use of org.mvel2.tests.core.res.Foo in project mvel by mikebrock.
the class TemplateTests method testOutputStream1.
public void testOutputStream1() {
final StringBuilder sb = new StringBuilder();
OutputStream outstream = new OutputStream() {
@Override
public void write(int b) throws IOException {
sb.append((char) b);
}
};
String template = "@foreach{item:['foo','far']}@{item}@end{}";
CompiledTemplate compiled = TemplateCompiler.compileTemplate(template);
TemplateRuntime.execute(compiled, new HashMap(), outstream);
assertEquals("foofar", sb.toString());
}
use of org.mvel2.tests.core.res.Foo in project drools by kiegroup.
the class SecurityPolicyTest method testUntrustedMVELEnabled.
@Test
public void testUntrustedMVELEnabled() throws Exception {
String drl = "package org.foo.bar\n" + "import " + MaliciousExitHelper.class.getName().replace('$', '.') + " \n" + "rule R1 dialect \"mvel\" enabled( MaliciousExitHelper.isEnabled() ) \n" + "when\n" + "then\n" + "end\n";
try {
KieServices ks = KieServices.Factory.get();
KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
ks.newKieBuilder(kfs).buildAll();
ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
KieContainer kc = ks.newKieContainer(releaseId);
KieSession ksession = kc.newKieSession();
ksession.fireAllRules();
Assert.fail("The security policy for the rule should have prevented this from executing...");
} catch (PropertyAccessException e) {
// weak way of testing but couldn't find a better way
if (e.toString().contains("The security policy should have prevented")) {
Assert.fail("The security policy for the rule should have prevented this from executing...");
} else {
// test succeeded
}
}
}
use of org.mvel2.tests.core.res.Foo in project drools by kiegroup.
the class SecurityPolicyTest method testUntrustedMVELSalience.
@Test
public void testUntrustedMVELSalience() throws Exception {
String drl = "package org.foo.bar\n" + "import " + MaliciousExitHelper.class.getName().replace('$', '.') + " \n" + "rule R1 dialect \"mvel\" salience( MaliciousExitHelper.exit() ) \n" + "when\n" + "then\n" + "end\n";
try {
KieServices ks = KieServices.Factory.get();
KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
ks.newKieBuilder(kfs).buildAll();
ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
KieContainer kc = ks.newKieContainer(releaseId);
KieSession ksession = kc.newKieSession();
ksession.fireAllRules();
Assert.fail("The security policy for the rule should have prevented this from executing...");
} catch (PropertyAccessException e) {
// weak way of testing but couldn't find a better way
if (e.toString().contains("The security policy should have prevented")) {
Assert.fail("The security policy for the rule should have prevented this from executing...");
} else {
// test succeeded
}
}
}
use of org.mvel2.tests.core.res.Foo in project drools by kiegroup.
the class SecurityPolicyTest method testUntrustedJavaSalience.
@Test
public void testUntrustedJavaSalience() throws Exception {
String drl = "package org.foo.bar\n" + "import " + MaliciousExitHelper.class.getName().replace('$', '.') + " \n" + "rule R1 dialect \"java\" salience( MaliciousExitHelper.exit() ) \n" + "when\n" + "then\n" + "end\n";
try {
KieServices ks = KieServices.Factory.get();
KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
ks.newKieBuilder(kfs).buildAll();
ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
KieContainer kc = ks.newKieContainer(releaseId);
KieSession ksession = kc.newKieSession();
ksession.fireAllRules();
Assert.fail("The security policy for the rule should have prevented this from executing...");
} catch (ShouldHavePrevented e) {
Assert.fail("The security policy for the rule should have prevented this from executing...");
} catch (Exception e) {
// test succeeded. the policy in place prevented the rule from executing the System.exit().
}
}
use of org.mvel2.tests.core.res.Foo in project drools by kiegroup.
the class SecurityPolicyTest method testSerializationUntrustedMvelConsequence.
@Test
public void testSerializationUntrustedMvelConsequence() throws Exception {
String drl = "package org.foo.bar\n" + "rule R1 dialect \"mvel\" when\n" + "then\n" + " System.exit(0);" + "end\n";
try {
KieServices ks = KieServices.Factory.get();
KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
ks.newKieBuilder(kfs).buildAll();
ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
KieContainer kc = ks.newKieContainer(releaseId);
KieBase kbase = kc.getKieBase();
kbase = SerializationHelper.serializeObject(kbase);
} catch (Exception e) {
e.printStackTrace();
Assert.fail(e.toString());
// test succeeded. the policy in place prevented the rule from executing the System.exit().
}
}
Aggregations