You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ja...@apache.org on 2017/10/10 23:24:56 UTC
[geode] branch develop updated: GEODE-3803: Added additional string
methods to whitelist (#907)
This is an automated email from the ASF dual-hosted git repository.
jasonhuynh pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/geode.git
The following commit(s) were added to refs/heads/develop by this push:
new 68eec80 GEODE-3803: Added additional string methods to whitelist (#907)
68eec80 is described below
commit 68eec80665d15977cf4ee2f708edf6322c382928
Author: Jason Huynh <hu...@gmail.com>
AuthorDate: Tue Oct 10 16:24:54 2017 -0700
GEODE-3803: Added additional string methods to whitelist (#907)
---
.../RestrictedMethodInvocationAuthorizer.java | 29 +++
.../RestrictedMethodInvocationAuthorizerTest.java | 250 +++++++++++++++++++++
2 files changed, 279 insertions(+)
diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/RestrictedMethodInvocationAuthorizer.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/RestrictedMethodInvocationAuthorizer.java
index e97fe34..b62b92d 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/query/internal/RestrictedMethodInvocationAuthorizer.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/RestrictedMethodInvocationAuthorizer.java
@@ -97,8 +97,37 @@ public class RestrictedMethodInvocationAuthorizer implements MethodInvocationAut
Set<Class> stringCallers = new HashSet<>();
stringCallers.add(String.class);
+ whiteListMap.put("charAt", stringCallers);
+ whiteListMap.put("codePointAt", stringCallers);
+ whiteListMap.put("codePointBefore", stringCallers);
+ whiteListMap.put("codePointCount", stringCallers);
+ whiteListMap.put("compareToIgnoreCase", stringCallers);
+ whiteListMap.put("concat", stringCallers);
+ whiteListMap.put("contains", stringCallers);
+ whiteListMap.put("contentEquals", stringCallers);
+ whiteListMap.put("endsWith", stringCallers);
+ whiteListMap.put("equalsIgnoreCase", stringCallers);
+ whiteListMap.put("getBytes", stringCallers);
+ whiteListMap.put("hashCode", stringCallers);
+ whiteListMap.put("indexOf", stringCallers);
+ whiteListMap.put("intern", stringCallers);
+ whiteListMap.put("isEmpty", stringCallers);
+ whiteListMap.put("lastIndexOf", stringCallers);
+ whiteListMap.put("length", stringCallers);
+ whiteListMap.put("matches", stringCallers);
+ whiteListMap.put("offsetByCodePoints", stringCallers);
+ whiteListMap.put("regionMatches", stringCallers);
+ whiteListMap.put("replace", stringCallers);
+ whiteListMap.put("replaceAll", stringCallers);
+ whiteListMap.put("replaceFirst", stringCallers);
+ whiteListMap.put("split", stringCallers);
+ whiteListMap.put("startsWith", stringCallers);
+ whiteListMap.put("substring", stringCallers);
+ whiteListMap.put("toCharArray", stringCallers);
whiteListMap.put("toLowerCase", stringCallers);
whiteListMap.put("toUpperCase", stringCallers);
+ whiteListMap.put("trim", stringCallers);
+
return whiteListMap;
}
diff --git a/geode-core/src/test/java/org/apache/geode/cache/query/internal/RestrictedMethodInvocationAuthorizerTest.java b/geode-core/src/test/java/org/apache/geode/cache/query/internal/RestrictedMethodInvocationAuthorizerTest.java
index 45ddf27..3169a23 100644
--- a/geode-core/src/test/java/org/apache/geode/cache/query/internal/RestrictedMethodInvocationAuthorizerTest.java
+++ b/geode-core/src/test/java/org/apache/geode/cache/query/internal/RestrictedMethodInvocationAuthorizerTest.java
@@ -21,6 +21,7 @@ import static org.junit.Assert.assertTrue;
import java.lang.reflect.Method;
import java.math.BigDecimal;
import java.math.BigInteger;
+import java.nio.charset.Charset;
import java.sql.Timestamp;
import java.util.Date;
import java.util.Map;
@@ -67,6 +68,249 @@ public class RestrictedMethodInvocationAuthorizerTest {
}
@Test
+ public void toCharAtOnStringObject() throws Exception {
+ Method stringMethod = String.class.getMethod("charAt", int.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void codePointAtStringObject() throws Exception {
+ Method stringMethod = String.class.getMethod("codePointAt", int.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void codePointBeforeStringObject() throws Exception {
+ Method stringMethod = String.class.getMethod("codePointBefore", int.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void codePointCountStringObject() throws Exception {
+ Method stringMethod = String.class.getMethod("codePointCount", int.class, int.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void compareToStringObject() throws Exception {
+ Method stringMethod = String.class.getMethod("compareTo", String.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void compareToIgnoreCaseStringObject() throws Exception {
+ Method stringMethod = String.class.getMethod("compareToIgnoreCase", String.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void concatStringObject() throws Exception {
+ Method stringMethod = String.class.getMethod("compareTo", String.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void containsStringObject() throws Exception {
+ Method stringMethod = String.class.getMethod("contains", CharSequence.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void contentEqualsStringObject() throws Exception {
+ Method stringMethod = String.class.getMethod("contentEquals", CharSequence.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void contentEqualsWithStringBufferStringObject() throws Exception {
+ Method stringMethod = String.class.getMethod("contentEquals", StringBuffer.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void endsWithOnStringObject() throws Exception {
+ Method stringMethod = String.class.getMethod("endsWith", String.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void equalsIgnoreCase() throws Exception {
+ Method stringMethod = String.class.getMethod("equalsIgnoreCase", String.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void getBytesOnString() throws Exception {
+ Method stringMethod = String.class.getMethod("getBytes");
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void getBytesWithCharsetOnString() throws Exception {
+ Method stringMethod = String.class.getMethod("getBytes", Charset.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void hashCodeOnStringObject() throws Exception {
+ Method stringMethod = String.class.getMethod("hashCode");
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void indexOfOnStringObject() throws Exception {
+ Method stringMethod = String.class.getMethod("indexOf", int.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void indexOfWithStringOnStringObject() throws Exception {
+ Method stringMethod = String.class.getMethod("indexOf", String.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void indexOfWithStringAndIntOnStringObject() throws Exception {
+ Method stringMethod = String.class.getMethod("indexOf", String.class, int.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void internOnStringObject() throws Exception {
+ Method stringMethod = String.class.getMethod("intern");
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void isEmpty() throws Exception {
+ Method stringMethod = String.class.getMethod("isEmpty");
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void lastIndexOfWithIntOnString() throws Exception {
+ Method stringMethod = String.class.getMethod("lastIndexOf", int.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void lastIndexOfWithIntAndFronIndexOnString() throws Exception {
+ Method stringMethod = String.class.getMethod("lastIndexOf", int.class, int.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void lastIndexOfWithStringOnString() throws Exception {
+ Method stringMethod = String.class.getMethod("lastIndexOf", String.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void lastIndexOfWithStringAndFromIndexOnString() throws Exception {
+ Method stringMethod = String.class.getMethod("lastIndexOf", String.class, int.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void lengthOnString() throws Exception {
+ Method stringMethod = String.class.getMethod("length");
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void matchesOnString() throws Exception {
+ Method stringMethod = String.class.getMethod("matches", String.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void offsetByCodePointsOnString() throws Exception {
+ Method stringMethod = String.class.getMethod("offsetByCodePoints", int.class, int.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+
+ @Test
+ public void regionMatchesWith5ParamsOnString() throws Exception {
+ Method stringMethod = String.class.getMethod("regionMatches", boolean.class, int.class,
+ String.class, int.class, int.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void regionMatchesWith4ParamsOnString() throws Exception {
+ Method stringMethod =
+ String.class.getMethod("regionMatches", int.class, String.class, int.class, int.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void replaceOnString() throws Exception {
+ Method stringMethod = String.class.getMethod("replace", char.class, char.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void replaceWithCharSequenceOnString() throws Exception {
+ Method stringMethod = String.class.getMethod("replace", CharSequence.class, CharSequence.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void replaceAllOnString() throws Exception {
+ Method stringMethod = String.class.getMethod("replaceAll", String.class, String.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void replaceFirstOnString() throws Exception {
+ Method stringMethod = String.class.getMethod("replaceFirst", String.class, String.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void splitOnString() throws Exception {
+ Method stringMethod = String.class.getMethod("split", String.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void splitWithLimitOnString() throws Exception {
+ Method stringMethod = String.class.getMethod("split", String.class, int.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void startsOnString() throws Exception {
+ Method stringMethod = String.class.getMethod("startsWith", String.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void startsWithOffsetOnString() throws Exception {
+ Method stringMethod = String.class.getMethod("startsWith", String.class, int.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void substringOnString() throws Exception {
+ Method stringMethod = String.class.getMethod("substring", int.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void substringWithEndIndexOnString() throws Exception {
+ Method stringMethod = String.class.getMethod("substring", int.class, int.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
+ public void toCharArrayOnString() throws Exception {
+ Method stringMethod = String.class.getMethod("toCharArray");
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
public void toLowerCaseOnStringObject() throws Exception {
Method stringMethod = String.class.getMethod("toLowerCase");
assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
@@ -79,6 +323,12 @@ public class RestrictedMethodInvocationAuthorizerTest {
}
@Test
+ public void trimOnString() throws Exception {
+ Method stringMethod = String.class.getMethod("trim");
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
+ }
+
+ @Test
public void utilDateAfterMethodIsWhiteListed() throws Exception {
Method method = Date.class.getMethod("after", Date.class);
assertTrue(methodInvocationAuthorizer.isWhitelisted(method));
--
To stop receiving notification emails like this one, please contact
['"commits@geode.apache.org" <co...@geode.apache.org>'].