RFR: 8215788: Clarify JarInputStream Manifest access [v3]
Weijun Wang
weijun at openjdk.org
Wed Sep 14 15:56:07 UTC 2022
On Wed, 14 Sep 2022 10:31:41 GMT, Lance Andersen <lancea at openjdk.org> wrote:
>> Please review this PR which updates the JarInputStream class description to clarify when the Manifest is accessible via JarInputStream::getManifest and JarInputStream::get[Jar]Entry.
>>
>> It is worth noting that with this update, we are finally documenting behavior that dates back to when this class was added to JDK 1.2
>>
>>
>> Best,
>> Lance
>
> Lance Andersen has updated the pull request incrementally with one additional commit since the last revision:
>
> Address a couple of typos in Note
I have no more comment.
My understanding is that `getNextEntry` does not throw a `SecurityException` since it should not read anything. If the signature does not match then a `SecurityException` should be thrown when reading a signature-related file. If a normal entry is modified it should be thrown when reading that entry.
This is a quite big change. I suggest we do not touch it this time.
-------------
Marked as reviewed by weijun (Reviewer).
PR: https://git.openjdk.org/jdk/pull/10045
More information about the security-dev
mailing list