antlr4 icon indicating copy to clipboard operation
antlr4 copied to clipboard

Published 20 hours ago verified publisher icon antlr

Java 2 Security issue running with Hibernate

Open dazey3 opened this issue 3 years ago • 1 comments

I am testing using org.antlr:antlr4-runtime:4.9.1 in Hibernate 6.0.0 and I encountered a Java 2 Security issue with ANTLR:

Current Java 2 Security policy reported a potential violation of Java 2 Security Permission. The application needs to have permissions addedPermission: 
("java.lang.RuntimePermission" "getenv.TURN_OFF_LR_LOOP_ENTRY_BRANCH_OPT")
Stack: 
java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getenv.TURN_OFF_LR_LOOP_ENTRY_BRANCH_OPT")java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
java.base/java.security.AccessController.checkPermission(AccessController.java:897)
java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:322)
com.ibm.ws.kernel.launch.internal.MissingDoPrivDetectionSecurityManager.checkPermission(MissingDoPrivDetectionSecurityManager.java:45)
java.base/java.lang.System.getenv(System.java:999)
org.antlr.v4.runtime.atn.ParserATNSimulator.getSafeEnv(ParserATNSimulator.java:2187)
org.antlr.v4.runtime.atn.ParserATNSimulator.<clinit>(ParserATNSimulator.java:273)
org.hibernate.grammars.hql.HqlParser.<init>(HqlParser.java:264)
org.hibernate.query.hql.internal.HqlParseTreeBuilder$1.<init>(HqlParseTreeBuilder.java:39)
org.hibernate.query.hql.internal.HqlParseTreeBuilder.buildHqlParser(HqlParseTreeBuilder.java:39)
org.hibernate.query.hql.internal.StandardHqlTranslator.parseHql(StandardHqlTranslator.java:106)
org.hibernate.query.hql.internal.StandardHqlTranslator.translate(StandardHqlTranslator.java:77)
org.hibernate.internal.AbstractSharedSessionContract.lambda$createQuery$2(AbstractSharedSessionContract.java:741)
org.hibernate.query.internal.QueryInterpretationCacheStandardImpl.createHqlInterpretation(QueryInterpretationCacheStandardImpl.java:141)
org.hibernate.query.internal.QueryInterpretationCacheStandardImpl.resolveHqlInterpretation(QueryInterpretationCacheStandardImpl.java:128)
org.hibernate.internal.AbstractSharedSessionContract.createQuery(AbstractSharedSessionContract.java:738)
org.hibernate.internal.AbstractSessionImpl.createQuery(AbstractSessionImpl.java:23)

I believe the issue is due to an incorrect behavior in accessing environment variables in ParserATNSimulator.getSafeEnv(String):

public static String getSafeEnv(String envName) {
	try {
		return System.getenv(envName);
	}
	catch(SecurityException e) {
		// use the default value
	}
	return null;
}

Instead, you should properly use a doPriv using java.security API:

public static String getSafeEnv(String envName) {
	return AccessController.doPrivileged(new PrivilegedAction<String>() {
		@Override
		public String run() {
			return System.getenv(envName);
		}
	});
}

#2069 seems to have also observed this issue, but the fix was not correct. You shouldn't just catch the security issue and do nothing.

dazey3 avatar May 17 '22 21:05 dazey3

Wow. Java sure has gotten complicated. Can't believe I haven't seen this problem myself

parrt avatar Jun 25 '22 17:06 parrt