.components.io.attributes.AttributeUtils;
 import org.codehaus.plexus.components.io.attributes.PlexusIoResourceAttributeUtils;
 import org.codehaus.plexus.components.io.attributes.PlexusIoResourceAttributes;
 import org.codehaus.plexus.util.FileUtils;
@@ -87,8 +88,7 @@ public void testUseAttributesFromTarArchiveInputInTarArchiverOutput()
             writer.write( "This is a test file." );
         }
 
-        int result = Runtime.getRuntime().exec( "chmod 440 " + tempFile.getAbsolutePath() ).waitFor();
-        assertEquals( 0, result );
+        AttributeUtils.chmod(tempFile, 0440);
 
         TarArchiver tarArchiver = getPosixCompliantTarArchiver();
 
@@ -153,9 +153,7 @@ public void testUseDetectedFileAttributes()
             writer.write( "This is a test file." );
         }
 
-        int result = Runtime.getRuntime().exec( "chmod 440 " + tempFile.getAbsolutePath() ).waitFor();
-
-        assertEquals( 0, result );
+        AttributeUtils.chmod(tempFile, 0440);
 
         PlexusIoResourceAttributes fileAttributes = PlexusIoResourceAttributeUtils.getFileAttributes( tempFile );
 
@@ -214,8 +212,7 @@ public void testOverrideDetectedFileAttributes()
             writer.write( "This is a test file." );
         }
 
-        int result = Runtime.getRuntime().exec( "chmod 440 " + tempFile.getAbsolutePath() ).waitFor();
-        assertEquals( 0, result );
+        AttributeUtils.chmod(tempFile, 0440);
 
         TarArchiver tarArchiver = getPosixCompliantTarArchiver();
 
@@ -272,8 +269,7 @@ public void testOverrideDetectedFileAttributesUsingFileMode()
             writer.write( "This is a test file." );
         }
 
-        int result = Runtime.getRuntime().exec( "chmod 440 " + tempFile.getAbsolutePath() ).waitFor();
-        assertEquals( 0, result );
+        AttributeUtils.chmod(tempFile, 0440);
 
         TarArchiver tarArchiver = getPosixCompliantTarArchiver();
 
