Example usage for jdk.nashorn.api.scripting ClassFilter ClassFilter

List of usage examples for jdk.nashorn.api.scripting ClassFilter ClassFilter

  1. HOME
  2. Java
  3. jdk.nashorn
  4. jdk.nashorn.api.scripting.*
  5. ClassFilter
  6. ClassFilter

Introduction

In this page you can find the example usage for jdk.nashorn.api.scripting ClassFilter ClassFilter.

Prototype

ClassFilter

Source Link

Usage

From source file:at.tfr.sec.TestNashornSecurity.java

License:Open Source License

@Test
public void testClassFilter() throws Exception {

    // Given: ScriptEngine with ClassFilter
    final ScriptEngine engine = engineFactory.getScriptEngine(new ClassFilter() {

        @Override/*from   w  w  w.  j  av a2s.  c o  m*/
        public boolean exposeToScripts(String string) {
            if (string.startsWith("java.lang")) {
                wasAskedForJavaLang.set(true);
                return false;
            }
            return true;
        }
    });

    exceptionRule.expect(RuntimeException.class);
    exceptionRule.expectCause(CoreMatchers.isA(Exception.class));

    // When: call script with Java.type(String) access
    engine.eval(scriptCheckStringAccess);

    // Then RuntimeException - ClassNotFoundException
    Assert.assertTrue("ClassFilter failed on indirect access to java.lang.String", wasAskedForJavaLang.get());
}

From source file:at.tfr.sec.TestNashornSecurity.java

License:Open Source License

@Test
public void testClassFilterImplicitAccess() throws Exception {

    // Given: ScriptEngine with ClassFilter
    final ScriptEngine engine = engineFactory.getScriptEngine(new ClassFilter() {

        @Override/* w ww.j  ava2 s  .  c o  m*/
        public boolean exposeToScripts(String string) {
            if (string.startsWith("java.lang")) {
                wasAskedForJavaLang.set(true);
                return false;
            }
            return true;
        }
    });

    exceptionRule.expect(CoreMatchers.isA(RuntimeException.class));
    exceptionRule.expectCause(CoreMatchers.isA(ClassNotFoundException.class));

    // When: call Script with indirect access to class String:
    engine.eval(scriptCheckHolderAccess);

    // Then: ClassNotFound Exception - because ClassFilter should filter "java.lang" ??
    // Will it??
    Assert.assertTrue("ClassFilter failed on indirect access to java.lang.String", wasAskedForJavaLang.get());
}

From source file:at.tfr.sec.TestNashornSecurity.java

License:Open Source License

@Test
public void testClassFilterFileSystemAccessForJavaNio() throws Exception {

    // Given: ScriptEngine with ClassFilter
    final ScriptEngine engine = engineFactory.getScriptEngine(new ClassFilter() {

        @Override/*from  www  . j a  v a 2s . co  m*/
        public boolean exposeToScripts(String string) {
            if (string.startsWith("java.nio")) {
                wasAskedForJavaIO.set(true); // just to make sure, Filter was called!!
            }
            return true;
        }
    });

    // When: call Script with indirect access to class String:
    engine.eval(scriptCheckFileAccess);

    // Then: ClassFilter was called and could have checked access
    Assert.assertTrue("ClassFilter had no chance to filter for java.io.File", wasAskedForJavaIO.get());
}

From source file:at.tfr.sec.TestNashornSecurity.java

License:Open Source License

@Test
public void testClassFilterFileSystemAccess() throws Exception {

    // Given: ScriptEngine with ClassFilter
    final ScriptEngine engine = engineFactory.getScriptEngine(new ClassFilter() {

        @Override//from  ww w  .j a v  a2s .c  om
        public boolean exposeToScripts(String string) {
            if (string.startsWith("java.io")) {
                wasAskedForJavaIO.set(true);
                return false;
            }
            return true;
        }
    });

    exceptionRule.expect(CoreMatchers.isA(RuntimeException.class));
    exceptionRule.expectCause(CoreMatchers.isA(ClassNotFoundException.class));

    // When: call Script with indirect access to class String:
    engine.eval(scriptCheckFileAccess);

    // Then: ClassNotFound Exception - because ClassFilter should filter "java.io" ??
    // Will it??
    Assert.assertTrue("ClassFilter failed on indirect access to java.io.File", wasAskedForJavaIO.get());
}

From source file:org.wicketstuff.nashorn.resource.NashornResource.java

License:Apache License

/**
 * Ensure that the given script is going to be safe. Safe because of endless loops for example.
 * // w ww .  j  a  va2  s .  com
 * @param script
 *            the script to be make safe
 * @param attributes
 *            the attributes
 * @return the safe script
 * @throws Exception
 *             if an error occured while making the script safe
 */
private String ensureSafetyScript(String script, Attributes attributes) throws Exception {
    ClassFilter classFilter = new ClassFilter() {
        @Override
        public boolean exposeToScripts(String arg0) {
            return true;
        }
    };
    NashornScriptCallable nashornScriptCallable = new NashornScriptCallable(
            getScriptByName(NashornResource.class.getSimpleName() + ".js"), attributes, classFilter,
            getWriter(), getErrorWriter()) {
        @Override
        protected void setup(Attributes attributes, Bindings bindings) {
            bindings.put("script", script);
            bindings.put("debug", isDebug());
            bindings.put("debug_log_prefix", NashornResource.class.getSimpleName() + " - ");
        }
    };
    return executeScript(nashornScriptCallable, false).toString();
}

From source file:org.wicketstuff.nashorn.resource.NashornResource.java

License:Apache License

/**
 * Gets the class filter to apply to the scripting engine
 * // www .  j  a  v a 2s.c  om
 * @return the class filter to apply to the scripting engine
 */
protected ClassFilter getClassFilter() {
    // default is to allow nothing!
    return new ClassFilter() {
        @Override
        public boolean exposeToScripts(String name) {
            return false;
        }
    };
}