Security aspects

There are some inconvenient security implications to running untrusted code on your own computer. repomate-junit4 tries to limit what a student’s code can do by running with a very strict JVM Security Policy. This is enforced by the Java SecurityManager. The policy used looks like this:

// empty grant to strip all permissions from all codebases
grant {
};

// the `junit-4.12.jar` needs this permission for introspection
grant codeBase "file:{junit4_jar_path}" {{
    permission java.lang.RuntimePermission "accessDeclaredMembers";
}};

This policy disallows student code from doing most illicit things, such as accessing files outside of the codebases’s directory, or accessing the network. The {junit4_jar_path} is dynamically resolved during runtime, and will lend the actual junit-4.12.jar archive that is used to run the test classes sufficient permissions to do so.

This policy seems to work well for introductory courses in Java, but there may be snags because of how restrictive it is. If you find that some permission should definitely be added, please open an issue about it. There are plans to add the ability to specify a custom security policy, but currently, your only choice is to either use this default policy or disable it with –disable-security.

Important

The security policy relies on the correctness of the Java SecurityManager. It is probably not bulletproof, so if you have strict security requirements, you should only run this plugin inside of a properly secured environment (for example, a virtual machine).