You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@unomi.apache.org by jk...@apache.org on 2020/11/17 17:53:28 UTC

[unomi] branch provideConfigDocForScripting created (now 3544b25)

This is an automated email from the ASF dual-hosted git repository.

jkevan pushed a change to branch provideConfigDocForScripting
in repository https://gitbox.apache.org/repos/asf/unomi.git.


      at 3544b25  UNOMI-399: Provide doc inside the custom.system.properties for scripting allow/forbid mechanism

This branch includes the following new commits:

     new 3544b25  UNOMI-399: Provide doc inside the custom.system.properties for scripting allow/forbid mechanism

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[unomi] 01/01: UNOMI-399: Provide doc inside the custom.system.properties for scripting allow/forbid mechanism

Posted by jk...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

jkevan pushed a commit to branch provideConfigDocForScripting
in repository https://gitbox.apache.org/repos/asf/unomi.git

commit 3544b25504a66ffcd2c92d7c5e8d1a1c2d2add7b
Author: Kevan <ke...@jahia.com>
AuthorDate: Tue Nov 17 18:53:11 2020 +0100

    UNOMI-399: Provide doc inside the custom.system.properties for scripting allow/forbid mechanism
---
 .../src/main/resources/etc/custom.system.properties    | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/package/src/main/resources/etc/custom.system.properties b/package/src/main/resources/etc/custom.system.properties
index 2c9b395..acca87b 100644
--- a/package/src/main/resources/etc/custom.system.properties
+++ b/package/src/main/resources/etc/custom.system.properties
@@ -40,14 +40,20 @@ org.apache.unomi.scripting.forbid=${env:UNOMI_FORBID_SCRIPTING_CLASSES:-}
 # to turn it off would be to check if it is interfering with something, but it should always be active in production.
 org.apache.unomi.scripting.filter.activated=${env:UNOMI_SCRIPTING_FILTER_ACTIVATED:-true}
 
-# The following parameters control the filtering using regular expressions for each scripting sub-system.
-# The "collections" parameter tells the expression filtering system which configurations to expect. By default only
+# The following parameters tells the expression filtering system which configurations to expect. By default only
 # MVEL and/or OGNL are accepted values, but in the future these might be replaced by new scripting sub-systems.
-# For each scripting sub-system, there is an allow and a forbid value. It is NOT recommended to change the built-in
-# "forbid" value unless you are having issues with its value.
-# It is however fully expected to add new expressions to the "allow" value, although it is better to add them inside
-# any plugins you may be adding. This configuration is only designed to compensate for the cases where something was not properly designed or to deal with compatibility issues. Just be VERY careful to make your patterns AS SPECIFIC AS POSSIBLE in order to avoid introducing a way to abuse the expression filtering.
 org.apache.unomi.scripting.filter.collections=${env:UNOMI_SCRIPTING_FILTER_COLLECTIONS:-mvel,ognl}
+
+# For each scripting sub-system, there is an allow and a forbid property that reference a .json files,
+# you can either edit this files or reference your own file directly in the following config.
+# Note: You can add new expressions to the "allow" file, although it is better to add them inside any plugins you may be adding.
+#       This configuration is only designed to compensate for the cases where something was not properly designed or to deal with compatibility issues.
+#       Just be VERY careful to make your patterns AS SPECIFIC AS POSSIBLE in order to avoid introducing a way to abuse the expression filtering.
+# Note: It is NOT recommended to change the built-in "forbid" value unless you are having issues with its value.
+# Note: mvel-allow.json contains an empty array: [], this mean nothing is allowed, so far.
+#       If you want to allow all expression, just remove the property org.apache.unomi.scripting.filter.mvel.allow, but this is not recommended
+#       It's better to list your expressions, and provide them in the mvel-allow.json file
+#       example: ["\\Qsession.size + 1\\E"]
 org.apache.unomi.scripting.filter.mvel.allow=${env:UNOMI_SCRIPTING_FILTER_MVEL_ALLOW:-${karaf.etc}/mvel-allow.json}
 org.apache.unomi.scripting.filter.mvel.forbid=${env:UNOMI_SCRIPTING_FILTER_MVEL_FORBID:-${karaf.etc}/mvel-forbid.json}
 org.apache.unomi.scripting.filter.ognl.allow=${env:UNOMI_SCRIPTING_FILTER_OGNL_ALLOW:-${karaf.etc}/ognl-allow.json}