Examples with KieServices org.kie.api.KieServices used on opensource projects

Example 51 with KieServices

use of org.kie.api.KieServices in project drools by kiegroup.

the class SecurityPolicyTest method testAccumulateFunctionMVEL.

@Test
public void testAccumulateFunctionMVEL() throws Exception {
    String drl = "package org.foo.bar\n" + "import " + MaliciousExitHelper.class.getName().replace('$', '.') + " \n" + "rule testRule dialect \"mvel\" \n" + "    when\n" + "        Number() from accumulate(Object(), " + "               sum(MaliciousExitHelper.exit()))\n" + "    then\n" + "end";
    try {
        KieServices ks = KieServices.Factory.get();
        KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
        ks.newKieBuilder(kfs).buildAll();
        ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
        KieContainer kc = ks.newKieContainer(releaseId);
        KieSession ksession = kc.newKieSession();
        ksession.insert("foo");
        ksession.fireAllRules();
        Assert.fail("The security policy for the rule should have prevented this from executing...");
    } catch (PropertyAccessException e) {
        // weak way of testing but couldn't find a better way
        if (e.toString().contains("The security policy should have prevented")) {
            Assert.fail("The security policy for the rule should have prevented this from executing...");
        } else {
        // test succeeded
        }
    } catch (Exception e) {
        if (e.toString().contains("access denied (\"java.lang.RuntimePermission\" \"exitVM.0\")")) {
        // test succeeded
        } else {
            throw e;
        }
    }
}

Example 52 with KieServices

use of org.kie.api.KieServices in project drools by kiegroup.

the class SecurityPolicyTest method testCustomAccumulateMVEL.

@Test
public void testCustomAccumulateMVEL() throws Exception {
    String drl = "package org.foo.bar\n" + "rule testRule dialect \"mvel\" \n" + "    when\n" + "        Number() from accumulate(Object(), " + "               init(System.exit(-1);), " + "               action(System.exit(-1);), " + "               reverse(System.exit(-1);), " + "               result(0))\n" + "    then\n" + "end";
    try {
        KieServices ks = KieServices.Factory.get();
        KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
        ks.newKieBuilder(kfs).buildAll();
        ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
        KieContainer kc = ks.newKieContainer(releaseId);
        KieSession ksession = kc.newKieSession();
        ksession.fireAllRules();
        Assert.fail("The security policy for the rule should have prevented this from executing...");
    } catch (PropertyAccessException e) {
        // weak way of testing but couldn't find a better way
        if (e.toString().contains("The security policy should have prevented")) {
            Assert.fail("The security policy for the rule should have prevented this from executing...");
        } else {
        // test succeeded
        }
    } catch (Exception e) {
        if (e.toString().contains("access denied (\"java.lang.RuntimePermission\" \"exitVM.-1\")")) {
        // test succeeded
        } else {
            throw e;
        }
    }
}

Example 53 with KieServices

use of org.kie.api.KieServices in project drools by kiegroup.

the class SecurityPolicyTest method testAccumulateFunctionJava.

@Test
public void testAccumulateFunctionJava() throws Exception {
    String drl = "package org.foo.bar\n" + "import " + MaliciousExitHelper.class.getName().replace('$', '.') + " \n" + "rule testRule dialect \"java\" \n" + "    when\n" + "        Number() from accumulate(Object(), " + "               sum(MaliciousExitHelper.exit()))\n" + "    then\n" + "end";
    try {
        KieServices ks = KieServices.Factory.get();
        KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
        ks.newKieBuilder(kfs).buildAll();
        ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
        KieContainer kc = ks.newKieContainer(releaseId);
        KieSession ksession = kc.newKieSession();
        ksession.insert("foo");
        ksession.fireAllRules();
        Assert.fail("The security policy for the rule should have prevented this from executing...");
    } catch (PropertyAccessException e) {
        // weak way of testing but couldn't find a better way
        if (e.toString().contains("The security policy should have prevented")) {
            Assert.fail("The security policy for the rule should have prevented this from executing...");
        } else {
        // test succeeded
        }
    } catch (Exception e) {
        if (e.toString().contains("access denied (\"java.lang.RuntimePermission\" \"exitVM.0\")")) {
        // test succeeded
        } else {
            throw e;
        }
    }
}

Example 54 with KieServices

use of org.kie.api.KieServices in project drools by kiegroup.

the class SecurityPolicyTest method testUntrustedMvelConsequence.

@Test
public void testUntrustedMvelConsequence() throws Exception {
    String drl = "package org.foo.bar\n" + "rule R1 dialect \"mvel\" when\n" + "then\n" + "    System.exit(0);" + "end\n";
    try {
        KieServices ks = KieServices.Factory.get();
        KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
        ks.newKieBuilder(kfs).buildAll();
        ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
        KieContainer kc = ks.newKieContainer(releaseId);
        KieSession ksession = kc.newKieSession();
        ksession.fireAllRules();
        Assert.fail("The security policy for the rule should have prevented this from executing...");
    } catch (ShouldHavePrevented e) {
        Assert.fail("The security policy for the rule should have prevented this from executing...");
    } catch (ConsequenceException e) {
    // test succeeded. the policy in place prevented the rule from executing the System.exit().
    }
}

Example 55 with KieServices

use of org.kie.api.KieServices in project drools by kiegroup.

the class SecurityPolicyTest method testUntrustedJavaConsequence.

@Test
public void testUntrustedJavaConsequence() throws Exception {
    String drl = "package org.foo.bar\n" + "rule R1 when\n" + "then\n" + "    System.exit(0);" + "end\n";
    try {
        KieServices ks = KieServices.Factory.get();
        KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
        ks.newKieBuilder(kfs).buildAll();
        ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
        KieContainer kc = ks.newKieContainer(releaseId);
        KieSession ksession = kc.newKieSession();
        ksession.fireAllRules();
        Assert.fail("The security policy for the rule should have prevented this from executing...");
    } catch (ShouldHavePrevented e) {
        Assert.fail("The security policy for the rule should have prevented this from executing...");
    } catch (ConsequenceException e) {
    // test succeeded. the policy in place prevented the rule from executing the System.exit().
    }
}