1
package ysoserial;
2

3
import java.security.Permission;
4
import java.util.concurrent.Callable;
5

6
public class ExecBlockingSecurityManager extends SecurityManager {
7
	@Override
8
	public void checkPermission(final Permission perm) { }
9
	
10
	@Override
11
	public void checkPermission(final Permission perm, final Object context) { }			
12
	
13
	public void checkExec(final String cmd) {
14
		super.checkExec(cmd);
15
		// throw a special exception to ensure we can detect exec() in the test
16
		throw new ExecException(cmd);
17
	};
18
	
19
	@SuppressWarnings("serial")
20
	public static class ExecException extends RuntimeException {
21
		private final String cmd;
22
		public ExecException(String cmd) { this.cmd = cmd; }
23
		public String getCmd() { return cmd; }		
24
	}		
25
	
26
	public static void wrap(final Runnable runnable) throws Exception {
27
		wrap(new Callable<Void>(){
28
			public Void call() throws Exception {
29
				runnable.run();
30
				return null;
31
			}			
32
		});		
33
	}
34
	
35
	public static <T> T wrap(final Callable<T> callable) throws Exception {
36
		SecurityManager sm = System.getSecurityManager();
37
		System.setSecurityManager(new ExecBlockingSecurityManager());
38
		try {
39
			return callable.call();
40
		} finally {
41
			System.setSecurityManager(sm);
42
		}		
43
	}
44
}
45