[unomi] branch master updated: UNOMI-400 Update documentation to reflect the latest config changes (#221)

shuber Mon, 23 Nov 2020 07:41:24 -0800

This is an automated email from the ASF dual-hosted git repository.

shuber pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/unomi.git



The following commit(s) were added to refs/heads/master by this push:
     new 491700c  UNOMI-400 Update documentation to reflect the latest config 
changes (#221)
491700c is described below

commit 491700c9f24154d92afe1921171b33ab0d18ecd0
Author: Serge Huber <[email protected]>
AuthorDate: Mon Nov 23 16:41:12 2020 +0100

    UNOMI-400 Update documentation to reflect the latest config changes (#221)
---
 .../src/archives/1.5/asciidoc/configuration.adoc   | 22 +++++++++++++++-------
 manual/src/main/asciidoc/configuration.adoc        | 22 +++++++++++++++-------
 2 files changed, 30 insertions(+), 14 deletions(-)

diff --git a/manual/src/archives/1.5/asciidoc/configuration.adoc 
b/manual/src/archives/1.5/asciidoc/configuration.adoc
index f2b7a8c..c103d64 100644
--- a/manual/src/archives/1.5/asciidoc/configuration.adoc
+++ b/manual/src/archives/1.5/asciidoc/configuration.adoc
@@ -353,13 +353,21 @@ 
org.apache.unomi.scripting.filter.activated=${env:UNOMI_SCRIPTING_FILTER_ACTIVAT
 # The following parameters control the filtering using regular expressions for 
each scripting sub-system.
 # The "collections" parameter tells the expression filtering system which 
configurations to expect. By default only MVEL and/or OGNL are accepted values, 
but in the future these might be replaced by new scripting sub-systems.
 
org.apache.unomi.scripting.filter.collections=${env:UNOMI_SCRIPTING_FILTER_COLLECTIONS:-mvel,ognl}
-# For each scripting sub-system, there is an allow and a forbid value. It is 
NOT recommended to change the built-in "forbid" value unless you are having 
issues with its value.
-# It is however fully expected to add new expressions to the "allow" value, 
although it is better to add them inside any plugins you may be adding. This 
configuration is only designed to compensate for the cases where something was 
not properly designed or to deal with compatibility issues. Just be VERY 
careful to make your patterns AS SPECIFIC AS POSSIBLE in order to avoid 
introducing a way to abuse the expression filtering.
-org.apache.unomi.scripting.filter.collections=${env:UNOMI_SCRIPTING_FILTER_COLLECTIONS:-mvel,ognl}
-org.apache.unomi.scripting.filter.mvel.allow=${env:UNOMI_SCRIPTING_FILTER_MVEL_ALLOW:-}
-# 
org.apache.unomi.scripting.filter.mvel.forbid=${env:UNOMI_SCRIPTING_FILTER_MVEL_FORBID:-.*Runtime.*,.*ProcessBuilder.*,.*exec.*,.*invoke.*,.*getClass.*,.*Class.*,.*ClassLoader.*,.*System.*,.*Method.*,.*method.*,.*Compiler.*,.*Thread.*,.*FileWriter.*,.*forName.*,.*Socket.*,.*DriverManager.*,eval}
-org.apache.unomi.scripting.filter.ognl.allow=${env:UNOMI_SCRIPTING_FILTER_OGNL_ALLOW:-}
-# 
org.apache.unomi.scripting.filter.ognl.forbid=${env:UNOMI_SCRIPTING_FILTER_OGNL_FORBID:-.*Runtime.*,.*ProcessBuilder.*,.*exec.*,.*invoke.*,.*getClass.*,.*Class.*,.*ClassLoader.*,.*System.*,.*Method.*,.*method.*,.*Compiler.*,.*Thread.*,.*FileWriter.*,.*forName.*,.*Socket.*,.*DriverManager.*,eval}
+
+# For each scripting sub-system, there is an allow and a forbid property that 
reference a .json files,
+# you can either edit this files or reference your own file directly in the 
following config.
+# Note: You can add new expressions to the "allow" file, although it is better 
to add them inside any plugins you may be adding.
+#       This configuration is only designed to compensate for the cases where 
something was not properly designed or to deal with compatibility issues.
+#       Just be VERY careful to make your patterns AS SPECIFIC AS POSSIBLE in 
order to avoid introducing a way to abuse the expression filtering.
+# Note: It is NOT recommended to change the built-in "forbid" value unless you 
are having issues with its value.
+# Note: mvel-allow.json contains an empty array: [], this mean nothing is 
allowed, so far.
+#       If you want to allow all expression, just remove the property 
org.apache.unomi.scripting.filter.mvel.allow, but this is not recommended
+#       It's better to list your expressions, and provide them in the 
mvel-allow.json file
+#       example: ["\\Qsession.size + 1\\E"]
+org.apache.unomi.scripting.filter.mvel.allow=${env:UNOMI_SCRIPTING_FILTER_MVEL_ALLOW:-${karaf.etc}/mvel-allow.json}
+org.apache.unomi.scripting.filter.mvel.forbid=${env:UNOMI_SCRIPTING_FILTER_MVEL_FORBID:-${karaf.etc}/mvel-forbid.json}
+org.apache.unomi.scripting.filter.ognl.allow=${env:UNOMI_SCRIPTING_FILTER_OGNL_ALLOW:-${karaf.etc}/ognl-allow.json}
+org.apache.unomi.scripting.filter.ognl.forbid=${env:UNOMI_SCRIPTING_FILTER_OGNL_FORBID:-${karaf.etc}/ognl-forbid.json}
 
 # This parameter controls whether OGNL scripting is allowed in expressions. 
Because of security reasons it is deactivated by default. If you run into 
compatibility issues you could reactivate it but it is at your own risk.
 
org.apache.unomi.security.properties.useOGNLScripting=${env:UNOMI_SCRIPTING_USE_OGNL:-false}
diff --git a/manual/src/main/asciidoc/configuration.adoc 
b/manual/src/main/asciidoc/configuration.adoc
index f2b7a8c..c103d64 100644
--- a/manual/src/main/asciidoc/configuration.adoc
+++ b/manual/src/main/asciidoc/configuration.adoc
@@ -353,13 +353,21 @@ 
org.apache.unomi.scripting.filter.activated=${env:UNOMI_SCRIPTING_FILTER_ACTIVAT
 # The following parameters control the filtering using regular expressions for 
each scripting sub-system.
 # The "collections" parameter tells the expression filtering system which 
configurations to expect. By default only MVEL and/or OGNL are accepted values, 
but in the future these might be replaced by new scripting sub-systems.
 
org.apache.unomi.scripting.filter.collections=${env:UNOMI_SCRIPTING_FILTER_COLLECTIONS:-mvel,ognl}
-# For each scripting sub-system, there is an allow and a forbid value. It is 
NOT recommended to change the built-in "forbid" value unless you are having 
issues with its value.
-# It is however fully expected to add new expressions to the "allow" value, 
although it is better to add them inside any plugins you may be adding. This 
configuration is only designed to compensate for the cases where something was 
not properly designed or to deal with compatibility issues. Just be VERY 
careful to make your patterns AS SPECIFIC AS POSSIBLE in order to avoid 
introducing a way to abuse the expression filtering.
-org.apache.unomi.scripting.filter.collections=${env:UNOMI_SCRIPTING_FILTER_COLLECTIONS:-mvel,ognl}
-org.apache.unomi.scripting.filter.mvel.allow=${env:UNOMI_SCRIPTING_FILTER_MVEL_ALLOW:-}
-# 
org.apache.unomi.scripting.filter.mvel.forbid=${env:UNOMI_SCRIPTING_FILTER_MVEL_FORBID:-.*Runtime.*,.*ProcessBuilder.*,.*exec.*,.*invoke.*,.*getClass.*,.*Class.*,.*ClassLoader.*,.*System.*,.*Method.*,.*method.*,.*Compiler.*,.*Thread.*,.*FileWriter.*,.*forName.*,.*Socket.*,.*DriverManager.*,eval}
-org.apache.unomi.scripting.filter.ognl.allow=${env:UNOMI_SCRIPTING_FILTER_OGNL_ALLOW:-}
-# 
org.apache.unomi.scripting.filter.ognl.forbid=${env:UNOMI_SCRIPTING_FILTER_OGNL_FORBID:-.*Runtime.*,.*ProcessBuilder.*,.*exec.*,.*invoke.*,.*getClass.*,.*Class.*,.*ClassLoader.*,.*System.*,.*Method.*,.*method.*,.*Compiler.*,.*Thread.*,.*FileWriter.*,.*forName.*,.*Socket.*,.*DriverManager.*,eval}
+
+# For each scripting sub-system, there is an allow and a forbid property that 
reference a .json files,
+# you can either edit this files or reference your own file directly in the 
following config.
+# Note: You can add new expressions to the "allow" file, although it is better 
to add them inside any plugins you may be adding.
+#       This configuration is only designed to compensate for the cases where 
something was not properly designed or to deal with compatibility issues.
+#       Just be VERY careful to make your patterns AS SPECIFIC AS POSSIBLE in 
order to avoid introducing a way to abuse the expression filtering.
+# Note: It is NOT recommended to change the built-in "forbid" value unless you 
are having issues with its value.
+# Note: mvel-allow.json contains an empty array: [], this mean nothing is 
allowed, so far.
+#       If you want to allow all expression, just remove the property 
org.apache.unomi.scripting.filter.mvel.allow, but this is not recommended
+#       It's better to list your expressions, and provide them in the 
mvel-allow.json file
+#       example: ["\\Qsession.size + 1\\E"]
+org.apache.unomi.scripting.filter.mvel.allow=${env:UNOMI_SCRIPTING_FILTER_MVEL_ALLOW:-${karaf.etc}/mvel-allow.json}
+org.apache.unomi.scripting.filter.mvel.forbid=${env:UNOMI_SCRIPTING_FILTER_MVEL_FORBID:-${karaf.etc}/mvel-forbid.json}
+org.apache.unomi.scripting.filter.ognl.allow=${env:UNOMI_SCRIPTING_FILTER_OGNL_ALLOW:-${karaf.etc}/ognl-allow.json}
+org.apache.unomi.scripting.filter.ognl.forbid=${env:UNOMI_SCRIPTING_FILTER_OGNL_FORBID:-${karaf.etc}/ognl-forbid.json}
 
 # This parameter controls whether OGNL scripting is allowed in expressions. 
Because of security reasons it is deactivated by default. If you run into 
compatibility issues you could reactivate it but it is at your own risk.
 
org.apache.unomi.security.properties.useOGNLScripting=${env:UNOMI_SCRIPTING_USE_OGNL:-false}

[unomi] branch master updated: UNOMI-400 Update documentation to reflect the latest config changes (#221)

Reply via email to