You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tinkerpop.apache.org by dk...@apache.org on 2016/01/11 17:49:32 UTC
[24/30] incubator-tinkerpop git commit: Fixed a bug in the
SimpleSandbox for Gremlin Server
Fixed a bug in the SimpleSandbox for Gremlin Server
Not sure how this every slipped through, but added an integration test to prevent future regressions.
Project: http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/commit/b4cb00dd
Tree: http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/tree/b4cb00dd
Diff: http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/diff/b4cb00dd
Branch: refs/heads/TINKERPOP-320
Commit: b4cb00dd7aa567c14c94318fe65d9ef99c761f1d
Parents: 114609d
Author: Stephen Mallette <sp...@genoprime.com>
Authored: Mon Jan 11 08:54:30 2016 -0500
Committer: Stephen Mallette <sp...@genoprime.com>
Committed: Mon Jan 11 08:54:30 2016 -0500
----------------------------------------------------------------------
.../customizer/SimpleSandboxExtension.groovy | 5 ++--
.../server/GremlinServerIntegrateTest.java | 30 ++++++++++++++++++++
2 files changed, 33 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/blob/b4cb00dd/gremlin-groovy/src/main/groovy/org/apache/tinkerpop/gremlin/groovy/jsr223/customizer/SimpleSandboxExtension.groovy
----------------------------------------------------------------------
diff --git a/gremlin-groovy/src/main/groovy/org/apache/tinkerpop/gremlin/groovy/jsr223/customizer/SimpleSandboxExtension.groovy b/gremlin-groovy/src/main/groovy/org/apache/tinkerpop/gremlin/groovy/jsr223/customizer/SimpleSandboxExtension.groovy
index fe6cfd2..e6a8046 100644
--- a/gremlin-groovy/src/main/groovy/org/apache/tinkerpop/gremlin/groovy/jsr223/customizer/SimpleSandboxExtension.groovy
+++ b/gremlin-groovy/src/main/groovy/org/apache/tinkerpop/gremlin/groovy/jsr223/customizer/SimpleSandboxExtension.groovy
@@ -43,9 +43,10 @@ class SimpleSandboxExtension extends GroovyTypeCheckingExtensionSupport.TypeChec
}
onMethodSelection { expr, MethodNode methodNode ->
- def descriptor = toMethodDescriptor(methodNode)
- if (null == descriptor.declaringClass || descriptor.declaringClass.name != 'java.lang.System')
+ if (null == methodNode.declaringClass || methodNode.declaringClass.name == 'java.lang.System') {
+ def descriptor = SandboxHelper.toMethodDescriptor(methodNode)
addStaticTypeError("Not authorized to call this method: $descriptor", expr)
+ }
}
}
http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/blob/b4cb00dd/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerIntegrateTest.java
----------------------------------------------------------------------
diff --git a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerIntegrateTest.java b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerIntegrateTest.java
index d1376a1..df515bd 100644
--- a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerIntegrateTest.java
+++ b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerIntegrateTest.java
@@ -33,6 +33,8 @@ import org.apache.tinkerpop.gremlin.driver.simple.NioClient;
import org.apache.tinkerpop.gremlin.driver.simple.SimpleClient;
import org.apache.tinkerpop.gremlin.driver.simple.WebSocketClient;
import org.apache.tinkerpop.gremlin.groovy.jsr223.GremlinGroovyScriptEngine;
+import org.apache.tinkerpop.gremlin.groovy.jsr223.customizer.CompileStaticCustomizerProvider;
+import org.apache.tinkerpop.gremlin.groovy.jsr223.customizer.SimpleSandboxExtension;
import org.apache.tinkerpop.gremlin.structure.T;
import org.apache.tinkerpop.gremlin.server.channel.NioChannelizer;
import org.apache.tinkerpop.gremlin.server.op.session.SessionOpProcessor;
@@ -56,6 +58,7 @@ import java.util.concurrent.atomic.AtomicInteger;
import java.util.stream.Collectors;
import java.util.stream.IntStream;
+import static org.hamcrest.CoreMatchers.containsString;
import static org.hamcrest.CoreMatchers.is;
import static org.junit.Assert.*;
import static org.junit.Assume.assumeThat;
@@ -127,12 +130,39 @@ public class GremlinServerIntegrateTest extends AbstractGremlinServerIntegration
deleteDirectory(new File("/tmp/neo4j"));
settings.graphs.put("graph", "conf/neo4j-empty.properties");
break;
+ case "shouldUseSimpleSandbox":
+ final Map<String,Object> scriptEngineConf = new HashMap<>();
+ final Map<String,Object> compilerCustomizerProviderConf = new HashMap<>();
+ final List<String> sandboxes = new ArrayList<>();
+ sandboxes.add(SimpleSandboxExtension.class.getName());
+ compilerCustomizerProviderConf.put(CompileStaticCustomizerProvider.class.getName(), sandboxes);
+ scriptEngineConf.put("compilerCustomizerProviders", compilerCustomizerProviderConf);
+ settings.scriptEngines.get("gremlin-groovy").config = scriptEngineConf;
+ break;
}
return settings;
}
@Test
+ public void shouldUseSimpleSandbox() throws Exception {
+ final Cluster cluster = Cluster.open();
+ final Client client = cluster.connect();
+
+ assertEquals(2, client.submit("1+1").all().get().get(0).getInt());
+
+ try {
+ // this should return "nothing" - there should be no exception
+ client.submit("java.lang.System.exit(0)").all().get();
+ fail("The above should not have executed in any successful way as sandboxing is enabled");
+ } catch (Exception ex) {
+ assertThat(ex.getCause().getMessage(), containsString("[Static type checking] - Not authorized to call this method: java.lang.System#exit(int)"));
+ } finally {
+ cluster.close();
+ }
+ }
+
+ @Test
public void shouldStartWithDefaultSettings() {
// just quickly validate that results are returning given defaults. no graphs are config'd with defaults
// so just eval a groovy script.