You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by he...@apache.org on 2022/11/08 12:39:14 UTC
[commons-jexl] 01/01: Merge pull request #132 from apache/JEXL-381
This is an automated email from the ASF dual-hosted git repository.
henrib pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-jexl.git
commit 3c4c1ecdf299ee81631612735e2f4af9017e7722
Merge: b30da121 241f9615
Author: Henrib <12...@users.noreply.github.com>
AuthorDate: Tue Nov 8 13:39:08 2022 +0100
Merge pull request #132 from apache/JEXL-381
JEXL-381: Change default JEXL configuration to a more security-friendly behaviour
pom.xml | 5 +-
.../java/org/apache/commons/jexl3/JexlBuilder.java | 86 +++++++++++++++++-----
.../org/apache/commons/jexl3/JexlFeatures.java | 85 +++++++++++++++++----
.../org/apache/commons/jexl3/internal/Engine.java | 34 ++++-----
.../jexl3/internal/introspection/Introspector.java | 16 ++--
.../jexl3/internal/introspection/Permissions.java | 4 +-
.../internal/introspection/PermissionsParser.java | 3 +
.../internal/introspection/SandboxUberspect.java | 5 ++
.../jexl3/internal/introspection/Uberspect.java | 2 +-
.../jexl3/introspection/JexlPermissions.java | 73 +++++++++++++++++-
.../commons/jexl3/introspection/JexlUberspect.java | 24 ++++--
.../apache/commons/jexl3/parser/JexlParser.java | 16 +++-
.../commons/jexl3/scripting/JexlScriptEngine.java | 72 ++++++++++++++----
.../org/apache/commons/jexl3/Issues300Test.java | 59 +++++++++++++++
.../java/org/apache/commons/jexl3/PragmaTest.java | 33 ++++++++-
.../apache/commons/jexl3/PropertyAccessTest.java | 3 +-
.../jexl3/internal/introspection/NoJexlTest.java | 7 +-
.../internal/introspection/PermissionsTest.java | 5 +-
.../commons/jexl3/introspection/SandboxTest.java | 7 +-
.../commons/jexl3/jexl342/ReferenceUberspect.java | 4 +
.../jexl3/scripting/JexlScriptEngineTest.java | 56 ++++++++++++--
21 files changed, 496 insertions(+), 103 deletions(-)
diff --cc pom.xml
index d39b046b,0518be0e..5c445d37
--- a/pom.xml
+++ b/pom.xml
@@@ -52,11 -52,15 +52,15 @@@
<commons.jira.id>JEXL</commons.jira.id>
<commons.jira.pid>12310479</commons.jira.pid>
<checkstyle.plugin.version>3.2.0</checkstyle.plugin.version>
- <checkstyle.version>10.3.4</checkstyle.version>
+ <checkstyle.version>10.4</checkstyle.version>
<japicmp.skip>false</japicmp.skip>
<commons.japicmp.version>0.16.0</commons.japicmp.version>
+
+ <!-- spotbugs 4.7.2 issue #2174 generates lots of garbage during analysis -->
+
<commons.pmd.version>3.19.0</commons.pmd.version>
<commons.pmd-impl.version>6.48.0</commons.pmd-impl.version>
+
<commons.spotbugs.version>4.7.2.1</commons.spotbugs.version>
<commons.junit.version>5.9.1</commons.junit.version>