You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ant.apache.org by bo...@apache.org on 2020/05/27 16:09:04 UTC
[ant] branch master updated: relax some Graal.js Security rules for
This is an automated email from the ASF dual-hosted git repository.
bodewig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ant.git
The following commit(s) were added to refs/heads/master by this push:
new be9b424 relax some Graal.js Security rules for <script*>
be9b424 is described below
commit be9b424d1237fb368be81da764bdd065481007c1
Author: Stefan Bodewig <bo...@apache.org>
AuthorDate: Wed May 27 18:08:19 2020 +0200
relax some Graal.js Security rules for <script*>
---
.../org/apache/tools/ant/util/optional/JavaxScriptRunner.java | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/main/org/apache/tools/ant/util/optional/JavaxScriptRunner.java b/src/main/org/apache/tools/ant/util/optional/JavaxScriptRunner.java
index d55a5b3..761e5c8 100644
--- a/src/main/org/apache/tools/ant/util/optional/JavaxScriptRunner.java
+++ b/src/main/org/apache/tools/ant/util/optional/JavaxScriptRunner.java
@@ -26,6 +26,7 @@ import java.util.stream.Collectors;
import javax.script.Bindings;
import javax.script.Compilable;
import javax.script.CompiledScript;
+import javax.script.ScriptContext;
import javax.script.ScriptEngine;
import javax.script.ScriptEngineManager;
import javax.script.SimpleBindings;
@@ -191,12 +192,22 @@ public class JavaxScriptRunner extends ScriptRunnerBase {
}
ScriptEngine result =
new ScriptEngineManager().getEngineByName(getLanguage());
+ maybeApplyGraalJsProperties(result);
if (result != null && getKeepEngine()) {
this.keptEngine = result;
}
return result;
}
+ private static final String DROP_GRAAL_SECURITY_RESTRICTIONS = "polyglot.js.allowAllAccess";
+
+ private void maybeApplyGraalJsProperties(final ScriptEngine engine) {
+ if (engine != null && engine.getClass().getName().contains("Graal")) {
+ engine.getBindings(ScriptContext.ENGINE_SCOPE)
+ .put(DROP_GRAAL_SECURITY_RESTRICTIONS, true);
+ }
+ }
+
/**
* Traverse a Throwable's cause(s) and return the BuildException
* most deeply nested into it - if any.