use of org.kie.api.builder.KieFileSystem in project drools by kiegroup.
the class SecurityPolicyTest method testAccumulateFunctionMVEL.
@Test
public void testAccumulateFunctionMVEL() throws Exception {
String drl = "package org.foo.bar\n" + "import " + MaliciousExitHelper.class.getName().replace('$', '.') + " \n" + "rule testRule dialect \"mvel\" \n" + " when\n" + " Number() from accumulate(Object(), " + " sum(MaliciousExitHelper.exit()))\n" + " then\n" + "end";
try {
KieServices ks = KieServices.Factory.get();
KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
ks.newKieBuilder(kfs).buildAll();
ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
KieContainer kc = ks.newKieContainer(releaseId);
KieSession ksession = kc.newKieSession();
ksession.insert("foo");
ksession.fireAllRules();
Assert.fail("The security policy for the rule should have prevented this from executing...");
} catch (PropertyAccessException e) {
// weak way of testing but couldn't find a better way
if (e.toString().contains("The security policy should have prevented")) {
Assert.fail("The security policy for the rule should have prevented this from executing...");
} else {
// test succeeded
}
} catch (Exception e) {
if (e.toString().contains("access denied (\"java.lang.RuntimePermission\" \"exitVM.0\")")) {
// test succeeded
} else {
throw e;
}
}
}
use of org.kie.api.builder.KieFileSystem in project drools by kiegroup.
the class SecurityPolicyTest method testCustomAccumulateMVEL.
@Test
public void testCustomAccumulateMVEL() throws Exception {
String drl = "package org.foo.bar\n" + "rule testRule dialect \"mvel\" \n" + " when\n" + " Number() from accumulate(Object(), " + " init(System.exit(-1);), " + " action(System.exit(-1);), " + " reverse(System.exit(-1);), " + " result(0))\n" + " then\n" + "end";
try {
KieServices ks = KieServices.Factory.get();
KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
ks.newKieBuilder(kfs).buildAll();
ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
KieContainer kc = ks.newKieContainer(releaseId);
KieSession ksession = kc.newKieSession();
ksession.fireAllRules();
Assert.fail("The security policy for the rule should have prevented this from executing...");
} catch (PropertyAccessException e) {
// weak way of testing but couldn't find a better way
if (e.toString().contains("The security policy should have prevented")) {
Assert.fail("The security policy for the rule should have prevented this from executing...");
} else {
// test succeeded
}
} catch (Exception e) {
if (e.toString().contains("access denied (\"java.lang.RuntimePermission\" \"exitVM.-1\")")) {
// test succeeded
} else {
throw e;
}
}
}
use of org.kie.api.builder.KieFileSystem in project drools by kiegroup.
the class SecurityPolicyTest method testAccumulateFunctionJava.
@Test
public void testAccumulateFunctionJava() throws Exception {
String drl = "package org.foo.bar\n" + "import " + MaliciousExitHelper.class.getName().replace('$', '.') + " \n" + "rule testRule dialect \"java\" \n" + " when\n" + " Number() from accumulate(Object(), " + " sum(MaliciousExitHelper.exit()))\n" + " then\n" + "end";
try {
KieServices ks = KieServices.Factory.get();
KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
ks.newKieBuilder(kfs).buildAll();
ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
KieContainer kc = ks.newKieContainer(releaseId);
KieSession ksession = kc.newKieSession();
ksession.insert("foo");
ksession.fireAllRules();
Assert.fail("The security policy for the rule should have prevented this from executing...");
} catch (PropertyAccessException e) {
// weak way of testing but couldn't find a better way
if (e.toString().contains("The security policy should have prevented")) {
Assert.fail("The security policy for the rule should have prevented this from executing...");
} else {
// test succeeded
}
} catch (Exception e) {
if (e.toString().contains("access denied (\"java.lang.RuntimePermission\" \"exitVM.0\")")) {
// test succeeded
} else {
throw e;
}
}
}
use of org.kie.api.builder.KieFileSystem in project drools by kiegroup.
the class SecurityPolicyTest method testUntrustedMvelConsequence.
@Test
public void testUntrustedMvelConsequence() throws Exception {
String drl = "package org.foo.bar\n" + "rule R1 dialect \"mvel\" when\n" + "then\n" + " System.exit(0);" + "end\n";
try {
KieServices ks = KieServices.Factory.get();
KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
ks.newKieBuilder(kfs).buildAll();
ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
KieContainer kc = ks.newKieContainer(releaseId);
KieSession ksession = kc.newKieSession();
ksession.fireAllRules();
Assert.fail("The security policy for the rule should have prevented this from executing...");
} catch (ShouldHavePrevented e) {
Assert.fail("The security policy for the rule should have prevented this from executing...");
} catch (ConsequenceException e) {
// test succeeded. the policy in place prevented the rule from executing the System.exit().
}
}
use of org.kie.api.builder.KieFileSystem in project drools by kiegroup.
the class SecurityPolicyTest method testUntrustedJavaConsequence.
@Test
public void testUntrustedJavaConsequence() throws Exception {
String drl = "package org.foo.bar\n" + "rule R1 when\n" + "then\n" + " System.exit(0);" + "end\n";
try {
KieServices ks = KieServices.Factory.get();
KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
ks.newKieBuilder(kfs).buildAll();
ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
KieContainer kc = ks.newKieContainer(releaseId);
KieSession ksession = kc.newKieSession();
ksession.fireAllRules();
Assert.fail("The security policy for the rule should have prevented this from executing...");
} catch (ShouldHavePrevented e) {
Assert.fail("The security policy for the rule should have prevented this from executing...");
} catch (ConsequenceException e) {
// test succeeded. the policy in place prevented the rule from executing the System.exit().
}
}
Aggregations