Search in sources :

Example 46 with ReleaseId

use of org.kie.api.builder.ReleaseId in project drools by kiegroup.

the class SecurityPolicyTest method testCustomAccumulateMVEL.

@Test
public void testCustomAccumulateMVEL() throws Exception {
    String drl = "package org.foo.bar\n" + "rule testRule dialect \"mvel\" \n" + "    when\n" + "        Number() from accumulate(Object(), " + "               init(System.exit(-1);), " + "               action(System.exit(-1);), " + "               reverse(System.exit(-1);), " + "               result(0))\n" + "    then\n" + "end";
    try {
        KieServices ks = KieServices.Factory.get();
        KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
        ks.newKieBuilder(kfs).buildAll();
        ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
        KieContainer kc = ks.newKieContainer(releaseId);
        KieSession ksession = kc.newKieSession();
        ksession.fireAllRules();
        Assert.fail("The security policy for the rule should have prevented this from executing...");
    } catch (PropertyAccessException e) {
        // weak way of testing but couldn't find a better way
        if (e.toString().contains("The security policy should have prevented")) {
            Assert.fail("The security policy for the rule should have prevented this from executing...");
        } else {
        // test succeeded
        }
    } catch (Exception e) {
        if (e.toString().contains("access denied (\"java.lang.RuntimePermission\" \"exitVM.-1\")")) {
        // test succeeded
        } else {
            throw e;
        }
    }
}
Also used : KieFileSystem(org.kie.api.builder.KieFileSystem) PropertyAccessException(org.mvel2.PropertyAccessException) KieServices(org.kie.api.KieServices) KieSession(org.kie.api.runtime.KieSession) ReleaseId(org.kie.api.builder.ReleaseId) ConsequenceException(org.kie.api.runtime.rule.ConsequenceException) PropertyAccessException(org.mvel2.PropertyAccessException) KieContainer(org.kie.api.runtime.KieContainer) Test(org.junit.Test)

Example 47 with ReleaseId

use of org.kie.api.builder.ReleaseId in project drools by kiegroup.

the class SecurityPolicyTest method testAccumulateFunctionJava.

@Test
public void testAccumulateFunctionJava() throws Exception {
    String drl = "package org.foo.bar\n" + "import " + MaliciousExitHelper.class.getName().replace('$', '.') + " \n" + "rule testRule dialect \"java\" \n" + "    when\n" + "        Number() from accumulate(Object(), " + "               sum(MaliciousExitHelper.exit()))\n" + "    then\n" + "end";
    try {
        KieServices ks = KieServices.Factory.get();
        KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
        ks.newKieBuilder(kfs).buildAll();
        ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
        KieContainer kc = ks.newKieContainer(releaseId);
        KieSession ksession = kc.newKieSession();
        ksession.insert("foo");
        ksession.fireAllRules();
        Assert.fail("The security policy for the rule should have prevented this from executing...");
    } catch (PropertyAccessException e) {
        // weak way of testing but couldn't find a better way
        if (e.toString().contains("The security policy should have prevented")) {
            Assert.fail("The security policy for the rule should have prevented this from executing...");
        } else {
        // test succeeded
        }
    } catch (Exception e) {
        if (e.toString().contains("access denied (\"java.lang.RuntimePermission\" \"exitVM.0\")")) {
        // test succeeded
        } else {
            throw e;
        }
    }
}
Also used : KieFileSystem(org.kie.api.builder.KieFileSystem) PropertyAccessException(org.mvel2.PropertyAccessException) KieServices(org.kie.api.KieServices) KieSession(org.kie.api.runtime.KieSession) ReleaseId(org.kie.api.builder.ReleaseId) ConsequenceException(org.kie.api.runtime.rule.ConsequenceException) PropertyAccessException(org.mvel2.PropertyAccessException) KieContainer(org.kie.api.runtime.KieContainer) Test(org.junit.Test)

Example 48 with ReleaseId

use of org.kie.api.builder.ReleaseId in project drools by kiegroup.

the class SecurityPolicyTest method testUntrustedMvelConsequence.

@Test
public void testUntrustedMvelConsequence() throws Exception {
    String drl = "package org.foo.bar\n" + "rule R1 dialect \"mvel\" when\n" + "then\n" + "    System.exit(0);" + "end\n";
    try {
        KieServices ks = KieServices.Factory.get();
        KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
        ks.newKieBuilder(kfs).buildAll();
        ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
        KieContainer kc = ks.newKieContainer(releaseId);
        KieSession ksession = kc.newKieSession();
        ksession.fireAllRules();
        Assert.fail("The security policy for the rule should have prevented this from executing...");
    } catch (ShouldHavePrevented e) {
        Assert.fail("The security policy for the rule should have prevented this from executing...");
    } catch (ConsequenceException e) {
    // test succeeded. the policy in place prevented the rule from executing the System.exit().
    }
}
Also used : KieFileSystem(org.kie.api.builder.KieFileSystem) KieServices(org.kie.api.KieServices) KieSession(org.kie.api.runtime.KieSession) ReleaseId(org.kie.api.builder.ReleaseId) ConsequenceException(org.kie.api.runtime.rule.ConsequenceException) KieContainer(org.kie.api.runtime.KieContainer) Test(org.junit.Test)

Example 49 with ReleaseId

use of org.kie.api.builder.ReleaseId in project drools by kiegroup.

the class SecurityPolicyTest method testUntrustedJavaConsequence.

@Test
public void testUntrustedJavaConsequence() throws Exception {
    String drl = "package org.foo.bar\n" + "rule R1 when\n" + "then\n" + "    System.exit(0);" + "end\n";
    try {
        KieServices ks = KieServices.Factory.get();
        KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
        ks.newKieBuilder(kfs).buildAll();
        ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
        KieContainer kc = ks.newKieContainer(releaseId);
        KieSession ksession = kc.newKieSession();
        ksession.fireAllRules();
        Assert.fail("The security policy for the rule should have prevented this from executing...");
    } catch (ShouldHavePrevented e) {
        Assert.fail("The security policy for the rule should have prevented this from executing...");
    } catch (ConsequenceException e) {
    // test succeeded. the policy in place prevented the rule from executing the System.exit().
    }
}
Also used : KieFileSystem(org.kie.api.builder.KieFileSystem) KieServices(org.kie.api.KieServices) KieSession(org.kie.api.runtime.KieSession) ReleaseId(org.kie.api.builder.ReleaseId) ConsequenceException(org.kie.api.runtime.rule.ConsequenceException) KieContainer(org.kie.api.runtime.KieContainer) Test(org.junit.Test)

Example 50 with ReleaseId

use of org.kie.api.builder.ReleaseId in project drools by kiegroup.

the class SecurityPolicyTest method testCustomAccumulate.

@Test
public void testCustomAccumulate() throws Exception {
    String drl = "package org.foo.bar\n" + "rule testRule\n" + "    when\n" + "        Number() from accumulate(Object(), " + "               init(System.exit(-1);), " + "               action(System.exit(-1);), " + "               reverse(System.exit(-1);), " + "               result(0))\n" + "    then\n" + "end";
    try {
        KieServices ks = KieServices.Factory.get();
        KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
        ks.newKieBuilder(kfs).buildAll();
        ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
        KieContainer kc = ks.newKieContainer(releaseId);
        KieSession ksession = kc.newKieSession();
        ksession.fireAllRules();
        Assert.fail("The security policy for the rule should have prevented this from executing...");
    } catch (ShouldHavePrevented e) {
        Assert.fail("The security policy for the rule should have prevented this from executing...");
    } catch (Exception e) {
    // test succeeded. the policy in place prevented the rule from executing the System.exit().
    }
}
Also used : KieFileSystem(org.kie.api.builder.KieFileSystem) KieServices(org.kie.api.KieServices) KieSession(org.kie.api.runtime.KieSession) ReleaseId(org.kie.api.builder.ReleaseId) ConsequenceException(org.kie.api.runtime.rule.ConsequenceException) PropertyAccessException(org.mvel2.PropertyAccessException) KieContainer(org.kie.api.runtime.KieContainer) Test(org.junit.Test)

Aggregations

ReleaseId (org.kie.api.builder.ReleaseId)273 Test (org.junit.Test)219 KieServices (org.kie.api.KieServices)214 KieContainer (org.kie.api.runtime.KieContainer)176 KieSession (org.kie.api.runtime.KieSession)137 InternalKieModule (org.drools.compiler.kie.builder.impl.InternalKieModule)117 KieModule (org.kie.api.builder.KieModule)84 StatelessKieSession (org.kie.api.runtime.StatelessKieSession)73 KieFileSystem (org.kie.api.builder.KieFileSystem)64 KieModuleModel (org.kie.api.builder.model.KieModuleModel)40 KieBuilder (org.kie.api.builder.KieBuilder)34 ArrayList (java.util.ArrayList)32 Message (org.drools.compiler.Message)32 KieMavenRepository.getKieMavenRepository (org.kie.scanner.KieMavenRepository.getKieMavenRepository)27 Resource (org.kie.api.io.Resource)23 Results (org.kie.api.builder.Results)20 KieBaseModel (org.kie.api.builder.model.KieBaseModel)20 InternalKieScanner (org.drools.compiler.kie.builder.impl.InternalKieScanner)18 KieScanner (org.kie.api.builder.KieScanner)18 IncrementalResults (org.kie.internal.builder.IncrementalResults)18