RFR: JDK-8318854: [macos14] Running any AWT app prints Secure coding warning [v2]

Phil Race prr at openjdk.org
Wed Nov 15 19:30:35 UTC 2023 

On Thu, 9 Nov 2023 22:30:32 GMT, Harshitha Onkar <honkar at openjdk.org> wrote:

>> With Xcode upgraded to 14.3.1 for macOS builds secure coding warning message was seen in the logs as below:
>> 
>> "WARNING: Secure coding is not enabled for restorable state! Enable secure coding by implementing NSApplicationDelegate.applicationSupportsSecureRestorableState: and returning YES."
>> 
>> which requires AppDelegate to explicitly implement applicationSupportsSecureRestorableState() to return true as mentioned here in [Apple Release notes](https://developer.apple.com/documentation/macos-release-notes/appkit-release-notes-for-macos-14#Restorable-State).
>> 
>> While investigating JFX embedded scenario (Swing components in FX window) another issue observed was that the AWT was overriding the FX delegate causing the app to crash in certain scenarios. This issue is also being fixed in this PR and also as part of [JDK-8319669](https://bugs.openjdk.org/browse/JDK-8319669) , https://github.com/openjdk/jfx/pull/1280.
>> 
>> The fix for JDK-8318854 involves:
>> 
>> - implementing applicationSupportsSecureRestorableState() in ApplicationDelegate.m & QueuingApplicationDelegate.m to return YES  by default, unless the env var - **AWT_DISABLE_NSDELEGATE_SECURE_SAVE**  is defined.
>> 
>> - Fix added to stop AWT toolkit from overriding a delegate set by another NSApplication by default. There is an option to restore the old behavior by defining the env var - **AWT_OVERRIDE_NSDELEGATE**.
>> 
>> - Null checks are added for shared delegate in the unforeseen case where it could be null and cause issues in AWTWindow.m, CMenuBar.m, ApplicationDelegate.m
>> 
>> 
>> **PLEASE NOTE !!**  The environment variables being added as part of this fix are for debugging only and should NOT be used for application purpose. As such they will NOT be documented.
>
> Harshitha Onkar has updated the pull request incrementally with one additional commit since the last revision:
> 
>   local var reused

src/java.desktop/macosx/native/libawt_lwawt/awt/ApplicationDelegate.m line 417:

> 415:     if (getenv("AWT_DISABLE_NSDELEGATE_SECURE_SAVE") != NULL) {
> 416:        supportsSecureState = NO;
> 417:     }

I think that (and in the other case), it is best to read the env. var only once, not keep checking it on ever call to this method. Theoretically if someone used putenv/setenv (yes they'd need native code), it would cause us to change the answer.

Yes, this makes the code a bit more complicated but it will be safer.
maybe you could maybe use static locals

<pre>
(BOOL)applicationSupportsSecureRestorableState:(NSApplication *)app {
     static BOOL checked = NO;
     static BOOL supportsSecureState = YES;
     if (checked == NO) {
        checked = YES;
        if (getenv("AWT_DISABLE_NSDELEGATE_SECURE_SAVE") != NULL) {
            supportsSecureState = NO;
     }
     return supportsSecureState;
}
    
</pre>

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/16569#discussion_r1394683107

More information about the client-libs-dev mailing list