JEXL: fix JexlSandbox regression (detected through Java21);

apache · Aug 21, 2024 · 9a04761 · 9a04761
1 parent d4ec8c9
commit 9a04761
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 15 deletions.
diff --git a/src/main/java/org/apache/commons/jexl3/introspection/JexlSandbox.java b/src/main/java/org/apache/commons/jexl3/introspection/JexlSandbox.java
@@ -262,6 +262,26 @@ public Permissions get(final Class<?> clazz) {
         return clazz == null ? BLOCK_ALL : compute(clazz);
     }
 
+    private static Permissions inheritable(Permissions p) {
+        return p != null && p.isInheritable() ? p : null;
+    }
+
+    /**
+     * Find first inherited interface that defines permissions through recursion.
+     * @param clazz the clazz
+     * @return the array of all its interfaces
+     */
+    private Permissions computeInterfaces(final Class<?> clazz) {
+        Permissions permissions = inheritable(sandbox.get(clazz.getName()));
+        if (permissions == null) {
+            final Class<?>[] interfaces = clazz.getInterfaces();
+            for (int i = 0; permissions == null && i < interfaces.length; ++i) {
+                permissions = computeInterfaces(interfaces[i]);
+            }
+        }
+        return permissions;
+    }
+
     /**
      * Computes and optionally stores the permissions associated to a class.
      *
@@ -273,9 +293,9 @@ private Permissions compute(final Class<?> clazz) {
         if (permissions == null) {
             if (inherit) {
                 // find first inherited interface that defines permissions
-                Class<?>[] interfaces = clazz.getInterfaces();
+                final Class<?>[] interfaces = clazz.getInterfaces();
                 for (int i = 0; permissions == null && i < interfaces.length; ++i) {
-                    permissions = inheritable(sandbox.get(interfaces[i].getName()));
+                    permissions = computeInterfaces(interfaces[i]);
                 }
                 // nothing defined yet, find first superclass that defines permissions
                 if (permissions == null) {
@@ -297,10 +317,6 @@ private Permissions compute(final Class<?> clazz) {
         return permissions;
     }
 
-    private Permissions inheritable(Permissions p) {
-        return p != null && p.isInheritable() ? p : null;
-    }
-
     /**
      * Gets the set of permissions associated to a class.
      *

diff --git a/src/test/java/org/apache/commons/jexl3/introspection/SandboxTest.java b/src/test/java/org/apache/commons/jexl3/introspection/SandboxTest.java
@@ -355,7 +355,7 @@ public void testInheritedPermission0() {
         sandbox.permissions(SomeInterface.class.getName(), true, true, true, true);
         final JexlEngine sjexl = new JexlBuilder().sandbox(sandbox).safe(false).strict(true).create();
         final JexlScript someOp = sjexl.createScript("foo.bar()", "foo");
-        assertEquals(42, someOp.execute(null, foo));
+        assertEquals(42, (int) someOp.execute(null, foo));
     }
 
     @Test
@@ -365,7 +365,7 @@ public void testInheritedPermission1() {
         sandbox.permissions(Foo386.class.getName(), true, true, true, true);
         final JexlEngine sjexl = new JexlBuilder().sandbox(sandbox).safe(false).strict(true).create();
         final JexlScript someOp = sjexl.createScript("foo.bar()", "foo");
-        assertEquals(-42, someOp.execute(null, foo));
+        assertEquals(-42, (int) someOp.execute(null, foo));
     }
 
     @Test
@@ -484,16 +484,16 @@ public void testSandboxInherit0() throws Exception {
         final JexlScript get = sjexl.createScript("foo[x]", "foo", "x");
 
         result = method.execute(ctxt, foo, "nothing");
-        assertEquals(true, result);
+        assertTrue((boolean) result);
         result = null;
-        result = get.execute(null, foo, 0);
+        result = get.execute(null, foo, Integer.valueOf(0));
         assertEquals("nothing", result);
         result = null;
-        result = set.execute(null, foo, 0, "42");
+        result = set.execute(null, foo, Integer.valueOf(0), "42");
         assertEquals("42", result);
 
         result = null;
-        result = get.execute(null, foo, 0);
+        result = get.execute(null, foo, Integer.valueOf(0));
         assertEquals("42", result);
     }
 
@@ -508,10 +508,10 @@ public void testSandboxInherit1() throws Exception {
         // sandbox.block(Foo.class.getName()).execute();
         final JexlEngine sjexl = new JexlBuilder().sandbox(sandbox).safe(false).strict(true).create();
         final JexlScript someOp = sjexl.createScript("foo.someOp(y)", "foo", "y");
-        result = someOp.execute(ctxt, foo, 30);
-        assertEquals(42, result);
+        result = someOp.execute(ctxt, foo, Integer.valueOf(30));
+        assertEquals(42, (int) result);
         final JexlScript nonCallable = sjexl.createScript("foo.nonCallable(y)", "foo", "y");
-        assertThrows(JexlException.class, () -> nonCallable.execute(null, foo, 0));
+        assertThrows(JexlException.class, () -> nonCallable.execute(null, foo, Integer.valueOf(0)));
     }
 
     @Test