[13] RFR 8215937: Check usages of security-related Resources files
Sean Mullan
sean.mullan at oracle.com
Fri Jan 18 16:09:40 UTC 2019
On 1/17/19 9:23 PM, Weijun Wang wrote:
>
>
>> On Jan 18, 2019, at 2:22 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
>>
>> This is a nice cleanup. Just a couple of comments:
>>
>> - Update copyrights now that it is 2019
>
> Will change.
>
>>
>> - For the test, is the source code always guaranteed to be there? I was not sure if that was a requirement. Or does the test still pass if it can't find the source code?
>
> 132 public static void main(String[] args) {
> 133 if (Files.exists(SRC)) {
> 134 MAP.forEach(Usages::check);
> 135 } else {
> 136 System.out.println("No src directory. Test skipped.");
> 137 }
> 138 }
Ok, good.
--Sean
>
> But I remember asked about a similar case before and with Mach5 the src/ directory is always available.
>
> Thanks,
> Max
>
>>
>> Thanks,
>> Sean
>>
>> On 12/27/18 3:11 AM, Weijun Wang wrote:
>>> Please take a review at
>>> https://cr.openjdk.java.net/~weijun/8215937/webrev.00/
>>> A new Usages.java test is added to make sure the strings in various Resources.java files are exactly what are used in security-related source files, no more no less.
>>> Two old tests are removed. NewNamesFormat.java checks for format and Usages.java covers it. NewResourcesNames.java is a manual test and is too stale and not easy to run.
>>> Several calls in keytool and jarsigner are modified to follow a more consistent calling convention (always rb.getString(string_literal)) so that they can be detected by Usages.java more easily. There are still several places in PolicyFile.java calling 'LocalizedMessage.getNonlocalized(POLICY + "...", source)' but I left them unchanged and dealt with it specially in Usages.java.
>>> Many useless strings in Resources.java files are removed. I've double checked each and made sure the related calls were removed some time ago.
>>> Thanks
>>> Max
>
More information about the security-dev
mailing list