You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by he...@apache.org on 2019/08/24 13:48:33 UTC

[commons-jexl] branch master updated: JEXL-312: create explicit cache miss entry when method is disallowed by @NoJexl Task #JEXL-312 - @NoJexl fails to disallow method call

This is an automated email from the ASF dual-hosted git repository.

henrib pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-jexl.git


The following commit(s) were added to refs/heads/master by this push:
     new 71d1850  JEXL-312: create explicit cache miss entry when method is disallowed by @NoJexl Task #JEXL-312 - @NoJexl fails to disallow method call
71d1850 is described below

commit 71d185007d8ba0a935fe4ac084822784a19bcffa
Author: henrib <he...@apache.org>
AuthorDate: Sat Aug 24 15:47:51 2019 +0200

    JEXL-312: create explicit cache miss entry when method is disallowed by @NoJexl
    Task #JEXL-312 - @NoJexl fails to disallow method call
---
 RELEASE-NOTES.txt                                  |  1 +
 .../jexl3/internal/introspection/ClassMap.java     | 14 ++++-----
 src/site/xdoc/changes.xml                          |  3 ++
 .../commons/jexl3/introspection/SandboxTest.java   | 35 ++++++++++++++++++++++
 4 files changed, 45 insertions(+), 8 deletions(-)

diff --git a/RELEASE-NOTES.txt b/RELEASE-NOTES.txt
index 8876a2b..3373d7c 100644
--- a/RELEASE-NOTES.txt
+++ b/RELEASE-NOTES.txt
@@ -73,6 +73,7 @@ New Features in 3.2:
 Bugs Fixed in 3.2:
 ==================
 
+* JEXL-312:      @NoJexl fails to disallow method call
 * JEXL-311:      Jxlt template scripts fail using verbatim expressions embedded in lambdas
 * JEXL-309:      Line numbers are not correct when template report errors
 * JEXL-306:      Ternary operator ? protects also its branches from resolution errors
diff --git a/src/main/java/org/apache/commons/jexl3/internal/introspection/ClassMap.java b/src/main/java/org/apache/commons/jexl3/internal/introspection/ClassMap.java
index dd91c89..f3c9340 100644
--- a/src/main/java/org/apache/commons/jexl3/internal/introspection/ClassMap.java
+++ b/src/main/java/org/apache/commons/jexl3/internal/introspection/ClassMap.java
@@ -281,14 +281,12 @@ final class ClassMap {
             Method[] methods = clazz.getDeclaredMethods();
             for (int i = 0; i < methods.length; i++) {
                 Method mi = methods[i];
-                if (permissions.allow(mi)) {
-                    // add method to byKey cache; do not override
-                    MethodKey key = new MethodKey(mi);
-                    Method pmi = cache.byKey.putIfAbsent(key, mi);
-                    if (pmi != null && log.isDebugEnabled() && !key.equals(new MethodKey(pmi))) {
-                        // foo(int) and foo(Integer) have the same signature for JEXL
-                        log.debug("Method "+ pmi + " is already registered, key: " + key.debugString());
-                    }
+                // add method to byKey cache; do not override
+                MethodKey key = new MethodKey(mi);
+                Method pmi = cache.byKey.putIfAbsent(key, permissions.allow(mi) ? mi : CACHE_MISS);
+                if (pmi != null && log.isDebugEnabled() && !key.equals(new MethodKey(pmi))) {
+                    // foo(int) and foo(Integer) have the same signature for JEXL
+                    log.debug("Method " + pmi + " is already registered, key: " + key.debugString());
                 }
             }
         } catch (SecurityException se) {
diff --git a/src/site/xdoc/changes.xml b/src/site/xdoc/changes.xml
index fdfe443..30ec007 100644
--- a/src/site/xdoc/changes.xml
+++ b/src/site/xdoc/changes.xml
@@ -26,6 +26,9 @@
     </properties>
     <body>
         <release version="3.2" date="unreleased">
+            <action dev="henrib" type="fix" issue="JEXL-312">
+                @NoJexl fails to disallow method call
+            </action>
             <action dev="henrib" type="fix" issue="JEXL-311">
                 Jxlt template scripts fail using verbatim expressions embedded in lambdas
             </action>
diff --git a/src/test/java/org/apache/commons/jexl3/introspection/SandboxTest.java b/src/test/java/org/apache/commons/jexl3/introspection/SandboxTest.java
index 4e718c2..b6e3116 100644
--- a/src/test/java/org/apache/commons/jexl3/introspection/SandboxTest.java
+++ b/src/test/java/org/apache/commons/jexl3/introspection/SandboxTest.java
@@ -456,4 +456,39 @@ public class SandboxTest extends JexlTestCase {
             LOGGER.info(xjm.toString());
         }
     }
+    
+    public static class Foo42 {
+        public int getFoo() {
+            return 42;
+        }
+    }
+
+    public static class Foo43 extends Foo42 {
+        @Override
+        @NoJexl
+        public int getFoo() {
+            return 43;
+        }
+    }
+
+    public static class Foo44 extends Foo43 {
+        @Override
+        public int getFoo() {
+            return 44;
+        }
+    }
+    
+    @Test
+    public void testNoJexl312() throws Exception {
+        JexlContext ctxt = new MapContext();
+        
+        JexlEngine sjexl = new JexlBuilder().strict(true).create();
+        JexlScript foo = sjexl.createScript("x.getFoo()", "x");
+        try {
+            foo.execute(ctxt, new Foo44());
+            Assert.fail("should have thrown");
+        } catch (JexlException xany) {
+            Assert.assertNotNull(xany);
+        }
+    }
 }