Example 6 with Contains
use of org.mvel2.ast.Contains in project drools by kiegroup.
the class SecurityPolicyTest method testCustomAccumulateMVEL.
@Test
public void testCustomAccumulateMVEL() throws Exception {
String drl = "package org.foo.bar\n" + "rule testRule dialect \"mvel\" \n" + " when\n" + " Number() from accumulate(Object(), " + " init(System.exit(-1);), " + " action(System.exit(-1);), " + " reverse(System.exit(-1);), " + " result(0))\n" + " then\n" + "end";
try {
KieServices ks = KieServices.Factory.get();
KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
ks.newKieBuilder(kfs).buildAll();
ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
KieContainer kc = ks.newKieContainer(releaseId);
KieSession ksession = kc.newKieSession();
ksession.fireAllRules();
Assert.fail("The security policy for the rule should have prevented this from executing...");
} catch (PropertyAccessException e) {
// weak way of testing but couldn't find a better way
if (e.toString().contains("The security policy should have prevented")) {
Assert.fail("The security policy for the rule should have prevented this from executing...");
} else {
// test succeeded
}
} catch (Exception e) {
if (e.toString().contains("access denied (\"java.lang.RuntimePermission\" \"exitVM.-1\")")) {
// test succeeded
} else {
throw e;
}
}
}
Also used :
KieFileSystem(org.kie.api.builder.KieFileSystem)
PropertyAccessException(org.mvel2.PropertyAccessException)
KieServices(org.kie.api.KieServices)
KieSession(org.kie.api.runtime.KieSession)
ReleaseId(org.kie.api.builder.ReleaseId)
ConsequenceException(org.kie.api.runtime.rule.ConsequenceException)
PropertyAccessException(org.mvel2.PropertyAccessException)
KieContainer(org.kie.api.runtime.KieContainer)
Test(org.junit.Test)
Example 7 with Contains
use of org.mvel2.ast.Contains in project drools by kiegroup.
the class SecurityPolicyTest method testAccumulateFunctionJava.
@Test
public void testAccumulateFunctionJava() throws Exception {
String drl = "package org.foo.bar\n" + "import " + MaliciousExitHelper.class.getName().replace('$', '.') + " \n" + "rule testRule dialect \"java\" \n" + " when\n" + " Number() from accumulate(Object(), " + " sum(MaliciousExitHelper.exit()))\n" + " then\n" + "end";
try {
KieServices ks = KieServices.Factory.get();
KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
ks.newKieBuilder(kfs).buildAll();
ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
KieContainer kc = ks.newKieContainer(releaseId);
KieSession ksession = kc.newKieSession();
ksession.insert("foo");
ksession.fireAllRules();
Assert.fail("The security policy for the rule should have prevented this from executing...");
} catch (PropertyAccessException e) {
// weak way of testing but couldn't find a better way
if (e.toString().contains("The security policy should have prevented")) {
Assert.fail("The security policy for the rule should have prevented this from executing...");
} else {
// test succeeded
}
} catch (Exception e) {
if (e.toString().contains("access denied (\"java.lang.RuntimePermission\" \"exitVM.0\")")) {
// test succeeded
} else {
throw e;
}
}
}
Also used :
KieFileSystem(org.kie.api.builder.KieFileSystem)
PropertyAccessException(org.mvel2.PropertyAccessException)
KieServices(org.kie.api.KieServices)
KieSession(org.kie.api.runtime.KieSession)
ReleaseId(org.kie.api.builder.ReleaseId)
ConsequenceException(org.kie.api.runtime.rule.ConsequenceException)
PropertyAccessException(org.mvel2.PropertyAccessException)
KieContainer(org.kie.api.runtime.KieContainer)
Test(org.junit.Test)
Example 8 with Contains
use of org.mvel2.ast.Contains in project mvel by mikebrock.
the class PropertyVerifier method getMethod.
/**
* Process method
*
* @param ctx - the ingress type
* @param name - the property component
* @return known egress type.
*/
private Class getMethod(Class ctx, String name) {
int st = cursor;
/**
* Check to see if this is the first element in the statement.
*/
if (first) {
first = false;
methodCall = true;
/**
* It's the first element in the statement, therefore we check to see if there is a static import of a
* native Java method or an MVEL function.
*/
if (pCtx.hasImport(name)) {
Method m = pCtx.getStaticImport(name).getMethod();
/**
* Replace the method parameters.
*/
ctx = m.getDeclaringClass();
name = m.getName();
} else if (pCtx.hasFunction(name)) {
resolvedExternally = false;
Function f = pCtx.getFunction(name);
f.checkArgumentCount(parseParameterList((((cursor = balancedCapture(expr, cursor, end, '(')) - st) > 1 ? ParseTools.subset(expr, st + 1, cursor - st - 1) : new char[0]), 0, -1).size());
return f.getEgressType();
} else if (pCtx.hasVarOrInput("this")) {
if (pCtx.isStrictTypeEnforcement()) {
recordTypeParmsForProperty("this");
}
ctx = pCtx.getVarOrInputType("this");
resolvedExternally = false;
}
}
/**
* Get the arguments for the method.
*/
String tk;
if (cursor < end && expr[cursor] == '(' && ((cursor = balancedCapture(expr, cursor, end, '(')) - st) > 1) {
tk = new String(expr, st + 1, cursor - st - 1);
} else {
tk = "";
}
cursor++;
/**
* Parse out the arguments list.
*/
Class[] args;
List<char[]> subtokens = parseParameterList(tk.toCharArray(), 0, -1);
if (subtokens.size() == 0) {
args = new Class[0];
subtokens = Collections.emptyList();
} else {
// ParserContext subCtx = pCtx.createSubcontext();
args = new Class[subtokens.size()];
/**
* Subcompile all the arguments to determine their known types.
*/
// ExpressionCompiler compiler;
List<ErrorDetail> errors = pCtx.getErrorList().isEmpty() ? pCtx.getErrorList() : new ArrayList<ErrorDetail>(pCtx.getErrorList());
CompileException rethrow = null;
for (int i = 0; i < subtokens.size(); i++) {
try {
args[i] = MVEL.analyze(subtokens.get(i), pCtx);
if ("null".equals(String.valueOf(subtokens.get(i)))) {
args[i] = NullType.class;
}
} catch (CompileException e) {
rethrow = ErrorUtil.rewriteIfNeeded(e, expr, this.st);
}
if (errors.size() < pCtx.getErrorList().size()) {
for (ErrorDetail detail : pCtx.getErrorList()) {
if (!errors.contains(detail)) {
detail.setExpr(expr);
detail.setCursor(new String(expr).substring(this.st).indexOf(new String(subtokens.get(i))) + this.st);
detail.setColumn(0);
detail.setLineNumber(0);
detail.calcRowAndColumn();
}
}
}
if (rethrow != null) {
throw rethrow;
}
}
}
/**
* If the target object is an instance of java.lang.Class itself then do not
* adjust the Class scope target.
*/
Method m;
if ((m = getBestCandidate(args, name, ctx, ctx.getMethods(), pCtx.isStrongTyping())) == null) {
if ((m = getBestCandidate(args, name, ctx, ctx.getDeclaredMethods(), pCtx.isStrongTyping())) == null) {
StringAppender errorBuild = new StringAppender();
for (int i = 0; i < args.length; i++) {
errorBuild.append(args[i] != null ? args[i].getName() : null);
if (i < args.length - 1)
errorBuild.append(", ");
}
if (("size".equals(name) || "length".equals(name)) && args.length == 0 && ctx.isArray()) {
return Integer.class;
}
if (pCtx.isStrictTypeEnforcement()) {
throw new CompileException("unable to resolve method using strict-mode: " + ctx.getName() + "." + name + "(" + errorBuild.toString() + ")", expr, tkStart);
}
return Object.class;
}
}
/**
* If we're in strict mode, we look for generic type information.
*/
if (pCtx.isStrictTypeEnforcement() && m.getGenericReturnType() != null) {
Map<String, Class> typeArgs = new HashMap<String, Class>();
Type[] gpt = m.getGenericParameterTypes();
Class z;
ParameterizedType pt;
for (int i = 0; i < gpt.length; i++) {
if (gpt[i] instanceof ParameterizedType) {
pt = (ParameterizedType) gpt[i];
if ((z = pCtx.getImport(new String(subtokens.get(i)))) != null) {
/**
* We record the value of the type parameter to our typeArgs Map.
*/
if (pt.getRawType().equals(Class.class)) {
/**
* If this is an instance of Class, we deal with the special parameterization case.
*/
typeArgs.put(pt.getActualTypeArguments()[0].toString(), z);
} else {
typeArgs.put(gpt[i].toString(), z);
}
}
}
}
if (pCtx.isStrictTypeEnforcement() && ctx.getTypeParameters().length != 0 && pCtx.getLastTypeParameters() != null && pCtx.getLastTypeParameters().length == ctx.getTypeParameters().length) {
TypeVariable[] typeVariables = ctx.getTypeParameters();
for (int i = 0; i < typeVariables.length; i++) {
typeArgs.put(typeVariables[i].getName(), (Class) pCtx.getLastTypeParameters()[i]);
}
}
/**
* Get the return type argument
*/
Type parametricReturnType = m.getGenericReturnType();
String returnTypeArg = parametricReturnType.toString();
// push return type parameters onto parser context, only if this is a parametric type
if (parametricReturnType instanceof ParameterizedType) {
pCtx.setLastTypeParameters(((ParameterizedType) parametricReturnType).getActualTypeArguments());
}
if (paramTypes != null && paramTypes.containsKey(returnTypeArg)) {
/**
* If the paramTypes Map contains the known type, return that type.
*/
return (Class) paramTypes.get(returnTypeArg);
} else if (typeArgs.containsKey(returnTypeArg)) {
/**
* If the generic type was declared as part of the method, it will be in this
* Map.
*/
return typeArgs.get(returnTypeArg);
}
}
if (!Modifier.isPublic(m.getModifiers())) {
StringAppender errorBuild = new StringAppender();
for (int i = 0; i < args.length; i++) {
errorBuild.append(args[i] != null ? args[i].getName() : null);
if (i < args.length - 1)
errorBuild.append(", ");
}
String scope = Modifier.toString(m.getModifiers());
if (scope.trim().equals(""))
scope = "<package local>";
addFatalError("the referenced method is not accessible: " + ctx.getName() + "." + name + "(" + errorBuild.toString() + ")" + " (scope: " + scope + "; required: public", this.tkStart);
}
return m.getReturnType();
}
Also used :
Function(org.mvel2.ast.Function)
NullType(org.mvel2.util.NullType)
StringAppender(org.mvel2.util.StringAppender)
Example 9 with Contains
use of org.mvel2.ast.Contains in project mvel by mikebrock.
the class TypesAndInferenceTests method testVarInputs3.
public void testVarInputs3() {
ExpressionCompiler compiler = new ExpressionCompiler("addresses['home'].street");
compiler.compile();
assertFalse(compiler.getParserContextState().getInputs().keySet().contains("home"));
}
Also used :
ExpressionCompiler(org.mvel2.compiler.ExpressionCompiler)
Example 10 with Contains
use of org.mvel2.ast.Contains in project drools by kiegroup.
the class SecurityPolicyTest method testUntrustedMVELEnabled.
@Test
public void testUntrustedMVELEnabled() throws Exception {
String drl = "package org.foo.bar\n" + "import " + MaliciousExitHelper.class.getName().replace('$', '.') + " \n" + "rule R1 dialect \"mvel\" enabled( MaliciousExitHelper.isEnabled() ) \n" + "when\n" + "then\n" + "end\n";
try {
KieServices ks = KieServices.Factory.get();
KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
ks.newKieBuilder(kfs).buildAll();
ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
KieContainer kc = ks.newKieContainer(releaseId);
KieSession ksession = kc.newKieSession();
ksession.fireAllRules();
Assert.fail("The security policy for the rule should have prevented this from executing...");
} catch (PropertyAccessException e) {
// weak way of testing but couldn't find a better way
if (e.toString().contains("The security policy should have prevented")) {
Assert.fail("The security policy for the rule should have prevented this from executing...");
} else {
// test succeeded
}
}
}
Also used :
KieFileSystem(org.kie.api.builder.KieFileSystem)
PropertyAccessException(org.mvel2.PropertyAccessException)
KieServices(org.kie.api.KieServices)
KieSession(org.kie.api.runtime.KieSession)
ReleaseId(org.kie.api.builder.ReleaseId)
KieContainer(org.kie.api.runtime.KieContainer)
Test(org.junit.Test)
Aggregations
Test (org.junit.Test)5
KieServices (org.kie.api.KieServices)5
KieFileSystem (org.kie.api.builder.KieFileSystem)5
ReleaseId (org.kie.api.builder.ReleaseId)5
KieContainer (org.kie.api.runtime.KieContainer)5
KieSession (org.kie.api.runtime.KieSession)5
PropertyAccessException (org.mvel2.PropertyAccessException)5
ConsequenceException (org.kie.api.runtime.rule.ConsequenceException)3
ExpressionCompiler (org.mvel2.compiler.ExpressionCompiler)3
Pattern (java.util.regex.Pattern)1
Triple (org.drools.core.util.Triple)1
TripleStore (org.drools.core.util.TripleStore)1
CompileException (org.mvel2.CompileException)1
Label (org.mvel2.asm.Label)1
BinaryOperation (org.mvel2.ast.BinaryOperation)1
Contains (org.mvel2.ast.Contains)1
Function (org.mvel2.ast.Function)1
Instance (org.mvel2.ast.Instance)1
RegExMatch (org.mvel2.ast.RegExMatch)1
Soundslike (org.mvel2.ast.Soundslike)1
