René's URL Explorer Experiment

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Socket connect should be sandboxed","articleBody":"**Description**\r\n\r\nSocket.connect method call is not sandboxed by Security Manager as expected.\r\nDefault settings, no additional permissions were added.\r\n\r\n**To Reproduce**\r\n\r\nSteps to reproduce the behavior:\r\n\r\n1. Open IntelliJ IDEA with installed UTBot plugin (with Security Manager turned on)\r\n2. Open/create a project with JDK 8/11\r\n3. Add the following class:\r\n\r\n~~~java\r\nimport java.io.IOException;\r\nimport java.net.InetSocketAddress;\r\nimport java.net.Socket;\r\n\r\npublic class SecurityCheck {\r\n\r\n    public int connect(Socket socket) throws IOException {\r\n        socket.connect(new InetSocketAddress(\"0.0.0.0\", 22));\r\n        return 0;\r\n    }\r\n\r\n}\r\n~~~\r\n\r\n4. Generate tests for this class\r\n\r\n**Expected behavior**\r\n\r\nGenerated test is supposed to be disabled with sandbox-related comment.\r\n\r\n**Actual behavior**\r\n\r\nSuccessful test is generated.\r\n\r\n**Visual proofs (screenshots, logs, images)**\r\n\r\n~~~java\r\npublic class SecurityCheckTest {\r\n    ///region Test suites for executable SecurityCheck.connect\r\n\r\n    ///region\r\n\r\n    @Test\r\n    @DisplayName(\"connect: socket = Socket(String, int, boolean) -\u003e throw SocketException\")\r\n    public void testConnectThrowsSE() throws IOException {\r\n        SecurityCheck securityCheck = new SecurityCheck();\r\n        Socket socket = new Socket(\"\", 0, false);\r\n\r\n        assertThrows(SocketException.class, () -\u003e securityCheck.connect(socket));\r\n    }\r\n    ///endregion\r\n\r\n    ///region Errors report for connect\r\n\r\n    public void testConnect_errors() {\r\n        // Couldn't generate some tests. List of errors:\r\n        // \r\n        // 4 occurrences of:\r\n        // Default concrete execution failed\r\n\r\n    }\r\n    ///endregion\r\n\r\n    ///endregion\r\n\r\n}\r\n~~~\r\n\r\n4 InvocationTargetException are present in Concrete executor log\r\n\r\n**Environment**\r\n\r\nIntelliJ IDEA 2022.1 - 2022.1.4\r\nJDK 8/11\r\n\r\n**Additional context**\r\n\r\nSame result with Fuzzing only and default settings.","author":{"url":"https://github.com/alisevych","@type":"Person","name":"alisevych"},"datePublished":"2022-08-25T15:10:44.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":1},"url":"https://github.com/792/UTBotJava/issues/792"}