commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Henri Biestro (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (JEXL-291) Using sandbox prevents array-syntax lookup by number in Map
Date Fri, 22 Mar 2019 17:22:00 GMT

     [ https://issues.apache.org/jira/browse/JEXL-291?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Henri Biestro resolved JEXL-291.
--------------------------------
    Resolution: Fixed

Changeset: c39f4cf674000f45c23597fa945a0421aac79cbf
Author:    henrib <henrib@apache.org>
Date:      2019-03-22 18:20
Message:   JEXL-291: use user-provided property object if sandbox does not change input

> Using sandbox prevents array-syntax lookup by number in Map
> -----------------------------------------------------------
>
>                 Key: JEXL-291
>                 URL: https://issues.apache.org/jira/browse/JEXL-291
>             Project: Commons JEXL
>          Issue Type: Bug
>    Affects Versions: 3.1
>            Reporter: David Costanzo
>            Assignee: Henri Biestro
>            Priority: Minor
>             Fix For: 3.2
>
>
> Using a JexlSandbox, even if it's a whitebox sandbox that allows everything, makes all
array-syntax lookup by integer in a Map fail.  The array lookup syntax for a String key still
works.
> For example
> {code:java}
> {'key' : 'value'}.['key']{code}
> can find 'value', but
> {code:java}
> {1 : 'value'}[1]{code}
> evaluates to null, instead of 'value'.
> The problem seems to be that SandboxUberspect converts the property 1 to a String "1"
when determining the name of the property and then, when it attempts to look up the value,
it uses the String.  The problem exists for getting and setting by array syntax.
>  
> *Steps to Reproduce:*
> This can be seen with a simple program:
>  
> {code:java}
> public class Main {
>     public static void main(String[] arguments) {
>         JexlEngine simpleJexlEngine = new JexlBuilder().create();
>         JexlExpression simpleExpression = simpleJexlEngine.createExpression(
>            "{1:'one'}[1]");
>         Object value = simpleExpression.evaluate(new MapContext());
>         assert "one".equals(value);
>         JexlEngine sandboxedJexlEngine = new JexlBuilder().
>            sandbox(new JexlSandbox(true)). // add a whitebox sandbox
>            create();
>         JexlExpression sandboxedExpression =
>            sandboxedJexlEngine.createExpression(
>               "{1:'one'}[1]");
>         Object sandboxedValue = sandboxedExpression.evaluate(new MapContext());
>         assert "one".equals(sandboxedValue); // <--- fails
>     }
> }{code}
>  
>  
> *Work-around*
> As the Java developer, I was able to work around this problem by creating a custom Uberspect
that's a copy of SandboxUberspect, but has a different implementation for getPropertySet()
and getPropertyGet().  Instead of passing in "actual" to uberspect.getPropertySet() and uberspect.getPropertyGet()
(which has been converted to a String), it passes in "identifier", which is the original object. 
I don't understand the JEXL internals well enough to know if this is correct, though.
> As a JEXL programmer, I could only work around this by calling "get" and "put" on the
Map object, instead of using the array syntax.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message