This is an automated email from the ASF dual-hosted git repository. bodewig pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ant.git
The following commit(s) were added to refs/heads/master by this push: new be9b424 relax some Graal.js Security rules for <script*> be9b424 is described below commit be9b424d1237fb368be81da764bdd065481007c1 Author: Stefan Bodewig <bode...@apache.org> AuthorDate: Wed May 27 18:08:19 2020 +0200 relax some Graal.js Security rules for <script*> --- .../org/apache/tools/ant/util/optional/JavaxScriptRunner.java | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/main/org/apache/tools/ant/util/optional/JavaxScriptRunner.java b/src/main/org/apache/tools/ant/util/optional/JavaxScriptRunner.java index d55a5b3..761e5c8 100644 --- a/src/main/org/apache/tools/ant/util/optional/JavaxScriptRunner.java +++ b/src/main/org/apache/tools/ant/util/optional/JavaxScriptRunner.java @@ -26,6 +26,7 @@ import java.util.stream.Collectors; import javax.script.Bindings; import javax.script.Compilable; import javax.script.CompiledScript; +import javax.script.ScriptContext; import javax.script.ScriptEngine; import javax.script.ScriptEngineManager; import javax.script.SimpleBindings; @@ -191,12 +192,22 @@ public class JavaxScriptRunner extends ScriptRunnerBase { } ScriptEngine result = new ScriptEngineManager().getEngineByName(getLanguage()); + maybeApplyGraalJsProperties(result); if (result != null && getKeepEngine()) { this.keptEngine = result; } return result; } + private static final String DROP_GRAAL_SECURITY_RESTRICTIONS = "polyglot.js.allowAllAccess"; + + private void maybeApplyGraalJsProperties(final ScriptEngine engine) { + if (engine != null && engine.getClass().getName().contains("Graal")) { + engine.getBindings(ScriptContext.ENGINE_SCOPE) + .put(DROP_GRAAL_SECURITY_RESTRICTIONS, true); + } + } + /** * Traverse a Throwable's cause(s) and return the BuildException * most deeply nested into it - if any.