[13] RFR 8215937: Check usages of security-related Resources files

Sean Mullan sean.mullan at oracle.com
Fri Jan 18 16:09:40 UTC 2019


On 1/17/19 9:23 PM, Weijun Wang wrote:
> 
> 
>> On Jan 18, 2019, at 2:22 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
>>
>> This is a nice cleanup. Just a couple of comments:
>>
>> - Update copyrights now that it is 2019
> 
> Will change.
> 
>>
>> - For the test, is the source code always guaranteed to be there? I was not sure if that was a requirement. Or does the test still pass if it can't find the source code?
> 
>   132     public static void main(String[] args) {
>   133         if (Files.exists(SRC)) {
>   134             MAP.forEach(Usages::check);
>   135         } else {
>   136             System.out.println("No src directory. Test skipped.");
>   137         }
>   138     }

Ok, good.

--Sean

> 
> But I remember asked about a similar case before and with Mach5 the src/ directory is always available.
> 
> Thanks,
> Max
> 
>>
>> Thanks,
>> Sean
>>
>> On 12/27/18 3:11 AM, Weijun Wang wrote:
>>> Please take a review at
>>>     https://cr.openjdk.java.net/~weijun/8215937/webrev.00/
>>> A new Usages.java test is added to make sure the strings in various Resources.java files are exactly what are used in security-related source files, no more no less.
>>> Two old tests are removed. NewNamesFormat.java checks for format and Usages.java covers it. NewResourcesNames.java is a manual test and is too stale and not easy to run.
>>> Several calls in keytool and jarsigner are modified to follow a more consistent calling convention (always rb.getString(string_literal)) so that they can be detected by Usages.java more easily. There are still several places in PolicyFile.java calling 'LocalizedMessage.getNonlocalized(POLICY + "...", source)' but I left them unchanged and dealt with it specially in Usages.java.
>>> Many useless strings in Resources.java files are removed. I've double checked each and made sure the related calls were removed some time ago.
>>> Thanks
>>> Max
> 



More information about the security-dev mailing list