groovy-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (GROOVY-7842) MarkupTemplateEngine Totally Broken
Date Wed, 29 Jun 2016 00:59:10 GMT

    [ https://issues.apache.org/jira/browse/GROOVY-7842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15354010#comment-15354010
] 

ASF GitHub Bot commented on GROOVY-7842:
----------------------------------------

GitHub user jwagenleitner opened a pull request:

    https://github.com/apache/groovy/pull/358

    GROOVY-7842 - MarkupTemplateEngine Totally Broken

    When running under a Security Manager an exception would be thrown because
    the empty codebase value was added as a Permission name which can not be
    empty.  So use the same codebase value that is used by GStringTemplateEngine
    and StreamingTemplateEngine for unnamed code sources.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/jwagenleitner/groovy GROOVY-7842

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/groovy/pull/358.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #358
    
----
commit 111206ae879469ac2864941508c85dd9edb2e470
Author: John Wagenleitner <jwagenleitner@apache.org>
Date:   2016-06-29T00:50:40Z

    GROOVY-7842 - MarkupTemplateEngine Totally Broken
    
    When running under a Security Manager an exception would be thrown because
    the empty codebase value was added as a Permission name which can not be
    empty.  So use the same codebase value that is used by GStringTemplateEngine
    and StreamingTemplateEngine for unnamed code sources.

----


> MarkupTemplateEngine Totally Broken 
> ------------------------------------
>
>                 Key: GROOVY-7842
>                 URL: https://issues.apache.org/jira/browse/GROOVY-7842
>             Project: Groovy
>          Issue Type: Bug
>          Components: Templating
>    Affects Versions: 2.4.5, 2.4.6
>            Reporter: Scott Murphy
>            Priority: Blocker
>
> {code:title=TemplateServlet.java|borderStyle=solid}
> TemplateServer.createAndStoreTemplate(String key, InputStream inputStream, File file)
> // ...
>     Template template = engine.createTemplate(reader);
> {code}
> {code:title=MarkupTemplateEngine.java|borderStyle=solid}
>     public Template createTemplate(final Reader reader) throws CompilationFailedException,
ClassNotFoundException, IOException {
>         return new MarkupTemplateMaker(reader, null, null);
>     }
> {code}
> Calls MarkupTemplateEngine.MarkupTemplateMaker
> {code:title=MarkupTemplateEngine.java|borderStyle=solid}
>         public MarkupTemplateMaker(final Reader reader, String sourceName, Map<String,
String> modelTypes) {
>             String name = sourceName != null ? sourceName : "GeneratedMarkupTemplate"
+ counter.getAndIncrement();
>             templateClass = groovyClassLoader.parseClass(new GroovyCodeSource(reader,
name, ""), modelTypes);
>             this.modeltypes = modelTypes;
>         }
> {code}
> Note: GroovyCodeSource(reader, name, "")
> {code:title=GroovyCodeSource.java|borderStyle=solid}
>     public GroovyCodeSource(Reader reader, String name, String codeBase) {
>         this.name = name;
>         this.codeSource = createCodeSource(codeBase);
> {code}
> Note: createCodeSource(codeBase); -> createCodeSource("");
> {code:title=GroovyCodeSource.java|borderStyle=solid}
>     private static CodeSource createCodeSource(final String codeBase) {
>         SecurityManager sm = System.getSecurityManager();
>         if (sm != null) {
>             sm.checkPermission(new GroovyCodeSourcePermission(codeBase));
>         }
> {code}
> Note: GroovyCodeSourcePermission(codeBase) -> GroovyCodeSourcePermission("")
> {code:title=GroovyCodeSourcePermission.java|borderStyle=solid}
> public final class GroovyCodeSourcePermission extends BasicPermission {
>     public GroovyCodeSourcePermission(String name) {
>         super(name);
>     }
>     public BasicPermission(String name)
>     {
>         super(name);
>         init(name);
>     }
>     /**
>      * initialize a BasicPermission object. Common to all constructors.
>      *
>      */
>     private void init(String name)
>     {
>         if (name == null)
>             throw new NullPointerException("name can't be null");
>         int len = name.length();
>         if (len == 0) {
>             throw new IllegalArgumentException("name can't be empty");
>         }
> {code}
> BOOM -> IllegalArgumentException
> In summary: MarkupTemplateMaker creates a GroovyCodeSource where codeBase is equal to
"".  BasicPermission does not allow names to have zero length thus causing an exception.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message