You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by he...@apache.org on 2022/11/08 12:39:14 UTC

[commons-jexl] 01/01: Merge pull request #132 from apache/JEXL-381

This is an automated email from the ASF dual-hosted git repository.

henrib pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-jexl.git

commit 3c4c1ecdf299ee81631612735e2f4af9017e7722
Merge: b30da121 241f9615
Author: Henrib <12...@users.noreply.github.com>
AuthorDate: Tue Nov 8 13:39:08 2022 +0100

    Merge pull request #132 from apache/JEXL-381
    
    JEXL-381: Change default JEXL configuration to a more security-friendly behaviour

 pom.xml                                            |  5 +-
 .../java/org/apache/commons/jexl3/JexlBuilder.java | 86 +++++++++++++++++-----
 .../org/apache/commons/jexl3/JexlFeatures.java     | 85 +++++++++++++++++----
 .../org/apache/commons/jexl3/internal/Engine.java  | 34 ++++-----
 .../jexl3/internal/introspection/Introspector.java | 16 ++--
 .../jexl3/internal/introspection/Permissions.java  |  4 +-
 .../internal/introspection/PermissionsParser.java  |  3 +
 .../internal/introspection/SandboxUberspect.java   |  5 ++
 .../jexl3/internal/introspection/Uberspect.java    |  2 +-
 .../jexl3/introspection/JexlPermissions.java       | 73 +++++++++++++++++-
 .../commons/jexl3/introspection/JexlUberspect.java | 24 ++++--
 .../apache/commons/jexl3/parser/JexlParser.java    | 16 +++-
 .../commons/jexl3/scripting/JexlScriptEngine.java  | 72 ++++++++++++++----
 .../org/apache/commons/jexl3/Issues300Test.java    | 59 +++++++++++++++
 .../java/org/apache/commons/jexl3/PragmaTest.java  | 33 ++++++++-
 .../apache/commons/jexl3/PropertyAccessTest.java   |  3 +-
 .../jexl3/internal/introspection/NoJexlTest.java   |  7 +-
 .../internal/introspection/PermissionsTest.java    |  5 +-
 .../commons/jexl3/introspection/SandboxTest.java   |  7 +-
 .../commons/jexl3/jexl342/ReferenceUberspect.java  |  4 +
 .../jexl3/scripting/JexlScriptEngineTest.java      | 56 ++++++++++++--
 21 files changed, 496 insertions(+), 103 deletions(-)

diff --cc pom.xml
index d39b046b,0518be0e..5c445d37
--- a/pom.xml
+++ b/pom.xml
@@@ -52,11 -52,15 +52,15 @@@
          <commons.jira.id>JEXL</commons.jira.id>
          <commons.jira.pid>12310479</commons.jira.pid>
          <checkstyle.plugin.version>3.2.0</checkstyle.plugin.version>
 -        <checkstyle.version>10.3.4</checkstyle.version>
 +        <checkstyle.version>10.4</checkstyle.version>
          <japicmp.skip>false</japicmp.skip>
          <commons.japicmp.version>0.16.0</commons.japicmp.version>
+ 
+         <!-- spotbugs 4.7.2 issue #2174 generates lots of garbage during analysis -->
+ 
          <commons.pmd.version>3.19.0</commons.pmd.version>
          <commons.pmd-impl.version>6.48.0</commons.pmd-impl.version>
+ 
          <commons.spotbugs.version>4.7.2.1</commons.spotbugs.version>
          <commons.junit.version>5.9.1</commons.junit.version>