Example usage for jdk.nashorn.api.scripting ClassFilter ClassFilter

List of usage examples for jdk.nashorn.api.scripting ClassFilter ClassFilter

Introduction

In this page you can find the example usage for jdk.nashorn.api.scripting ClassFilter ClassFilter.

Prototype

ClassFilter

Source Link

Usage

From source file:at.tfr.sec.TestNashornSecurity.java

License:Open Source License

@Test
public void testClassFilter() throws Exception {

    // Given: ScriptEngine with ClassFilter
    final ScriptEngine engine = engineFactory.getScriptEngine(new ClassFilter() {

        @Override/*from   w  w  w.  j  av a2s.  c o  m*/
        public boolean exposeToScripts(String string) {
            if (string.startsWith("java.lang")) {
                wasAskedForJavaLang.set(true);
                return false;
            }
            return true;
        }
    });

    exceptionRule.expect(RuntimeException.class);
    exceptionRule.expectCause(CoreMatchers.isA(Exception.class));

    // When: call script with Java.type(String) access
    engine.eval(scriptCheckStringAccess);

    // Then RuntimeException - ClassNotFoundException
    Assert.assertTrue("ClassFilter failed on indirect access to java.lang.String", wasAskedForJavaLang.get());
}

From source file:at.tfr.sec.TestNashornSecurity.java

License:Open Source License

@Test
public void testClassFilterImplicitAccess() throws Exception {

    // Given: ScriptEngine with ClassFilter
    final ScriptEngine engine = engineFactory.getScriptEngine(new ClassFilter() {

        @Override/* w ww.j  ava2 s  .  c o  m*/
        public boolean exposeToScripts(String string) {
            if (string.startsWith("java.lang")) {
                wasAskedForJavaLang.set(true);
                return false;
            }
            return true;
        }
    });

    exceptionRule.expect(CoreMatchers.isA(RuntimeException.class));
    exceptionRule.expectCause(CoreMatchers.isA(ClassNotFoundException.class));

    // When: call Script with indirect access to class String:
    engine.eval(scriptCheckHolderAccess);

    // Then: ClassNotFound Exception - because ClassFilter should filter "java.lang" ??
    // Will it??
    Assert.assertTrue("ClassFilter failed on indirect access to java.lang.String", wasAskedForJavaLang.get());
}

From source file:at.tfr.sec.TestNashornSecurity.java

License:Open Source License

@Test
public void testClassFilterFileSystemAccessForJavaNio() throws Exception {

    // Given: ScriptEngine with ClassFilter
    final ScriptEngine engine = engineFactory.getScriptEngine(new ClassFilter() {

        @Override/*from  www  . j a  v a 2s . co  m*/
        public boolean exposeToScripts(String string) {
            if (string.startsWith("java.nio")) {
                wasAskedForJavaIO.set(true); // just to make sure, Filter was called!!
            }
            return true;
        }
    });

    // When: call Script with indirect access to class String:
    engine.eval(scriptCheckFileAccess);

    // Then: ClassFilter was called and could have checked access
    Assert.assertTrue("ClassFilter had no chance to filter for java.io.File", wasAskedForJavaIO.get());
}

From source file:at.tfr.sec.TestNashornSecurity.java

License:Open Source License

@Test
public void testClassFilterFileSystemAccess() throws Exception {

    // Given: ScriptEngine with ClassFilter
    final ScriptEngine engine = engineFactory.getScriptEngine(new ClassFilter() {

        @Override//from  ww w  .j a v  a2s .c  om
        public boolean exposeToScripts(String string) {
            if (string.startsWith("java.io")) {
                wasAskedForJavaIO.set(true);
                return false;
            }
            return true;
        }
    });

    exceptionRule.expect(CoreMatchers.isA(RuntimeException.class));
    exceptionRule.expectCause(CoreMatchers.isA(ClassNotFoundException.class));

    // When: call Script with indirect access to class String:
    engine.eval(scriptCheckFileAccess);

    // Then: ClassNotFound Exception - because ClassFilter should filter "java.io" ??
    // Will it??
    Assert.assertTrue("ClassFilter failed on indirect access to java.io.File", wasAskedForJavaIO.get());
}

From source file:org.wicketstuff.nashorn.resource.NashornResource.java

License:Apache License

/**
 * Ensure that the given script is going to be safe. Safe because of endless loops for example.
 * // w ww .  j  a  va2  s .  com
 * @param script
 *            the script to be make safe
 * @param attributes
 *            the attributes
 * @return the safe script
 * @throws Exception
 *             if an error occured while making the script safe
 */
private String ensureSafetyScript(String script, Attributes attributes) throws Exception {
    ClassFilter classFilter = new ClassFilter() {
        @Override
        public boolean exposeToScripts(String arg0) {
            return true;
        }
    };
    NashornScriptCallable nashornScriptCallable = new NashornScriptCallable(
            getScriptByName(NashornResource.class.getSimpleName() + ".js"), attributes, classFilter,
            getWriter(), getErrorWriter()) {
        @Override
        protected void setup(Attributes attributes, Bindings bindings) {
            bindings.put("script", script);
            bindings.put("debug", isDebug());
            bindings.put("debug_log_prefix", NashornResource.class.getSimpleName() + " - ");
        }
    };
    return executeScript(nashornScriptCallable, false).toString();
}

From source file:org.wicketstuff.nashorn.resource.NashornResource.java

License:Apache License

/**
 * Gets the class filter to apply to the scripting engine
 * // www .  j  a  v a 2s.c  om
 * @return the class filter to apply to the scripting engine
 */
protected ClassFilter getClassFilter() {
    // default is to allow nothing!
    return new ClassFilter() {
        @Override
        public boolean exposeToScripts(String name) {
            return false;
        }
    };
}