Search in sources :

Example 16 with ReleaseId

use of org.kie.api.builder.ReleaseId in project drools by kiegroup.

the class SecurityPolicyTest method testAccumulateFunctionMVEL.

@Test
public void testAccumulateFunctionMVEL() throws Exception {
    String drl = "package org.foo.bar\n" + "import " + MaliciousExitHelper.class.getName().replace('$', '.') + " \n" + "rule testRule dialect \"mvel\" \n" + "    when\n" + "        Number() from accumulate(Object(), " + "               sum(MaliciousExitHelper.exit()))\n" + "    then\n" + "end";
    try {
        KieServices ks = KieServices.Factory.get();
        KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
        ks.newKieBuilder(kfs).buildAll();
        ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
        KieContainer kc = ks.newKieContainer(releaseId);
        KieSession ksession = kc.newKieSession();
        ksession.insert("foo");
        ksession.fireAllRules();
        Assert.fail("The security policy for the rule should have prevented this from executing...");
    } catch (PropertyAccessException e) {
        // weak way of testing but couldn't find a better way
        if (e.toString().contains("The security policy should have prevented")) {
            Assert.fail("The security policy for the rule should have prevented this from executing...");
        } else {
        // test succeeded
        }
    } catch (Exception e) {
        if (e.toString().contains("access denied (\"java.lang.RuntimePermission\" \"exitVM.0\")")) {
        // test succeeded
        } else {
            throw e;
        }
    }
}
Also used : KieFileSystem(org.kie.api.builder.KieFileSystem) PropertyAccessException(org.mvel2.PropertyAccessException) KieServices(org.kie.api.KieServices) KieSession(org.kie.api.runtime.KieSession) ReleaseId(org.kie.api.builder.ReleaseId) ConsequenceException(org.kie.api.runtime.rule.ConsequenceException) PropertyAccessException(org.mvel2.PropertyAccessException) KieContainer(org.kie.api.runtime.KieContainer) Test(org.junit.Test)

Example 17 with ReleaseId

use of org.kie.api.builder.ReleaseId in project drools by kiegroup.

the class SecurityPolicyTest method testCustomAccumulateMVEL.

@Test
public void testCustomAccumulateMVEL() throws Exception {
    String drl = "package org.foo.bar\n" + "rule testRule dialect \"mvel\" \n" + "    when\n" + "        Number() from accumulate(Object(), " + "               init(System.exit(-1);), " + "               action(System.exit(-1);), " + "               reverse(System.exit(-1);), " + "               result(0))\n" + "    then\n" + "end";
    try {
        KieServices ks = KieServices.Factory.get();
        KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
        ks.newKieBuilder(kfs).buildAll();
        ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
        KieContainer kc = ks.newKieContainer(releaseId);
        KieSession ksession = kc.newKieSession();
        ksession.fireAllRules();
        Assert.fail("The security policy for the rule should have prevented this from executing...");
    } catch (PropertyAccessException e) {
        // weak way of testing but couldn't find a better way
        if (e.toString().contains("The security policy should have prevented")) {
            Assert.fail("The security policy for the rule should have prevented this from executing...");
        } else {
        // test succeeded
        }
    } catch (Exception e) {
        if (e.toString().contains("access denied (\"java.lang.RuntimePermission\" \"exitVM.-1\")")) {
        // test succeeded
        } else {
            throw e;
        }
    }
}
Also used : KieFileSystem(org.kie.api.builder.KieFileSystem) PropertyAccessException(org.mvel2.PropertyAccessException) KieServices(org.kie.api.KieServices) KieSession(org.kie.api.runtime.KieSession) ReleaseId(org.kie.api.builder.ReleaseId) ConsequenceException(org.kie.api.runtime.rule.ConsequenceException) PropertyAccessException(org.mvel2.PropertyAccessException) KieContainer(org.kie.api.runtime.KieContainer) Test(org.junit.Test)

Example 18 with ReleaseId

use of org.kie.api.builder.ReleaseId in project drools by kiegroup.

the class SecurityPolicyTest method testAccumulateFunctionJava.

@Test
public void testAccumulateFunctionJava() throws Exception {
    String drl = "package org.foo.bar\n" + "import " + MaliciousExitHelper.class.getName().replace('$', '.') + " \n" + "rule testRule dialect \"java\" \n" + "    when\n" + "        Number() from accumulate(Object(), " + "               sum(MaliciousExitHelper.exit()))\n" + "    then\n" + "end";
    try {
        KieServices ks = KieServices.Factory.get();
        KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
        ks.newKieBuilder(kfs).buildAll();
        ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
        KieContainer kc = ks.newKieContainer(releaseId);
        KieSession ksession = kc.newKieSession();
        ksession.insert("foo");
        ksession.fireAllRules();
        Assert.fail("The security policy for the rule should have prevented this from executing...");
    } catch (PropertyAccessException e) {
        // weak way of testing but couldn't find a better way
        if (e.toString().contains("The security policy should have prevented")) {
            Assert.fail("The security policy for the rule should have prevented this from executing...");
        } else {
        // test succeeded
        }
    } catch (Exception e) {
        if (e.toString().contains("access denied (\"java.lang.RuntimePermission\" \"exitVM.0\")")) {
        // test succeeded
        } else {
            throw e;
        }
    }
}
Also used : KieFileSystem(org.kie.api.builder.KieFileSystem) PropertyAccessException(org.mvel2.PropertyAccessException) KieServices(org.kie.api.KieServices) KieSession(org.kie.api.runtime.KieSession) ReleaseId(org.kie.api.builder.ReleaseId) ConsequenceException(org.kie.api.runtime.rule.ConsequenceException) PropertyAccessException(org.mvel2.PropertyAccessException) KieContainer(org.kie.api.runtime.KieContainer) Test(org.junit.Test)

Example 19 with ReleaseId

use of org.kie.api.builder.ReleaseId in project drools by kiegroup.

the class SecurityPolicyTest method testUntrustedMvelConsequence.

@Test
public void testUntrustedMvelConsequence() throws Exception {
    String drl = "package org.foo.bar\n" + "rule R1 dialect \"mvel\" when\n" + "then\n" + "    System.exit(0);" + "end\n";
    try {
        KieServices ks = KieServices.Factory.get();
        KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
        ks.newKieBuilder(kfs).buildAll();
        ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
        KieContainer kc = ks.newKieContainer(releaseId);
        KieSession ksession = kc.newKieSession();
        ksession.fireAllRules();
        Assert.fail("The security policy for the rule should have prevented this from executing...");
    } catch (ShouldHavePrevented e) {
        Assert.fail("The security policy for the rule should have prevented this from executing...");
    } catch (ConsequenceException e) {
    // test succeeded. the policy in place prevented the rule from executing the System.exit().
    }
}
Also used : KieFileSystem(org.kie.api.builder.KieFileSystem) KieServices(org.kie.api.KieServices) KieSession(org.kie.api.runtime.KieSession) ReleaseId(org.kie.api.builder.ReleaseId) ConsequenceException(org.kie.api.runtime.rule.ConsequenceException) KieContainer(org.kie.api.runtime.KieContainer) Test(org.junit.Test)

Example 20 with ReleaseId

use of org.kie.api.builder.ReleaseId in project drools by kiegroup.

the class SecurityPolicyTest method testUntrustedJavaConsequence.

@Test
public void testUntrustedJavaConsequence() throws Exception {
    String drl = "package org.foo.bar\n" + "rule R1 when\n" + "then\n" + "    System.exit(0);" + "end\n";
    try {
        KieServices ks = KieServices.Factory.get();
        KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
        ks.newKieBuilder(kfs).buildAll();
        ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
        KieContainer kc = ks.newKieContainer(releaseId);
        KieSession ksession = kc.newKieSession();
        ksession.fireAllRules();
        Assert.fail("The security policy for the rule should have prevented this from executing...");
    } catch (ShouldHavePrevented e) {
        Assert.fail("The security policy for the rule should have prevented this from executing...");
    } catch (ConsequenceException e) {
    // test succeeded. the policy in place prevented the rule from executing the System.exit().
    }
}
Also used : KieFileSystem(org.kie.api.builder.KieFileSystem) KieServices(org.kie.api.KieServices) KieSession(org.kie.api.runtime.KieSession) ReleaseId(org.kie.api.builder.ReleaseId) ConsequenceException(org.kie.api.runtime.rule.ConsequenceException) KieContainer(org.kie.api.runtime.KieContainer) Test(org.junit.Test)

Aggregations

ReleaseId (org.kie.api.builder.ReleaseId)565 KieServices (org.kie.api.KieServices)449 Test (org.junit.Test)398 KieContainer (org.kie.api.runtime.KieContainer)313 KieSession (org.kie.api.runtime.KieSession)234 InternalKieModule (org.drools.compiler.kie.builder.impl.InternalKieModule)159 KieFileSystem (org.kie.api.builder.KieFileSystem)132 ArrayList (java.util.ArrayList)120 StatelessKieSession (org.kie.api.runtime.StatelessKieSession)100 KieModule (org.kie.api.builder.KieModule)94 KieBuilder (org.kie.api.builder.KieBuilder)86 KieModuleModel (org.kie.api.builder.model.KieModuleModel)85 KieMavenRepository.getKieMavenRepository (org.kie.scanner.KieMavenRepository.getKieMavenRepository)76 File (java.io.File)75 Resource (org.kie.api.io.Resource)53 KieMavenRepository (org.kie.scanner.KieMavenRepository)53 FileOutputStream (java.io.FileOutputStream)51 KieBase (org.kie.api.KieBase)47 Before (org.junit.Before)39 HashMap (java.util.HashMap)31