You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ja...@apache.org on 2017/10/10 23:24:56 UTC
[geode] branch develop updated: GEODE-3803: Added additional string methods to whitelist (#907)

This is an automated email from the ASF dual-hosted git repository.

jasonhuynh pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/geode.git


The following commit(s) were added to refs/heads/develop by this push:
     new 68eec80  GEODE-3803: Added additional string methods to whitelist (#907)
68eec80 is described below

commit 68eec80665d15977cf4ee2f708edf6322c382928
Author: Jason Huynh <hu...@gmail.com>
AuthorDate: Tue Oct 10 16:24:54 2017 -0700

    GEODE-3803: Added additional string methods to whitelist (#907)
---
 .../RestrictedMethodInvocationAuthorizer.java      |  29 +++
 .../RestrictedMethodInvocationAuthorizerTest.java  | 250 +++++++++++++++++++++
 2 files changed, 279 insertions(+)

diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/RestrictedMethodInvocationAuthorizer.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/RestrictedMethodInvocationAuthorizer.java
index e97fe34..b62b92d 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/query/internal/RestrictedMethodInvocationAuthorizer.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/RestrictedMethodInvocationAuthorizer.java
@@ -97,8 +97,37 @@ public class RestrictedMethodInvocationAuthorizer implements MethodInvocationAut
 
     Set<Class> stringCallers = new HashSet<>();
     stringCallers.add(String.class);
+    whiteListMap.put("charAt", stringCallers);
+    whiteListMap.put("codePointAt", stringCallers);
+    whiteListMap.put("codePointBefore", stringCallers);
+    whiteListMap.put("codePointCount", stringCallers);
+    whiteListMap.put("compareToIgnoreCase", stringCallers);
+    whiteListMap.put("concat", stringCallers);
+    whiteListMap.put("contains", stringCallers);
+    whiteListMap.put("contentEquals", stringCallers);
+    whiteListMap.put("endsWith", stringCallers);
+    whiteListMap.put("equalsIgnoreCase", stringCallers);
+    whiteListMap.put("getBytes", stringCallers);
+    whiteListMap.put("hashCode", stringCallers);
+    whiteListMap.put("indexOf", stringCallers);
+    whiteListMap.put("intern", stringCallers);
+    whiteListMap.put("isEmpty", stringCallers);
+    whiteListMap.put("lastIndexOf", stringCallers);
+    whiteListMap.put("length", stringCallers);
+    whiteListMap.put("matches", stringCallers);
+    whiteListMap.put("offsetByCodePoints", stringCallers);
+    whiteListMap.put("regionMatches", stringCallers);
+    whiteListMap.put("replace", stringCallers);
+    whiteListMap.put("replaceAll", stringCallers);
+    whiteListMap.put("replaceFirst", stringCallers);
+    whiteListMap.put("split", stringCallers);
+    whiteListMap.put("startsWith", stringCallers);
+    whiteListMap.put("substring", stringCallers);
+    whiteListMap.put("toCharArray", stringCallers);
     whiteListMap.put("toLowerCase", stringCallers);
     whiteListMap.put("toUpperCase", stringCallers);
+    whiteListMap.put("trim", stringCallers);
+
     return whiteListMap;
   }
 
diff --git a/geode-core/src/test/java/org/apache/geode/cache/query/internal/RestrictedMethodInvocationAuthorizerTest.java b/geode-core/src/test/java/org/apache/geode/cache/query/internal/RestrictedMethodInvocationAuthorizerTest.java
index 45ddf27..3169a23 100644
--- a/geode-core/src/test/java/org/apache/geode/cache/query/internal/RestrictedMethodInvocationAuthorizerTest.java
+++ b/geode-core/src/test/java/org/apache/geode/cache/query/internal/RestrictedMethodInvocationAuthorizerTest.java
@@ -21,6 +21,7 @@ import static org.junit.Assert.assertTrue;
 import java.lang.reflect.Method;
 import java.math.BigDecimal;
 import java.math.BigInteger;
+import java.nio.charset.Charset;
 import java.sql.Timestamp;
 import java.util.Date;
 import java.util.Map;
@@ -67,6 +68,249 @@ public class RestrictedMethodInvocationAuthorizerTest {
   }
 
   @Test
+  public void toCharAtOnStringObject() throws Exception {
+    Method stringMethod = String.class.getMethod("charAt", int.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void codePointAtStringObject() throws Exception {
+    Method stringMethod = String.class.getMethod("codePointAt", int.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void codePointBeforeStringObject() throws Exception {
+    Method stringMethod = String.class.getMethod("codePointBefore", int.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void codePointCountStringObject() throws Exception {
+    Method stringMethod = String.class.getMethod("codePointCount", int.class, int.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void compareToStringObject() throws Exception {
+    Method stringMethod = String.class.getMethod("compareTo", String.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void compareToIgnoreCaseStringObject() throws Exception {
+    Method stringMethod = String.class.getMethod("compareToIgnoreCase", String.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void concatStringObject() throws Exception {
+    Method stringMethod = String.class.getMethod("compareTo", String.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void containsStringObject() throws Exception {
+    Method stringMethod = String.class.getMethod("contains", CharSequence.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void contentEqualsStringObject() throws Exception {
+    Method stringMethod = String.class.getMethod("contentEquals", CharSequence.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void contentEqualsWithStringBufferStringObject() throws Exception {
+    Method stringMethod = String.class.getMethod("contentEquals", StringBuffer.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void endsWithOnStringObject() throws Exception {
+    Method stringMethod = String.class.getMethod("endsWith", String.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void equalsIgnoreCase() throws Exception {
+    Method stringMethod = String.class.getMethod("equalsIgnoreCase", String.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void getBytesOnString() throws Exception {
+    Method stringMethod = String.class.getMethod("getBytes");
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void getBytesWithCharsetOnString() throws Exception {
+    Method stringMethod = String.class.getMethod("getBytes", Charset.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void hashCodeOnStringObject() throws Exception {
+    Method stringMethod = String.class.getMethod("hashCode");
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void indexOfOnStringObject() throws Exception {
+    Method stringMethod = String.class.getMethod("indexOf", int.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void indexOfWithStringOnStringObject() throws Exception {
+    Method stringMethod = String.class.getMethod("indexOf", String.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void indexOfWithStringAndIntOnStringObject() throws Exception {
+    Method stringMethod = String.class.getMethod("indexOf", String.class, int.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void internOnStringObject() throws Exception {
+    Method stringMethod = String.class.getMethod("intern");
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void isEmpty() throws Exception {
+    Method stringMethod = String.class.getMethod("isEmpty");
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void lastIndexOfWithIntOnString() throws Exception {
+    Method stringMethod = String.class.getMethod("lastIndexOf", int.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void lastIndexOfWithIntAndFronIndexOnString() throws Exception {
+    Method stringMethod = String.class.getMethod("lastIndexOf", int.class, int.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void lastIndexOfWithStringOnString() throws Exception {
+    Method stringMethod = String.class.getMethod("lastIndexOf", String.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void lastIndexOfWithStringAndFromIndexOnString() throws Exception {
+    Method stringMethod = String.class.getMethod("lastIndexOf", String.class, int.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void lengthOnString() throws Exception {
+    Method stringMethod = String.class.getMethod("length");
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void matchesOnString() throws Exception {
+    Method stringMethod = String.class.getMethod("matches", String.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void offsetByCodePointsOnString() throws Exception {
+    Method stringMethod = String.class.getMethod("offsetByCodePoints", int.class, int.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+
+  @Test
+  public void regionMatchesWith5ParamsOnString() throws Exception {
+    Method stringMethod = String.class.getMethod("regionMatches", boolean.class, int.class,
+        String.class, int.class, int.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void regionMatchesWith4ParamsOnString() throws Exception {
+    Method stringMethod =
+        String.class.getMethod("regionMatches", int.class, String.class, int.class, int.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void replaceOnString() throws Exception {
+    Method stringMethod = String.class.getMethod("replace", char.class, char.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void replaceWithCharSequenceOnString() throws Exception {
+    Method stringMethod = String.class.getMethod("replace", CharSequence.class, CharSequence.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void replaceAllOnString() throws Exception {
+    Method stringMethod = String.class.getMethod("replaceAll", String.class, String.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void replaceFirstOnString() throws Exception {
+    Method stringMethod = String.class.getMethod("replaceFirst", String.class, String.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void splitOnString() throws Exception {
+    Method stringMethod = String.class.getMethod("split", String.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void splitWithLimitOnString() throws Exception {
+    Method stringMethod = String.class.getMethod("split", String.class, int.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void startsOnString() throws Exception {
+    Method stringMethod = String.class.getMethod("startsWith", String.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void startsWithOffsetOnString() throws Exception {
+    Method stringMethod = String.class.getMethod("startsWith", String.class, int.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void substringOnString() throws Exception {
+    Method stringMethod = String.class.getMethod("substring", int.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void substringWithEndIndexOnString() throws Exception {
+    Method stringMethod = String.class.getMethod("substring", int.class, int.class);
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
+  public void toCharArrayOnString() throws Exception {
+    Method stringMethod = String.class.getMethod("toCharArray");
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
   public void toLowerCaseOnStringObject() throws Exception {
     Method stringMethod = String.class.getMethod("toLowerCase");
     assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
@@ -79,6 +323,12 @@ public class RestrictedMethodInvocationAuthorizerTest {
   }
 
   @Test
+  public void trimOnString() throws Exception {
+    Method stringMethod = String.class.getMethod("trim");
+    assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+  }
+
+  @Test
   public void utilDateAfterMethodIsWhiteListed() throws Exception {
     Method method = Date.class.getMethod("after", Date.class);
     assertTrue(methodInvocationAuthorizer.isWhitelisted(method));

-- 
To stop receiving notification emails like this one, please contact
['"commits@geode.apache.org" <co...@geode.apache.org>'].