RFR: JDK-8291974 PrivateCredentialPermission should not use local variable to enable debugging
Mark Powers
mpowers at openjdk.org
Thu Sep 15 18:25:40 UTC 2022
On Tue, 13 Sep 2022 19:31:27 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> https://bugs.openjdk.org/browse/JDK-8291974
>
> I would write a test which serializes the data (before your change) and deserializes it after. There should be some regression tests that already do that.
@seanjmullan There is an existing test which serializes and deserializes a `PrivateCredentialPermission` object. It only checks that the deserialized object is same as the original. There is no testing for new or deleted fields. The Java Serialization Spec indicates that the `testing` variable can be safely removed. This is only possible because the variable is `boolean` and is initialized to `false`. The CSR has more details. I have verified this behavior with a manual test of my own.
Are you suggesting that I write and integrate a new test that basically verifies that the Java Serialization Spec works as documented?
-------------
PR: https://git.openjdk.org/jdk/pull/10206
More information about the security-dev
mailing list