You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by he...@apache.org on 2022/11/08 12:39:13 UTC
[commons-jexl] branch master updated (b30da121 -> 3c4c1ecd)
This is an automated email from the ASF dual-hosted git repository.
henrib pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/commons-jexl.git
from b30da121 Merge pull request #137 from apache/dependabot/maven/com.puppycrawl.tools-checkstyle-10.4
add ae76290a JEXL-381: change permissions default, update tests, add javadoc;
add 9245f2dc JEXL-381: attempt to fix cyclic permission init;
add 5e7ed3cd JEXL-381: removed unused import;
add fcc0d5f7 JEXL-381: removed unused import;
add 9083d623 JEXL-381: expose setting JexlEngine used by scripting; expose setting default JexlBuilder permissions;
add dc190a90 JEXL-381: rebased;
add 2e62ceee JEXL-381: expose setting JexlEngine used by scripting; expose setting default JexlBuilder permissions;
add 2b027b46 JEXL-381: added import/namespace pragma feature to enable/disable syntax; - added JexlUberspect#getClassByName that verifies permissions, use it when resolving namespaces; - updated restricted permissions set based on Dmitri feedback;
add eb4f860d JEXL-381: change permissions default, update tests, add javadoc;
add 3bae35a0 JEXL-381: attempt to fix cyclic permission init;
add 09079e14 JEXL-381: removed unused import;
add 66eaa30a JEXL-381: removed unused import;
add a42411b5 JEXL-381: expose setting JexlEngine used by scripting; expose setting default JexlBuilder permissions;
add 63cbdc94 JEXL-381: change permissions default, update tests, add javadoc;
add 7e814623 JEXL-381: attempt to fix cyclic permission init;
add 34cfe7b4 JEXL-381: removed unused import;
add 145fa390 JEXL-381: removed unused import;
add 2fd5464c JEXL-381: expose setting JexlEngine used by scripting; expose setting default JexlBuilder permissions;
add 65cf3e3f Merge remote-tracking branch 'origin/JEXL-381' into JEXL-381
add ed73a52c Merge branch 'master' into JEXL-381
add 81bda507 Merge remote-tracking branch 'origin/JEXL-381' into JEXL-381
add 8760868c JEXL-381: added import/namespace pragma feature to enable/disable syntax; - added JexlUberspect#getClassByName that verifies permissions, use it when resolving namespaces; - updated restricted permissions set based on Dmitri feedback;
add 241f9615 Merge remote-tracking branch 'origin/JEXL-381' into JEXL-381
new 3c4c1ecd Merge pull request #132 from apache/JEXL-381
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
pom.xml | 5 +-
.../java/org/apache/commons/jexl3/JexlBuilder.java | 86 +++++++++++++++++-----
.../org/apache/commons/jexl3/JexlFeatures.java | 85 +++++++++++++++++----
.../org/apache/commons/jexl3/internal/Engine.java | 34 ++++-----
.../jexl3/internal/introspection/Introspector.java | 16 ++--
.../jexl3/internal/introspection/Permissions.java | 4 +-
.../internal/introspection/PermissionsParser.java | 3 +
.../internal/introspection/SandboxUberspect.java | 5 ++
.../jexl3/internal/introspection/Uberspect.java | 2 +-
.../jexl3/introspection/JexlPermissions.java | 73 +++++++++++++++++-
.../commons/jexl3/introspection/JexlUberspect.java | 24 ++++--
.../apache/commons/jexl3/parser/JexlParser.java | 16 +++-
.../commons/jexl3/scripting/JexlScriptEngine.java | 72 ++++++++++++++----
.../org/apache/commons/jexl3/Issues300Test.java | 59 +++++++++++++++
.../java/org/apache/commons/jexl3/PragmaTest.java | 33 ++++++++-
.../apache/commons/jexl3/PropertyAccessTest.java | 3 +-
.../jexl3/internal/introspection/NoJexlTest.java | 7 +-
.../internal/introspection/PermissionsTest.java | 5 +-
.../commons/jexl3/introspection/SandboxTest.java | 7 +-
.../commons/jexl3/jexl342/ReferenceUberspect.java | 4 +
.../jexl3/scripting/JexlScriptEngineTest.java | 56 ++++++++++++--
21 files changed, 496 insertions(+), 103 deletions(-)
[commons-jexl] 01/01: Merge pull request #132 from apache/JEXL-381
Posted by he...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
henrib pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-jexl.git
commit 3c4c1ecdf299ee81631612735e2f4af9017e7722
Merge: b30da121 241f9615
Author: Henrib <12...@users.noreply.github.com>
AuthorDate: Tue Nov 8 13:39:08 2022 +0100
Merge pull request #132 from apache/JEXL-381
JEXL-381: Change default JEXL configuration to a more security-friendly behaviour
pom.xml | 5 +-
.../java/org/apache/commons/jexl3/JexlBuilder.java | 86 +++++++++++++++++-----
.../org/apache/commons/jexl3/JexlFeatures.java | 85 +++++++++++++++++----
.../org/apache/commons/jexl3/internal/Engine.java | 34 ++++-----
.../jexl3/internal/introspection/Introspector.java | 16 ++--
.../jexl3/internal/introspection/Permissions.java | 4 +-
.../internal/introspection/PermissionsParser.java | 3 +
.../internal/introspection/SandboxUberspect.java | 5 ++
.../jexl3/internal/introspection/Uberspect.java | 2 +-
.../jexl3/introspection/JexlPermissions.java | 73 +++++++++++++++++-
.../commons/jexl3/introspection/JexlUberspect.java | 24 ++++--
.../apache/commons/jexl3/parser/JexlParser.java | 16 +++-
.../commons/jexl3/scripting/JexlScriptEngine.java | 72 ++++++++++++++----
.../org/apache/commons/jexl3/Issues300Test.java | 59 +++++++++++++++
.../java/org/apache/commons/jexl3/PragmaTest.java | 33 ++++++++-
.../apache/commons/jexl3/PropertyAccessTest.java | 3 +-
.../jexl3/internal/introspection/NoJexlTest.java | 7 +-
.../internal/introspection/PermissionsTest.java | 5 +-
.../commons/jexl3/introspection/SandboxTest.java | 7 +-
.../commons/jexl3/jexl342/ReferenceUberspect.java | 4 +
.../jexl3/scripting/JexlScriptEngineTest.java | 56 ++++++++++++--
21 files changed, 496 insertions(+), 103 deletions(-)
diff --cc pom.xml
index d39b046b,0518be0e..5c445d37
--- a/pom.xml
+++ b/pom.xml
@@@ -52,11 -52,15 +52,15 @@@
<commons.jira.id>JEXL</commons.jira.id>
<commons.jira.pid>12310479</commons.jira.pid>
<checkstyle.plugin.version>3.2.0</checkstyle.plugin.version>
- <checkstyle.version>10.3.4</checkstyle.version>
+ <checkstyle.version>10.4</checkstyle.version>
<japicmp.skip>false</japicmp.skip>
<commons.japicmp.version>0.16.0</commons.japicmp.version>
+
+ <!-- spotbugs 4.7.2 issue #2174 generates lots of garbage during analysis -->
+
<commons.pmd.version>3.19.0</commons.pmd.version>
<commons.pmd-impl.version>6.48.0</commons.pmd-impl.version>
+
<commons.spotbugs.version>4.7.2.1</commons.spotbugs.version>
<commons.junit.version>5.9.1</commons.junit.version>