Examples with MVEL org.mvel2.MVEL used on opensource projects

Example 16 with MVEL

use of org.mvel2.MVEL in project mvel by mikebrock.

the class CoreConfidenceTests method testMVEL238.

public void testMVEL238() throws IOException {
    String expr = new String(loadFromFile(new File("src/test/java/org/mvel2/tests/MVEL238.mvel")));
    Serializable s = MVEL.compileExpression(expr);
    System.out.println(MVEL.executeExpression(s, new HashMap()));
    System.out.println(MVEL.executeExpression(s, new HashMap()));
}

Example 17 with MVEL

use of org.mvel2.MVEL in project drools by kiegroup.

the class PatternBuilder method setInputs.

protected void setInputs(RuleBuildContext context, ExprBindings descrBranch, Class<?> thisClass, String expr) {
    MVELDialectRuntimeData data = (MVELDialectRuntimeData) context.getPkg().getDialectRuntimeRegistry().getDialectData("mvel");
    ParserConfiguration conf = data.getParserConfiguration();
    conf.setClassLoader(context.getKnowledgeBuilder().getRootClassLoader());
    final ParserContext pctx = new ParserContext(conf);
    pctx.setStrictTypeEnforcement(false);
    pctx.setStrongTyping(false);
    pctx.addInput("this", thisClass);
    // overrides the mvel empty label
    pctx.addInput("empty", boolean.class);
    MVEL.COMPILER_OPT_ALLOW_NAKED_METH_CALL = true;
    MVEL.COMPILER_OPT_ALLOW_OVERRIDE_ALL_PROPHANDLING = true;
    MVEL.COMPILER_OPT_ALLOW_RESOLVE_INNERCLASSES_WITH_DOTNOTATION = true;
    MVEL.COMPILER_OPT_SUPPORT_JAVA_STYLE_CLASS_LITERALS = true;
    try {
        MVEL.analysisCompile(expr, pctx);
    } catch (Exception e) {
        // reported during expression analysis, so swallow it at the moment
        return;
    }
    if (!pctx.getInputs().isEmpty()) {
        for (String v : pctx.getInputs().keySet()) {
            // to an "empty" property, or the if will evaluate to true even if it doesn't
            if ("this".equals(v) || (PropertyTools.getFieldOrAccessor(thisClass, v) != null && expr.matches("(^|.*\\W)empty($|\\W.*)"))) {
                descrBranch.getFieldAccessors().add(v);
            } else if ("empty".equals(v)) {
            // do nothing
            } else if (!context.getPkg().getGlobals().containsKey(v)) {
                descrBranch.getRuleBindings().add(v);
            } else {
                descrBranch.getGlobalBindings().add(v);
            }
        }
    }
}

Example 18 with MVEL

use of org.mvel2.MVEL in project drools by kiegroup.

the class SecurityPolicyTest method testUntrustedMVELEnabled.

@Test
public void testUntrustedMVELEnabled() throws Exception {
    String drl = "package org.foo.bar\n" + "import " + MaliciousExitHelper.class.getName().replace('$', '.') + " \n" + "rule R1 dialect \"mvel\" enabled( MaliciousExitHelper.isEnabled() ) \n" + "when\n" + "then\n" + "end\n";
    try {
        KieServices ks = KieServices.Factory.get();
        KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
        ks.newKieBuilder(kfs).buildAll();
        ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
        KieContainer kc = ks.newKieContainer(releaseId);
        KieSession ksession = kc.newKieSession();
        ksession.fireAllRules();
        Assert.fail("The security policy for the rule should have prevented this from executing...");
    } catch (PropertyAccessException e) {
        // weak way of testing but couldn't find a better way
        if (e.toString().contains("The security policy should have prevented")) {
            Assert.fail("The security policy for the rule should have prevented this from executing...");
        } else {
        // test succeeded
        }
    }
}

Example 19 with MVEL

use of org.mvel2.MVEL in project drools by kiegroup.

the class SecurityPolicyTest method testUntrustedMVELSalience.

@Test
public void testUntrustedMVELSalience() throws Exception {
    String drl = "package org.foo.bar\n" + "import " + MaliciousExitHelper.class.getName().replace('$', '.') + " \n" + "rule R1 dialect \"mvel\" salience( MaliciousExitHelper.exit() ) \n" + "when\n" + "then\n" + "end\n";
    try {
        KieServices ks = KieServices.Factory.get();
        KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
        ks.newKieBuilder(kfs).buildAll();
        ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
        KieContainer kc = ks.newKieContainer(releaseId);
        KieSession ksession = kc.newKieSession();
        ksession.fireAllRules();
        Assert.fail("The security policy for the rule should have prevented this from executing...");
    } catch (PropertyAccessException e) {
        // weak way of testing but couldn't find a better way
        if (e.toString().contains("The security policy should have prevented")) {
            Assert.fail("The security policy for the rule should have prevented this from executing...");
        } else {
        // test succeeded
        }
    }
}

Example 20 with MVEL

use of org.mvel2.MVEL in project drools by kiegroup.

the class SecurityPolicyTest method testSerializationUntrustedMvelConsequence.

@Test
public void testSerializationUntrustedMvelConsequence() throws Exception {
    String drl = "package org.foo.bar\n" + "rule R1 dialect \"mvel\" when\n" + "then\n" + "    System.exit(0);" + "end\n";
    try {
        KieServices ks = KieServices.Factory.get();
        KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
        ks.newKieBuilder(kfs).buildAll();
        ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
        KieContainer kc = ks.newKieContainer(releaseId);
        KieBase kbase = kc.getKieBase();
        kbase = SerializationHelper.serializeObject(kbase);
    } catch (Exception e) {
        e.printStackTrace();
        Assert.fail(e.toString());
    // test succeeded. the policy in place prevented the rule from executing the System.exit().
    }
}