Message9302

Author	zyasoft
Recipients	berndk, bvan, zyasoft
Date	2015-01-05.14:01:18
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1420466479.78.0.528250590167.issue2229@psf.upfronthosting.co.za>
In-reply-to

Content
I have identified a workaround and the likely problem, which is in determining the accessibility of some static classes, like java.util.Arrays, when creating a list of available classes in a given package with PackageManager#doDir. Explicit, nonstarred imports don't go through this directory construction process, so they are not impacted. The workaround is to set the following in the Jython registry file or on the command line with -D python.security.respectJavaAccessibility=false The problem is most likely in PackageManager.checkAccess, which is very old code that attempts to find the access permission of the class. In reviewing Java 7 (http://docs.oracle.com/javase/specs/jvms/se7/html/jvms-4.html#jvms-4.1) vs Java 8 (http://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.1) I didn't see any differences that should cause this problem, but there's certainly room for error in how checkAccess is currently implemented. checkAccess should instead use ASM, specifically http://asm.ow2.org/asm40/javadoc/user/org/objectweb/asm/ClassVisitor.html#visit(int, int, java.lang.String, java.lang.String, java.lang.String, java.lang.String[]), which provides exactly what we need.

I have identified a workaround and the likely problem, which is in determining the accessibility of some static classes, like java.util.Arrays, when creating a list of available classes in a given package with PackageManager#doDir. Explicit, nonstarred imports don't go through this directory construction process, so they are not impacted.

The workaround is to set the following in the Jython registry file or on the command line with -D

python.security.respectJavaAccessibility=false

The problem is most likely in PackageManager.checkAccess, which is very old code that attempts to find the access permission of the class. In reviewing
Java 7 (http://docs.oracle.com/javase/specs/jvms/se7/html/jvms-4.html#jvms-4.1) vs
Java 8 (http://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.1) I didn't see any differences that should cause this problem, but there's certainly room for error in how checkAccess is currently implemented.

checkAccess should instead use ASM, specifically http://asm.ow2.org/asm40/javadoc/user/org/objectweb/asm/ClassVisitor.html#visit(int, int, java.lang.String, java.lang.String, java.lang.String, java.lang.String[]), which provides exactly what we need.

History
Date	User	Action	Args
2015-01-05 14:01:19	zyasoft	set	messageid: <1420466479.78.0.528250590167.issue2229@psf.upfronthosting.co.za>
2015-01-05 14:01:19	zyasoft	set	recipients: + zyasoft, bvan, berndk
2015-01-05 14:01:19	zyasoft	link	issue2229 messages
2015-01-05 14:01:18	zyasoft	create