You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by he...@apache.org on 2019/08/24 13:48:33 UTC
[commons-jexl] branch master updated: JEXL-312: create explicit
cache miss entry when method is disallowed by @NoJexl Task #JEXL-312 -
@NoJexl fails to disallow method call
This is an automated email from the ASF dual-hosted git repository.
henrib pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-jexl.git
The following commit(s) were added to refs/heads/master by this push:
new 71d1850 JEXL-312: create explicit cache miss entry when method is disallowed by @NoJexl Task #JEXL-312 - @NoJexl fails to disallow method call
71d1850 is described below
commit 71d185007d8ba0a935fe4ac084822784a19bcffa
Author: henrib <he...@apache.org>
AuthorDate: Sat Aug 24 15:47:51 2019 +0200
JEXL-312: create explicit cache miss entry when method is disallowed by @NoJexl
Task #JEXL-312 - @NoJexl fails to disallow method call
---
RELEASE-NOTES.txt | 1 +
.../jexl3/internal/introspection/ClassMap.java | 14 ++++-----
src/site/xdoc/changes.xml | 3 ++
.../commons/jexl3/introspection/SandboxTest.java | 35 ++++++++++++++++++++++
4 files changed, 45 insertions(+), 8 deletions(-)
diff --git a/RELEASE-NOTES.txt b/RELEASE-NOTES.txt
index 8876a2b..3373d7c 100644
--- a/RELEASE-NOTES.txt
+++ b/RELEASE-NOTES.txt
@@ -73,6 +73,7 @@ New Features in 3.2:
Bugs Fixed in 3.2:
==================
+* JEXL-312: @NoJexl fails to disallow method call
* JEXL-311: Jxlt template scripts fail using verbatim expressions embedded in lambdas
* JEXL-309: Line numbers are not correct when template report errors
* JEXL-306: Ternary operator ? protects also its branches from resolution errors
diff --git a/src/main/java/org/apache/commons/jexl3/internal/introspection/ClassMap.java b/src/main/java/org/apache/commons/jexl3/internal/introspection/ClassMap.java
index dd91c89..f3c9340 100644
--- a/src/main/java/org/apache/commons/jexl3/internal/introspection/ClassMap.java
+++ b/src/main/java/org/apache/commons/jexl3/internal/introspection/ClassMap.java
@@ -281,14 +281,12 @@ final class ClassMap {
Method[] methods = clazz.getDeclaredMethods();
for (int i = 0; i < methods.length; i++) {
Method mi = methods[i];
- if (permissions.allow(mi)) {
- // add method to byKey cache; do not override
- MethodKey key = new MethodKey(mi);
- Method pmi = cache.byKey.putIfAbsent(key, mi);
- if (pmi != null && log.isDebugEnabled() && !key.equals(new MethodKey(pmi))) {
- // foo(int) and foo(Integer) have the same signature for JEXL
- log.debug("Method "+ pmi + " is already registered, key: " + key.debugString());
- }
+ // add method to byKey cache; do not override
+ MethodKey key = new MethodKey(mi);
+ Method pmi = cache.byKey.putIfAbsent(key, permissions.allow(mi) ? mi : CACHE_MISS);
+ if (pmi != null && log.isDebugEnabled() && !key.equals(new MethodKey(pmi))) {
+ // foo(int) and foo(Integer) have the same signature for JEXL
+ log.debug("Method " + pmi + " is already registered, key: " + key.debugString());
}
}
} catch (SecurityException se) {
diff --git a/src/site/xdoc/changes.xml b/src/site/xdoc/changes.xml
index fdfe443..30ec007 100644
--- a/src/site/xdoc/changes.xml
+++ b/src/site/xdoc/changes.xml
@@ -26,6 +26,9 @@
</properties>
<body>
<release version="3.2" date="unreleased">
+ <action dev="henrib" type="fix" issue="JEXL-312">
+ @NoJexl fails to disallow method call
+ </action>
<action dev="henrib" type="fix" issue="JEXL-311">
Jxlt template scripts fail using verbatim expressions embedded in lambdas
</action>
diff --git a/src/test/java/org/apache/commons/jexl3/introspection/SandboxTest.java b/src/test/java/org/apache/commons/jexl3/introspection/SandboxTest.java
index 4e718c2..b6e3116 100644
--- a/src/test/java/org/apache/commons/jexl3/introspection/SandboxTest.java
+++ b/src/test/java/org/apache/commons/jexl3/introspection/SandboxTest.java
@@ -456,4 +456,39 @@ public class SandboxTest extends JexlTestCase {
LOGGER.info(xjm.toString());
}
}
+
+ public static class Foo42 {
+ public int getFoo() {
+ return 42;
+ }
+ }
+
+ public static class Foo43 extends Foo42 {
+ @Override
+ @NoJexl
+ public int getFoo() {
+ return 43;
+ }
+ }
+
+ public static class Foo44 extends Foo43 {
+ @Override
+ public int getFoo() {
+ return 44;
+ }
+ }
+
+ @Test
+ public void testNoJexl312() throws Exception {
+ JexlContext ctxt = new MapContext();
+
+ JexlEngine sjexl = new JexlBuilder().strict(true).create();
+ JexlScript foo = sjexl.createScript("x.getFoo()", "x");
+ try {
+ foo.execute(ctxt, new Foo44());
+ Assert.fail("should have thrown");
+ } catch (JexlException xany) {
+ Assert.assertNotNull(xany);
+ }
+ }
}