use of org.mvel2.tests.core.res.Foo in project drools by kiegroup.
the class SecurityPolicyTest method testAccumulateFunctionMVEL.
@Test
public void testAccumulateFunctionMVEL() throws Exception {
String drl = "package org.foo.bar\n" + "import " + MaliciousExitHelper.class.getName().replace('$', '.') + " \n" + "rule testRule dialect \"mvel\" \n" + " when\n" + " Number() from accumulate(Object(), " + " sum(MaliciousExitHelper.exit()))\n" + " then\n" + "end";
try {
KieServices ks = KieServices.Factory.get();
KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
ks.newKieBuilder(kfs).buildAll();
ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
KieContainer kc = ks.newKieContainer(releaseId);
KieSession ksession = kc.newKieSession();
ksession.insert("foo");
ksession.fireAllRules();
Assert.fail("The security policy for the rule should have prevented this from executing...");
} catch (PropertyAccessException e) {
// weak way of testing but couldn't find a better way
if (e.toString().contains("The security policy should have prevented")) {
Assert.fail("The security policy for the rule should have prevented this from executing...");
} else {
// test succeeded
}
} catch (Exception e) {
if (e.toString().contains("access denied (\"java.lang.RuntimePermission\" \"exitVM.0\")")) {
// test succeeded
} else {
throw e;
}
}
}
use of org.mvel2.tests.core.res.Foo in project drools by kiegroup.
the class SecurityPolicyTest method testCustomAccumulateMVEL.
@Test
public void testCustomAccumulateMVEL() throws Exception {
String drl = "package org.foo.bar\n" + "rule testRule dialect \"mvel\" \n" + " when\n" + " Number() from accumulate(Object(), " + " init(System.exit(-1);), " + " action(System.exit(-1);), " + " reverse(System.exit(-1);), " + " result(0))\n" + " then\n" + "end";
try {
KieServices ks = KieServices.Factory.get();
KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
ks.newKieBuilder(kfs).buildAll();
ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
KieContainer kc = ks.newKieContainer(releaseId);
KieSession ksession = kc.newKieSession();
ksession.fireAllRules();
Assert.fail("The security policy for the rule should have prevented this from executing...");
} catch (PropertyAccessException e) {
// weak way of testing but couldn't find a better way
if (e.toString().contains("The security policy should have prevented")) {
Assert.fail("The security policy for the rule should have prevented this from executing...");
} else {
// test succeeded
}
} catch (Exception e) {
if (e.toString().contains("access denied (\"java.lang.RuntimePermission\" \"exitVM.-1\")")) {
// test succeeded
} else {
throw e;
}
}
}
use of org.mvel2.tests.core.res.Foo in project drools by kiegroup.
the class SecurityPolicyTest method testAccumulateFunctionJava.
@Test
public void testAccumulateFunctionJava() throws Exception {
String drl = "package org.foo.bar\n" + "import " + MaliciousExitHelper.class.getName().replace('$', '.') + " \n" + "rule testRule dialect \"java\" \n" + " when\n" + " Number() from accumulate(Object(), " + " sum(MaliciousExitHelper.exit()))\n" + " then\n" + "end";
try {
KieServices ks = KieServices.Factory.get();
KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
ks.newKieBuilder(kfs).buildAll();
ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
KieContainer kc = ks.newKieContainer(releaseId);
KieSession ksession = kc.newKieSession();
ksession.insert("foo");
ksession.fireAllRules();
Assert.fail("The security policy for the rule should have prevented this from executing...");
} catch (PropertyAccessException e) {
// weak way of testing but couldn't find a better way
if (e.toString().contains("The security policy should have prevented")) {
Assert.fail("The security policy for the rule should have prevented this from executing...");
} else {
// test succeeded
}
} catch (Exception e) {
if (e.toString().contains("access denied (\"java.lang.RuntimePermission\" \"exitVM.0\")")) {
// test succeeded
} else {
throw e;
}
}
}
use of org.mvel2.tests.core.res.Foo in project drools by kiegroup.
the class SecurityPolicyTest method testCustomAccumulate.
@Test
public void testCustomAccumulate() throws Exception {
String drl = "package org.foo.bar\n" + "rule testRule\n" + " when\n" + " Number() from accumulate(Object(), " + " init(System.exit(-1);), " + " action(System.exit(-1);), " + " reverse(System.exit(-1);), " + " result(0))\n" + " then\n" + "end";
try {
KieServices ks = KieServices.Factory.get();
KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()).setSourcePath("org/foo/bar/r1.drl"));
ks.newKieBuilder(kfs).buildAll();
ReleaseId releaseId = ks.getRepository().getDefaultReleaseId();
KieContainer kc = ks.newKieContainer(releaseId);
KieSession ksession = kc.newKieSession();
ksession.fireAllRules();
Assert.fail("The security policy for the rule should have prevented this from executing...");
} catch (ShouldHavePrevented e) {
Assert.fail("The security policy for the rule should have prevented this from executing...");
} catch (Exception e) {
// test succeeded. the policy in place prevented the rule from executing the System.exit().
}
}
use of org.mvel2.tests.core.res.Foo in project mvel by mikebrock.
the class IndexedVariablesTests method testVariableInjection1.
public void testVariableInjection1() {
String[] varNames = { "x", "y", "z" };
Object[] values = { 10, 20, 30 };
String expr = "foo = -1; res = x + y + z;\n" + "if (x > 9) {\n" + " res = z - y - x;\n" + " int k = 5;\n" + " foo = k;" + "}; \n" + "for (i = 0; i < 5000; i++) { foo++; }; foo;";
ParserContext ctx = ParserContext.create();
ctx.addIndexedInput(varNames);
ctx.setIndexAllocation(true);
SharedVariableSpaceModel model = VariableSpaceCompiler.compileShared(expr, ctx, values);
Serializable indexCompile = MVEL.compileExpression(expr, ctx);
Serializable dynamicCompile = MVEL.compileExpression(expr, ParserContext.create());
Map<String, Object> map = new HashMap<String, Object>();
map.put("x", 10);
map.put("y", 20);
map.put("z", 30);
assertEquals(MVEL.executeExpression(dynamicCompile, map), MVEL.executeExpression(indexCompile, model.createFactory()));
//
// for (int x = 0; x < 10; x++) {
// long tm = System.currentTimeMillis();
// for (int i = 0; i < 10000; i++) {
// MVEL.executeExpression(indexCompile, model.createFactory());
// }
// tm = System.currentTimeMillis() - tm;
// System.out.println("(StaticInjection (ms): " + tm + ")");
//
// tm = System.currentTimeMillis();
// Map<String, Object> map = new HashMap<String, Object>();
// map.put("x", 10);
// map.put("y", 20);
// map.put("z", 30);
//
// MapVariableResolverFactory factory = new MapVariableResolverFactory(map);
// for (int i = 0; i < 10000; i++) {
// MVEL.executeExpression(dynamicCompile, factory);
// }
// tm = System.currentTimeMillis() - tm;
// System.out.println("(MapInjection (ms): " + tm + ")");
// }
}
Aggregations