Copilot commented on code in PR #872:
URL: https://github.com/apache/ranger/pull/872#discussion_r3118689871
##########
plugin-nestedstructure/src/test/java/org/apache/ranger/authorization/nestedstructure/authorizer/TestRecordFilterJavaScript.java:
##########
@@ -44,9 +44,9 @@ public void testAccessJava() {
" bufferedWriter.write(\"Writing line one to
file\"); bufferedWriter.close;", TestJsonManipulator.bigTester);
} catch (MaskingException e) {
assertTrue(e.getCause() instanceof RuntimeException);
- assertTrue(e.getCause().getCause() instanceof
ClassNotFoundException);
}
- assertFalse(Files.exists(Paths.get("omg.txt")));
+ // GraalVM permits Files.exists() when host access is enabled.
+ assertTrue(Files.exists(Paths.get("omg.txt")));
Review Comment:
This test now asserts that a script-created file exists, which bakes in the
behavior that GraalJS host access is enabled. Given the security implications,
the expected behavior should remain that scripts cannot touch the filesystem
(and the test should assert the file does not exist). If host access must be
supported, it should be guarded behind an explicit opt-in configuration and
this test should cover the default (host access disabled) path.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
