use of org.mvel2.PropertyAccessException in project mvel by mikebrock.
the class PropertyAccessor method getCollectionPropertyAO.
private Object getCollectionPropertyAO(Object ctx, String prop) throws Exception {
if (prop.length() != 0) {
ctx = getBeanProperty(ctx, prop);
}
if (ctx == null)
return null;
int _start = ++cursor;
whiteSpaceSkip();
if (cursor == end || scanTo(']'))
throw new PropertyAccessException("unterminated '['", property, cursor);
prop = new String(property, _start, cursor++ - _start);
if (ctx instanceof Map) {
if (hasPropertyHandler(Map.class))
return getPropertyHandler(Map.class).getProperty(prop, ctx, variableFactory);
else
return ((Map) ctx).get(eval(prop, ctx, variableFactory));
} else if (ctx instanceof List) {
if (hasPropertyHandler(List.class))
return getPropertyHandler(List.class).getProperty(prop, ctx, variableFactory);
else
return ((List) ctx).get((Integer) eval(prop, ctx, variableFactory));
} else if (ctx instanceof Collection) {
if (hasPropertyHandler(Collection.class))
return getPropertyHandler(Collection.class).getProperty(prop, ctx, variableFactory);
else {
int count = (Integer) eval(prop, ctx, variableFactory);
if (count > ((Collection) ctx).size())
throw new PropertyAccessException("index [" + count + "] out of bounds on collections", property, cursor);
Iterator iter = ((Collection) ctx).iterator();
for (int i = 0; i < count; i++) iter.next();
return iter.next();
}
} else if (ctx.getClass().isArray()) {
if (hasPropertyHandler(Array.class))
return getPropertyHandler(Array.class).getProperty(prop, ctx, variableFactory);
return Array.get(ctx, (Integer) eval(prop, ctx, variableFactory));
} else if (ctx instanceof CharSequence) {
if (hasPropertyHandler(CharSequence.class))
return getPropertyHandler(CharSequence.class).getProperty(prop, ctx, variableFactory);
else
return ((CharSequence) ctx).charAt((Integer) eval(prop, ctx, variableFactory));
} else {
try {
return getClassReference(getCurrentThreadParserContext(), (Class) ctx, new TypeDescriptor(property, start, end - start, 0));
} catch (Exception e) {
throw new PropertyAccessException("illegal use of []: unknown type: " + (ctx == null ? null : ctx.getClass().getName()), property, st);
}
}
}
use of org.mvel2.PropertyAccessException in project drools by kiegroup.
the class SecurityPolicyTest method testUntrustedMVELEnabled.
@Test
public void testUntrustedMVELEnabled() throws Exception {
String drl = "package org.foo.bar\n" + "import " + MaliciousExitHelper.class.getName().replace('$', '.') + " \n" + "rule R1 dialect \"mvel\" enabled( MaliciousExitHelper.isEnabled() ) \n" + "when\n" + "then\n" + "end\n";
try {
KieServices ks = KieServices.Factory.get();
KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
ks.newKieBuilder(kfs).buildAll();
ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
KieContainer kc = ks.newKieContainer(releaseId);
KieSession ksession = kc.newKieSession();
ksession.fireAllRules();
Assert.fail("The security policy for the rule should have prevented this from executing...");
} catch (PropertyAccessException e) {
// weak way of testing but couldn't find a better way
if (e.toString().contains("The security policy should have prevented")) {
Assert.fail("The security policy for the rule should have prevented this from executing...");
} else {
// test succeeded
}
}
}
use of org.mvel2.PropertyAccessException in project drools by kiegroup.
the class SecurityPolicyTest method testUntrustedMVELSalience.
@Test
public void testUntrustedMVELSalience() throws Exception {
String drl = "package org.foo.bar\n" + "import " + MaliciousExitHelper.class.getName().replace('$', '.') + " \n" + "rule R1 dialect \"mvel\" salience( MaliciousExitHelper.exit() ) \n" + "when\n" + "then\n" + "end\n";
try {
KieServices ks = KieServices.Factory.get();
KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
ks.newKieBuilder(kfs).buildAll();
ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
KieContainer kc = ks.newKieContainer(releaseId);
KieSession ksession = kc.newKieSession();
ksession.fireAllRules();
Assert.fail("The security policy for the rule should have prevented this from executing...");
} catch (PropertyAccessException e) {
// weak way of testing but couldn't find a better way
if (e.toString().contains("The security policy should have prevented")) {
Assert.fail("The security policy for the rule should have prevented this from executing...");
} else {
// test succeeded
}
}
}
Aggregations