[jira] [Resolved] (JEXL-395) 3.2.1 vs 3.3 hello get property

Henri Biestro (Jira) Fri, 07 Apr 2023 07:11:11 -0700


     [ 
https://issues.apache.org/jira/browse/JEXL-395?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Henri Biestro resolved JEXL-395.
--------------------------------
    Fix Version/s: 3.3
         Assignee: Henri Biestro
       Resolution: Not A Bug

This is related to the new default permissions scheme described in the [release 
notes|https://commons.apache.org/proper/commons-jexl/relnotes33.html] and 
[JEXL-381|https://issues.apache.org/jira/browse/JEXL-381].
Although inconvenient - apologies again -, the previous behaviour can be 
reverted easily (see 
[JexlPermissions|https://commons.apache.org/proper/commons-jexl/apidocs/org/apache/commons/jexl3/introspection/JexlPermissions.html]).
 It might also be an occasion to assess application security and which 
classes/methods should be accessible through scripts.

> 3.2.1 vs 3.3 hello get property
> -------------------------------
>
>                 Key: JEXL-395
>                 URL: https://issues.apache.org/jira/browse/JEXL-395
>             Project: Commons JEXL
>          Issue Type: Bug
>         Environment: Mac java 17
>            Reporter: mergewreck
>            Assignee: Henri Biestro
>            Priority: Major
>             Fix For: 3.3
>
>
> {color:#7f0055}import{color}{color:#000000} 
> org.apache.commons.jexl3.JexlBuilder;{color}
> {color:#7f0055}import{color}{color:#000000} 
> org.apache.commons.jexl3.JexlContext;{color}
> {color:#7f0055}import{color}{color:#000000} 
> org.apache.commons.jexl3.JexlEngine;{color}
> {color:#7f0055}import{color}{color:#000000} 
> org.apache.commons.jexl3.JexlExpression;{color}
> {color:#7f0055}import{color}{color:#000000} 
> org.apache.commons.jexl3.MapContext;{color}
>  
> {color:#3f7f5f}//works with 3.2.1/ does not work with 3.3{color}
> {color:#7f0055}public{color}{color:#000000} 
> {color}{color:#7f0055}class{color}{color:#000000} JexlIssue {{color}
> {color:#000000} {color}{color:#7f0055}public{color}{color:#000000} 
> {color}{color:#7f0055}static{color}{color:#000000} 
> {color}{color:#7f0055}class{color}{color:#000000} Foo {{color}
> {color:#000000} {color}{color:#7f0055}public{color}{color:#000000} String 
> {color}{color:#0000c0}text{color}{color:#000000} = 
> {color}{color:#2a00ff}"bar"{color}{color:#000000};{color}
> {color:#000000} }{color}
>  
> {color:#000000} {color}{color:#7f0055}public{color}{color:#000000} 
> {color}{color:#7f0055}static{color}{color:#000000} <T> T eval(JexlExpression 
> {color}{color:#6a3e3e}expr{color}{color:#000000}, JexlContext 
> {color}{color:#6a3e3e}context{color}{color:#000000}) {{color}
> {color:#000000} {color}{color:#7f0055}return{color}{color:#000000} 
> {color}{color:#000000}(T) 
> {color}{color:#6a3e3e}expr{color}{color:#000000}.evaluate({color}{color:#6a3e3e}context{color}{color:#000000}){color}{color:#000000};{color}
> {color:#000000} }{color}
>  
> {color:#000000} {color}{color:#7f0055}public{color}{color:#000000} 
> {color}{color:#7f0055}static{color}{color:#000000} 
> {color}{color:#7f0055}void{color}{color:#000000} main(String[] 
> {color}{color:#6a3e3e}args{color}{color:#000000}) {{color}
> {color:#000000} {color}{color:#7f0055}final{color}{color:#000000} JexlEngine 
> {color}{color:#6a3e3e}engine{color}{color:#000000} = 
> {color}{color:#7f0055}new{color}{color:#000000} 
> JexlBuilder().strict({color}{color:#7f0055}true{color}{color:#000000}).lexical({color}{color:#7f0055}true{color}{color:#000000}).silent({color}{color:#7f0055}false{color}{color:#000000}).create();{color}
> {color:#000000} {color}{color:#7f0055}final{color}{color:#000000} JexlContext 
> {color}{color:#6a3e3e}context{color}{color:#000000} = 
> {color}{color:#7f0055}new{color}{color:#000000} MapContext();{color}
> {color:#000000} {color}{color:#7f0055}final{color}{color:#000000} Foo 
> {color}{color:#6a3e3e}foo{color}{color:#000000} = 
> {color}{color:#7f0055}new{color}{color:#000000} Foo();{color}
> {color:#000000} 
> {color}{color:#6a3e3e}context{color}{color:#000000}.set({color}{color:#2a00ff}"foo"{color}{color:#000000},
>  {color}{color:#6a3e3e}foo{color}{color:#000000});{color}
>  
> {color:#000000} JexlExpression 
> {color}{color:#6a3e3e}expr{color}{color:#000000} = 
> {color}{color:#6a3e3e}engine{color}{color:#000000}.createExpression({color}{color:#2a00ff}"foo.text"{color}{color:#000000});{color}
> {color:#000000} String {color}{color:#6a3e3e}o{color}{color:#000000} = 
> {color}{color:#000000}eval{color}{color:#000000}({color}{color:#6a3e3e}expr{color}{color:#000000},
>  {color}{color:#6a3e3e}context{color}{color:#000000});{color}
>  
> {color:#000000} 
> System.{color}{color:#0000c0}out{color}{color:#000000}.println({color}{color:#6a3e3e}o{color}{color:#000000});{color}
> {color:#000000} }{color}
> {color:#000000}}{color}
> In 3.2.1
> prints
> bar
>  
> In 3.3
> throws JexlException$Property..."{color:#172b4d}undefined property 'text'"
> {color}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (JEXL-395) 3.2.1 vs 3.3 hello get property

Reply via email to