Add SecurityManager support to block suspicious code #622

[Markoutte]

Description

This commit introduces support of SecurityManager in instrumentation.jar to restrict all suspicious code from running (File IO, Socket IO, Property reading and etc.). Security is enabled by default and limits all permissions to a small set that needed for execution. Settings can be extended by editing .utbot/sandbox.policy (more about policy file and syntax).

Fixes #622

Type of Change

• Breaking change (fix or feature that would cause existing functionality to not work as expected)

How Has This Been Tested?

Automated Testing

All existing tests should pass

Manual Scenario

Disable symbolic execution test generation and leave only fuzzing (in the settings by choosing "Simpler" for "Code analysis"). Run test generations for these methods:

public class SecurityCheck {

    public int normalTest(int value) {
        if (value < 0) {
            return -value;
        }
        return value;
    }

    public int read(File path) throws IOException {
        byte[] bytes = Files.readAllBytes(path.toPath());
        return bytes.length;
    }

    public int connect(Socket socket) throws IOException {
        socket.connect(new InetSocketAddress("0.0.0.0", 22));
        return 0;
    }

    public String property(String key) {
        return System.getProperty(key);
    }

    public String systemExit() {
        System.exit(0);
        return "bad";
    }

}

For every method except normatTest() there are should be several methods that look like:

    public void testPropertyWithBlankString() {
        SecurityCheck securityCheck = new SecurityCheck();
        
        /* This test fails because method [com.company.security.SecurityCheck.property] produces [java.security.AccessControlException: access denied ("java.util.PropertyPermission" "   " "read")]
            java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
            java.security.AccessController.checkPermission(AccessController.java:886)
            java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
            java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1294)
            java.lang.System.getProperty(System.java:719)
            com.company.security.SecurityCheck.property(SecurityCheck.java:32) */
    }

Try to edit {user.home}/.utbot/sandbox.policy:

grant {
    permission java.util.PropertyPermission "*", "read";
};

and generate test for String property(String key). Tests should be generated without access exception.

Checklist:

• The change followed the style guidelines of the UTBot project
• Self-review of the code is passed
• The change contains enough commentaries, particularly in hard-to-understand areas
• New documentation is provided or existed one is altered
• No new warnings
• New tests have been added
• All tests pass locally with my changes

[denis-fokin]

Could we add some tests?

[EgorkaKulikov]

I suggest to improve text message "Disabled due to sandbox" and have no other complaints from the point of view of Codegen