This is an automated email from the ASF dual-hosted git repository.
shuber pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/unomi.git
The following commit(s) were added to refs/heads/master by this push:
new 30ba949 UNOMI-399: Provide doc inside the custom.system.properties
for scripting allow/forbid mechanism (#217)
30ba949 is described below
commit 30ba94957dc4a725b0fc55b240b76e7563f397a9
Author: kevan Jahanshahi <[email protected]>
AuthorDate: Tue Nov 17 19:02:20 2020 +0100
UNOMI-399: Provide doc inside the custom.system.properties for scripting
allow/forbid mechanism (#217)
---
.../src/main/resources/etc/custom.system.properties | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/package/src/main/resources/etc/custom.system.properties
b/package/src/main/resources/etc/custom.system.properties
index 2c9b395..acca87b 100644
--- a/package/src/main/resources/etc/custom.system.properties
+++ b/package/src/main/resources/etc/custom.system.properties
@@ -40,14 +40,20 @@
org.apache.unomi.scripting.forbid=${env:UNOMI_FORBID_SCRIPTING_CLASSES:-}
# to turn it off would be to check if it is interfering with something, but it
should always be active in production.
org.apache.unomi.scripting.filter.activated=${env:UNOMI_SCRIPTING_FILTER_ACTIVATED:-true}
-# The following parameters control the filtering using regular expressions for
each scripting sub-system.
-# The "collections" parameter tells the expression filtering system which
configurations to expect. By default only
+# The following parameters tells the expression filtering system which
configurations to expect. By default only
# MVEL and/or OGNL are accepted values, but in the future these might be
replaced by new scripting sub-systems.
-# For each scripting sub-system, there is an allow and a forbid value. It is
NOT recommended to change the built-in
-# "forbid" value unless you are having issues with its value.
-# It is however fully expected to add new expressions to the "allow" value,
although it is better to add them inside
-# any plugins you may be adding. This configuration is only designed to
compensate for the cases where something was not properly designed or to deal
with compatibility issues. Just be VERY careful to make your patterns AS
SPECIFIC AS POSSIBLE in order to avoid introducing a way to abuse the
expression filtering.
org.apache.unomi.scripting.filter.collections=${env:UNOMI_SCRIPTING_FILTER_COLLECTIONS:-mvel,ognl}
+
+# For each scripting sub-system, there is an allow and a forbid property that
reference a .json files,
+# you can either edit this files or reference your own file directly in the
following config.
+# Note: You can add new expressions to the "allow" file, although it is better
to add them inside any plugins you may be adding.
+# This configuration is only designed to compensate for the cases where
something was not properly designed or to deal with compatibility issues.
+# Just be VERY careful to make your patterns AS SPECIFIC AS POSSIBLE in
order to avoid introducing a way to abuse the expression filtering.
+# Note: It is NOT recommended to change the built-in "forbid" value unless you
are having issues with its value.
+# Note: mvel-allow.json contains an empty array: [], this mean nothing is
allowed, so far.
+# If you want to allow all expression, just remove the property
org.apache.unomi.scripting.filter.mvel.allow, but this is not recommended
+# It's better to list your expressions, and provide them in the
mvel-allow.json file
+# example: ["\\Qsession.size + 1\\E"]
org.apache.unomi.scripting.filter.mvel.allow=${env:UNOMI_SCRIPTING_FILTER_MVEL_ALLOW:-${karaf.etc}/mvel-allow.json}
org.apache.unomi.scripting.filter.mvel.forbid=${env:UNOMI_SCRIPTING_FILTER_MVEL_FORBID:-${karaf.etc}/mvel-forbid.json}
org.apache.unomi.scripting.filter.ognl.allow=${env:UNOMI_SCRIPTING_FILTER_OGNL_ALLOW:-${karaf.etc}/ognl-allow.json}
