Bugfix: Fixed security flaw with the Event Dispatch Thread, where robots could use the SwingUtilities.invokeLater() for running any code they should like

flemming-n-larsen · flemming-n-larsen · commit 2f2867d24fb2 · 2007-12-11T23:17:19.000Z
diff --git a/robocode/robocode/security/RobocodeSecurityManager.java b/robocode/robocode/security/RobocodeSecurityManager.java
@@ -205,9 +205,21 @@ public void checkPermission(Permission perm) {
 			return;
 		} catch (SecurityException e) {}
 
-		// Allow the Event Dispatch Thread
+		// Check if it was one of the tools for Robocode that was invoked by the Event Dispatch Thread
 		if (javax.swing.SwingUtilities.isEventDispatchThread()) {
-			return;
+			StackTraceElement[] stackTrace = new Throwable().getStackTrace();
+
+			for (StackTraceElement element : stackTrace) {
+				String classname = element.getClassName();
+				String method = element.getMethodName();
+
+				if (classname.equals("codesize.Codesize") && method.equals("processZipFile")) {
+					return;
+				}
+				if (classname.equals("ar.robocode.cachecleaner.CacheCleaner") && method.equals("clean")) {
+					return;
+				}
+			}
 		}
 
 		// For development purposes, allow read any file if override is set.
