use of org.mvel2.MVEL in project mvel by mikebrock.
the class CoreConfidenceTests method testMVEL238.
public void testMVEL238() throws IOException {
String expr = new String(loadFromFile(new File("src/test/java/org/mvel2/tests/MVEL238.mvel")));
Serializable s = MVEL.compileExpression(expr);
System.out.println(MVEL.executeExpression(s, new HashMap()));
System.out.println(MVEL.executeExpression(s, new HashMap()));
}
use of org.mvel2.MVEL in project drools by kiegroup.
the class PatternBuilder method setInputs.
protected void setInputs(RuleBuildContext context, ExprBindings descrBranch, Class<?> thisClass, String expr) {
MVELDialectRuntimeData data = (MVELDialectRuntimeData) context.getPkg().getDialectRuntimeRegistry().getDialectData("mvel");
ParserConfiguration conf = data.getParserConfiguration();
conf.setClassLoader(context.getKnowledgeBuilder().getRootClassLoader());
final ParserContext pctx = new ParserContext(conf);
pctx.setStrictTypeEnforcement(false);
pctx.setStrongTyping(false);
pctx.addInput("this", thisClass);
// overrides the mvel empty label
pctx.addInput("empty", boolean.class);
MVEL.COMPILER_OPT_ALLOW_NAKED_METH_CALL = true;
MVEL.COMPILER_OPT_ALLOW_OVERRIDE_ALL_PROPHANDLING = true;
MVEL.COMPILER_OPT_ALLOW_RESOLVE_INNERCLASSES_WITH_DOTNOTATION = true;
MVEL.COMPILER_OPT_SUPPORT_JAVA_STYLE_CLASS_LITERALS = true;
try {
MVEL.analysisCompile(expr, pctx);
} catch (Exception e) {
// reported during expression analysis, so swallow it at the moment
return;
}
if (!pctx.getInputs().isEmpty()) {
for (String v : pctx.getInputs().keySet()) {
// to an "empty" property, or the if will evaluate to true even if it doesn't
if ("this".equals(v) || (PropertyTools.getFieldOrAccessor(thisClass, v) != null && expr.matches("(^|.*\\W)empty($|\\W.*)"))) {
descrBranch.getFieldAccessors().add(v);
} else if ("empty".equals(v)) {
// do nothing
} else if (!context.getPkg().getGlobals().containsKey(v)) {
descrBranch.getRuleBindings().add(v);
} else {
descrBranch.getGlobalBindings().add(v);
}
}
}
}
use of org.mvel2.MVEL in project drools by kiegroup.
the class SecurityPolicyTest method testUntrustedMVELEnabled.
@Test
public void testUntrustedMVELEnabled() throws Exception {
String drl = "package org.foo.bar\n" + "import " + MaliciousExitHelper.class.getName().replace('$', '.') + " \n" + "rule R1 dialect \"mvel\" enabled( MaliciousExitHelper.isEnabled() ) \n" + "when\n" + "then\n" + "end\n";
try {
KieServices ks = KieServices.Factory.get();
KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
ks.newKieBuilder(kfs).buildAll();
ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
KieContainer kc = ks.newKieContainer(releaseId);
KieSession ksession = kc.newKieSession();
ksession.fireAllRules();
Assert.fail("The security policy for the rule should have prevented this from executing...");
} catch (PropertyAccessException e) {
// weak way of testing but couldn't find a better way
if (e.toString().contains("The security policy should have prevented")) {
Assert.fail("The security policy for the rule should have prevented this from executing...");
} else {
// test succeeded
}
}
}
use of org.mvel2.MVEL in project drools by kiegroup.
the class SecurityPolicyTest method testUntrustedMVELSalience.
@Test
public void testUntrustedMVELSalience() throws Exception {
String drl = "package org.foo.bar\n" + "import " + MaliciousExitHelper.class.getName().replace('$', '.') + " \n" + "rule R1 dialect \"mvel\" salience( MaliciousExitHelper.exit() ) \n" + "when\n" + "then\n" + "end\n";
try {
KieServices ks = KieServices.Factory.get();
KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
ks.newKieBuilder(kfs).buildAll();
ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
KieContainer kc = ks.newKieContainer(releaseId);
KieSession ksession = kc.newKieSession();
ksession.fireAllRules();
Assert.fail("The security policy for the rule should have prevented this from executing...");
} catch (PropertyAccessException e) {
// weak way of testing but couldn't find a better way
if (e.toString().contains("The security policy should have prevented")) {
Assert.fail("The security policy for the rule should have prevented this from executing...");
} else {
// test succeeded
}
}
}
use of org.mvel2.MVEL in project drools by kiegroup.
the class SecurityPolicyTest method testSerializationUntrustedMvelConsequence.
@Test
public void testSerializationUntrustedMvelConsequence() throws Exception {
String drl = "package org.foo.bar\n" + "rule R1 dialect \"mvel\" when\n" + "then\n" + " System.exit(0);" + "end\n";
try {
KieServices ks = KieServices.Factory.get();
KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
ks.newKieBuilder(kfs).buildAll();
ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
KieContainer kc = ks.newKieContainer(releaseId);
KieBase kbase = kc.getKieBase();
kbase = SerializationHelper.serializeObject(kbase);
} catch (Exception e) {
e.printStackTrace();
Assert.fail(e.toString());
// test succeeded. the policy in place prevented the rule from executing the System.exit().
}
}
Aggregations