This is an automated email from the ASF dual-hosted git repository.
sgoeschl pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/freemarker-generator.git
The following commit(s) were added to refs/heads/master by this push:
new 7e8505d FREEMARKER-164 Use default unsafe FreeMarker configuration
7e8505d is described below
commit 7e8505de27db0ea5ef636f6921c7c869b4d60c75
Author: Siegfried Goeschl <[email protected]>
AuthorDate: Mon Nov 16 06:32:17 2020 +0100
FREEMARKER-164 Use default unsafe FreeMarker configuration
---
freemarker-generator-cli/CHANGELOG.md | 4 ++-
.../cli/config/ConfigurationSupplier.java | 5 ---
.../generator/cli/SecurityRelatedTest.java | 36 ----------------------
.../src/test/templates/security/api.ftl | 17 ----------
.../src/test/templates/security/new.ftl | 17 ----------
5 files changed, 3 insertions(+), 76 deletions(-)
diff --git a/freemarker-generator-cli/CHANGELOG.md
b/freemarker-generator-cli/CHANGELOG.md
index 549bd32..7b72c15 100644
--- a/freemarker-generator-cli/CHANGELOG.md
+++ b/freemarker-generator-cli/CHANGELOG.md
@@ -39,6 +39,7 @@ All notable changes to this project will be documented in
this file. We try to a
* [FREEMARKER-127] Site build fails with missing
"org/apache/maven/doxia/siterenderer/DocumentContent"
### Internal
+* [FREEMARKER-164] Use default unsafe FreeMarker configuration
* [FREEMARKER-153] FreeMarker Generator release preparations
[FREEMARKER-127]: https://issues.apache.org/jira/browse/FREEMARKER-127
@@ -58,4 +59,5 @@ All notable changes to this project will be documented in
this file. We try to a
[FREEMARKER-151]: https://issues.apache.org/jira/browse/FREEMARKER-151
[FREEMARKER-153]: https://issues.apache.org/jira/browse/FREEMARKER-153
[FREEMARKER-155]: https://issues.apache.org/jira/browse/FREEMARKER-155
-[FREEMARKER-163]: https://issues.apache.org/jira/browse/FREEMARKER-163
\ No newline at end of file
+[FREEMARKER-163]: https://issues.apache.org/jira/browse/FREEMARKER-163
+[FREEMARKER-164]: https://issues.apache.org/jira/browse/FREEMARKER-164
\ No newline at end of file
diff --git
a/freemarker-generator-cli/src/main/java/org/apache/freemarker/generator/cli/config/ConfigurationSupplier.java
b/freemarker-generator-cli/src/main/java/org/apache/freemarker/generator/cli/config/ConfigurationSupplier.java
index bf77a69..8f45e90 100644
---
a/freemarker-generator-cli/src/main/java/org/apache/freemarker/generator/cli/config/ConfigurationSupplier.java
+++
b/freemarker-generator-cli/src/main/java/org/apache/freemarker/generator/cli/config/ConfigurationSupplier.java
@@ -24,7 +24,6 @@ import
org.apache.freemarker.generator.cli.model.GeneratorObjectWrapper;
import java.util.Properties;
import java.util.function.Supplier;
-import static freemarker.core.TemplateClassResolver.ALLOWS_NOTHING_RESOLVER;
import static freemarker.template.Configuration.VERSION_2_3_29;
import static java.util.Objects.requireNonNull;
import static java.util.stream.Stream.of;
@@ -52,10 +51,6 @@ public class ConfigurationSupplier implements
Supplier<Configuration> {
try {
final Configuration configuration = new
Configuration(FREEMARKER_VERSION);
- // apply safe default configuration
- configuration.setAPIBuiltinEnabled(false);
- configuration.setNewBuiltinClassResolver(ALLOWS_NOTHING_RESOLVER);
-
// apply all "freemarker.configuration.setting" values
configuration.setSettings(freeMarkerConfigurationSettings());
diff --git
a/freemarker-generator-cli/src/test/java/org/apache/freemarker/generator/cli/SecurityRelatedTest.java
b/freemarker-generator-cli/src/test/java/org/apache/freemarker/generator/cli/SecurityRelatedTest.java
deleted file mode 100644
index 4cf264b..0000000
---
a/freemarker-generator-cli/src/test/java/org/apache/freemarker/generator/cli/SecurityRelatedTest.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.freemarker.generator.cli;
-
-import org.junit.Ignore;
-import org.junit.Test;
-
-import java.io.IOException;
-
-@Ignore("Manual security testing")
-public class SecurityRelatedTest extends AbstractMainTest {
-
- @Test(expected = RuntimeException.class)
- public void shouldDisallowFreeMarkerNewBuiltIn() throws IOException {
- execute("-t ./src/test/templates/security/new.ftl");
- }
-
- @Test(expected = RuntimeException.class)
- public void shouldDisallowFreeMarkerApiBuiltIn() throws IOException {
- execute("-t ./src/test/templates/security/api.ftl");
- }
-}
diff --git a/freemarker-generator-cli/src/test/templates/security/api.ftl
b/freemarker-generator-cli/src/test/templates/security/api.ftl
deleted file mode 100644
index 5208784..0000000
--- a/freemarker-generator-cli/src/test/templates/security/api.ftl
+++ /dev/null
@@ -1,17 +0,0 @@
-<#--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<#assign uri=SystemTool?api.class.getResource("/").toURI()>
diff --git a/freemarker-generator-cli/src/test/templates/security/new.ftl
b/freemarker-generator-cli/src/test/templates/security/new.ftl
deleted file mode 100644
index b7ddf2a..0000000
--- a/freemarker-generator-cli/src/test/templates/security/new.ftl
+++ /dev/null
@@ -1,17 +0,0 @@
-<#--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<#assign ex="freemarker.template.utility.Execute"?new()> ${ ex("date") }
