You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@unomi.apache.org by sh...@apache.org on 2020/08/18 11:20:44 UTC
[unomi] branch improve-scripting-security updated (904c284 ->
3bba224)
This is an automated email from the ASF dual-hosted git repository.
shuber pushed a change to branch improve-scripting-security
in repository https://gitbox.apache.org/repos/asf/unomi.git.
from 904c284 Fix bug in sanitizing code
add 3bba224 New scripting execution sub-system: - Allow-listing of allowed expressions - Plugins may deployed their own allow-lists using JSON files - OGNL scripting is now deactivated by default - Minimal list of built-in MVEL allowed patterns
No new revisions were added by this update.
Summary of changes:
common/pom.xml | 5 -
.../org/apache/unomi/common/ExpressionFilter.java | 94 ----------
kar/pom.xml | 5 +
kar/src/main/feature/feature.xml | 1 +
persistence-elasticsearch/core/pom.xml | 7 +
.../conditions/ConditionContextHelper.java | 21 +--
.../ConditionESQueryBuilderDispatcher.java | 10 +-
.../conditions/ConditionEvaluatorDispatcher.java | 8 +-
.../resources/OSGI-INF/blueprint/blueprint.xml | 3 +
plugins/baseplugin/pom.xml | 6 +
.../PastEventConditionESQueryBuilder.java | 8 +-
.../conditions/PastEventConditionEvaluator.java | 9 +-
.../conditions/PropertyConditionEvaluator.java | 34 +++-
.../resources/META-INF/cxs/expressions/mvel.json | 13 ++
.../resources/OSGI-INF/blueprint/blueprint.xml | 3 +
.../conditions/PropertyConditionEvaluatorTest.java | 25 +++
pom.xml | 3 +-
{common => scripting}/pom.xml | 36 ++--
.../apache/unomi/scripting/ExpressionFilter.java | 59 +++++++
.../unomi/scripting/ExpressionFilterFactory.java | 19 +--
.../unomi/scripting}/MvelScriptExecutor.java | 19 ++-
.../apache/unomi/scripting}/ScriptExecutor.java | 2 +-
.../scripting}/SecureFilteringClassLoader.java | 2 +-
.../internal/ExpressionFilterFactoryImpl.java | 190 +++++++++++++++++++++
.../resources/META-INF/cxs/expressions/mvel.json | 1 +
.../resources/META-INF/cxs/expressions/ognl.json | 1 +
.../resources/OSGI-INF/blueprint/blueprint.xml | 29 ++--
.../unomi/scripting}/MvelScriptExecutorTest.java | 33 +++-
services/pom.xml | 7 +
.../services/actions/ActionExecutorDispatcher.java | 9 +-
.../resources/OSGI-INF/blueprint/blueprint.xml | 2 +
.../resources/OSGI-INF/blueprint/blueprint.xml | 1 +
.../java/org/apache/unomi/web/ContextServlet.java | 22 ++-
33 files changed, 499 insertions(+), 188 deletions(-)
delete mode 100644 common/src/main/java/org/apache/unomi/common/ExpressionFilter.java
create mode 100644 plugins/baseplugin/src/main/resources/META-INF/cxs/expressions/mvel.json
copy {common => scripting}/pom.xml (81%)
create mode 100644 scripting/src/main/java/org/apache/unomi/scripting/ExpressionFilter.java
copy api/src/main/java/org/apache/unomi/api/TimestampedItem.java => scripting/src/main/java/org/apache/unomi/scripting/ExpressionFilterFactory.java (60%)
rename {common/src/main/java/org/apache/unomi/common => scripting/src/main/java/org/apache/unomi/scripting}/MvelScriptExecutor.java (83%)
rename {common/src/main/java/org/apache/unomi/common => scripting/src/main/java/org/apache/unomi/scripting}/ScriptExecutor.java (96%)
rename {common/src/main/java/org/apache/unomi/common => scripting/src/main/java/org/apache/unomi/scripting}/SecureFilteringClassLoader.java (99%)
create mode 100644 scripting/src/main/java/org/apache/unomi/scripting/internal/ExpressionFilterFactoryImpl.java
create mode 100644 scripting/src/main/resources/META-INF/cxs/expressions/mvel.json
create mode 100644 scripting/src/main/resources/META-INF/cxs/expressions/ognl.json
copy {lifecycle-watcher => scripting}/src/main/resources/OSGI-INF/blueprint/blueprint.xml (62%)
rename {common/src/test/java/org/apache/unomi/common => scripting/src/test/java/org/apache/unomi/scripting}/MvelScriptExecutorTest.java (78%)