Search in sources :

Example 1 with SVGOMDocument

use of org.apache.batik.dom.svg.SVGOMDocument in project newsrob by marianokamp.

the class UntrustedScriptHandler method run.

/**
     * Runs this handler.  This method is called by the SVG viewer
     * when the scripts are loaded.
     * @param doc The current document.
     * @param win An object which represents the current viewer.
     */
public void run(final Document doc, final Window win) {
    int nGrantedTmp = 0;
    //
    // If the document is loaded over the network, check that the
    // class has permission to access the server
    //
    URL docURL = ((SVGOMDocument) doc).getURLObject();
    if (docURL != null && docURL.getHost() != null && !"".equals(docURL.getHost())) {
        permissions = new Object[basePermissions.length + 3][2];
        System.arraycopy(basePermissions, 0, permissions, 3, basePermissions.length);
        String docHost = docURL.getHost();
        if (docURL.getPort() != -1) {
            docHost += ":" + docURL.getPort();
        }
        permissions[0][0] = "SocketPermission accept " + docHost;
        permissions[0][1] = new SocketPermission(docHost, "accept");
        permissions[1][0] = "SocketPermission connect " + docHost;
        permissions[1][1] = new SocketPermission(docHost, "connect");
        permissions[2][0] = "SocketPermission resolve " + docHost;
        permissions[2][1] = new SocketPermission(docHost, "resolve");
        nGrantedTmp = 3;
    } else {
        permissions = basePermissions;
    }
    // Captures the number of permissions which should be 
    // granted to this code.
    final int nGranted = nGrantedTmp;
    //
    // Build a table in the scrollable area of the document
    //
    Element securityResults = doc.getElementById("securityResults");
    statusRects = new Element[permissions.length];
    for (int i = 0; i < permissions.length; i++) {
        Element textElt = doc.createElementNS(svgNS, "text");
        textElt.setAttributeNS(null, "x", "55");
        textElt.setAttributeNS(null, "y", "" + (85 + i * 20));
        textElt.appendChild(doc.createTextNode(permissions[i][0].toString()));
        securityResults.appendChild(textElt);
        Element rectElt = doc.createElementNS(svgNS, "rect");
        rectElt.setAttributeNS(null, "x", "50");
        rectElt.setAttributeNS(null, "y", "" + (70 + i * 20));
        rectElt.setAttributeNS(null, "width", "330");
        rectElt.setAttributeNS(null, "height", "20");
        rectElt.setAttributeNS(null, "class", "tableCell");
        securityResults.appendChild(rectElt);
        rectElt = doc.createElementNS(svgNS, "rect");
        rectElt.setAttributeNS(null, "x", "380");
        rectElt.setAttributeNS(null, "y", "" + (70 + i * 20));
        rectElt.setAttributeNS(null, "width", "20");
        rectElt.setAttributeNS(null, "height", "20");
        rectElt.setAttributeNS(null, "class", "tableCell");
        securityResults.appendChild(rectElt);
        rectElt = doc.createElementNS(svgNS, "rect");
        rectElt.setAttributeNS(null, "x", "383");
        rectElt.setAttributeNS(null, "y", "" + (73 + i * 20));
        rectElt.setAttributeNS(null, "width", "14");
        rectElt.setAttributeNS(null, "height", "14");
        rectElt.setAttributeNS(null, "class", "untested");
        securityResults.appendChild(rectElt);
        statusRects[i] = rectElt;
    }
    EventTarget testButton = (EventTarget) doc.getElementById("runTest");
    testButton.addEventListener("click", new EventListener() {

        public void handleEvent(Event evt) {
            SecurityManager sm = System.getSecurityManager();
            int successCnt = 0;
            if (sm == null) {
                for (int i = 0; i < nGranted; i++) {
                    statusRects[i].setAttributeNS(null, "class", "passedTest");
                    successCnt++;
                }
                for (int i = nGranted; i < permissions.length; i++) {
                    statusRects[i].setAttributeNS(null, "class", "failedTest");
                }
            } else {
                for (int i = 0; i < nGranted; i++) {
                    Permission p = (Permission) permissions[i][1];
                    boolean success = true;
                    try {
                        sm.checkPermission(p);
                        statusRects[i].setAttributeNS(null, "class", "passedTest");
                        successCnt++;
                    } catch (SecurityException se) {
                        statusRects[i].setAttributeNS(null, "class", "failedTest");
                        System.out.println("*********************************************");
                        se.printStackTrace();
                    }
                }
                for (int i = nGranted; i < permissions.length; i++) {
                    Permission p = (Permission) permissions[i][1];
                    boolean success = true;
                    try {
                        sm.checkPermission(p);
                        statusRects[i].setAttributeNS(null, "class", "failedTest");
                    } catch (SecurityException se) {
                        statusRects[i].setAttributeNS(null, "class", "passedTest");
                        successCnt++;
                    }
                }
            }
            // Update the global status
            Element globalStatus = doc.getElementById("globalStatus");
            if (successCnt == (statusRects.length)) {
                globalStatus.setAttributeNS(null, "class", "passedTest");
            } else {
                globalStatus.setAttributeNS(null, "class", "failedTest");
            }
            String successRatioString = "Test Result: " + successCnt + " / " + statusRects.length;
            Element successRatio = doc.getElementById("successRatio");
            successRatio.replaceChild(doc.createTextNode(successRatioString), successRatio.getFirstChild());
        }
    }, false);
}
Also used : SVGOMDocument(org.apache.batik.dom.svg.SVGOMDocument) SocketPermission(java.net.SocketPermission) ReflectPermission(java.lang.reflect.ReflectPermission) SecurityPermission(java.security.SecurityPermission) AllPermission(java.security.AllPermission) SQLPermission(java.sql.SQLPermission) PropertyPermission(java.util.PropertyPermission) SerializablePermission(java.io.SerializablePermission) NetPermission(java.net.NetPermission) Permission(java.security.Permission) FilePermission(java.io.FilePermission) AWTPermission(java.awt.AWTPermission) SocketPermission(java.net.SocketPermission) AudioPermission(javax.sound.sampled.AudioPermission) URL(java.net.URL)

Aggregations

AWTPermission (java.awt.AWTPermission)1 FilePermission (java.io.FilePermission)1 SerializablePermission (java.io.SerializablePermission)1 ReflectPermission (java.lang.reflect.ReflectPermission)1 NetPermission (java.net.NetPermission)1 SocketPermission (java.net.SocketPermission)1 URL (java.net.URL)1 AllPermission (java.security.AllPermission)1 Permission (java.security.Permission)1 SecurityPermission (java.security.SecurityPermission)1 SQLPermission (java.sql.SQLPermission)1 PropertyPermission (java.util.PropertyPermission)1 AudioPermission (javax.sound.sampled.AudioPermission)1 SVGOMDocument (org.apache.batik.dom.svg.SVGOMDocument)1