Nashorn ClassFilter only filters Java.type()? -

-

i have following 2 code tests.

first: javatypetest() blocks access java.io.file expected.

second: javamethodgetfiletest() not block access when java.io.file object returned bypassing filter.

is not supposed block when java.type() used? or there specific way should adding objects engine?

expected output:

javatypetest success: true javamethodgetfiletest success: true

actual output:

javatypetest success: true z:\eclipse ws\nashorntests\. javamethodgetfiletest success: false

the reasoning behind want proxy class has allowed methods return allowed objects have getinstance() method returns dissallowedobject have access instance contained in proxy without exposing nashorn.

public class nashorntest {     class nashornclassfilter implements classfilter     {         public nashornclassfilter()         {         }          @override         public boolean exposetoscripts(string clazz)         {             if (clazz.equals("java.io.file")) return false;             return true;         }     }      public static class allowedclass     {         public allowedclass()         {         }          public file disallowedmethod()         {             return new file(".");         }     }      public static void main(string[] args)     {         nashornscriptenginefactory factory = new nashornscriptenginefactory();          nashornclassfilter filter = new nashorntest().new nashornclassfilter();         nashornscriptengine engine = (nashornscriptengine) factory.getscriptengine(filter);          nashornclassfilter filter1 = new nashorntest().new nashornclassfilter();         nashornscriptengine engine1 = (nashornscriptengine) factory.getscriptengine(filter1);          system.out.println("javatypetest success: " + javatypetest(engine));         system.out.println("javamethodgetfiletest success: " + javamethodgetfiletest(engine1));      }      public static boolean javatypetest(nashornscriptengine engine)     {         try         {             engine.eval(                 "function wrapper(){ "                 + "java.type('java.io.file');"                 + "}");             ((invocable) engine).invokefunction("wrapper");         }         catch (runtimeexception e)         {             if(e.getcause() instanceof classnotfoundexception) return true;             e.printstacktrace();         }         catch(exception e)         {             e.printstacktrace();         }         return false;     }      public static boolean javamethodgetfiletest(nashornscriptengine engine)     {         try         {             engine.put("allowed", new allowedclass());             engine.eval(                 "function wrapper(){ "                         + "var file = allowed.disallowedmethod();"                         + "print(file.getabsolutepath());"                         + "}");             ((invocable) engine).invokefunction("wrapper");         }         catch(runtimeexception e)         {             if(e.getcause() instanceof classnotfoundexception) return true;             e.printstacktrace();         }         catch (exception e)         {             e.printstacktrace();         }         return false;     } }


Comments

Post a Comment

Popular posts from this blog

Java 3D LWJGL collision -

-
i making 3d java game lwjgl library, , wondering how add collision detection, player not go through models. i using obj models. here objloader class, loads models: package renderengine; import java.io.bufferedreader; import java.io.file; import java.io.filenotfoundexception; import java.io.filereader; import java.util.arraylist; import java.util.list; import models.rawmodel; import org.lwjgl.util.vector.vector2f; import org.lwjgl.util.vector.vector3f; public class objloader { public static rawmodel loadobjmodel(string filename, loader loader){ filereader fr = null; try { fr = new filereader(new file("res/"+filename+".obj")); } catch (filenotfoundexception e) { system.err.println("couldn't load file!"); e.printstacktrace(); } bufferedreader reader = new bufferedreader(fr); string line; list<vector3f> vertices = new arraylist<vector3f...
Read more

spring - SubProtocolWebSocketHandler - No handlers -

-
i have ugly error during deploying spring app on jboss. 18:11:16,025 error [org.apache.catalina.core.containerbase.[jboss.web].[default-host].[/consumer]] (msc service thread 1-7) exception sending context initialized event listener instance of class org.springframework.web.context.contextloaderlistener: org.springframework.context.applicationcontextexception: failed start bean 'subprotocolwebsockethandler'; nested exception java.lang.illegalargumentexception: no handlers @ org.springframework.context.support.defaultlifecycleprocessor.dostart(defaultlifecycleprocessor.java:176) [spring-context-4.1.3.release.jar:4.1.3.release] @ org.springframework.context.support.defaultlifecycleprocessor.access$200(defaultlifecycleprocessor.java:51) [spring-context-4.1.3.release.jar:4.1.3.release] @ org.springframework.context.support.defaultlifecycleprocessor$lifecyclegroup.start(defaultlifecycleprocessor.java:346) [spring-context-4.1.3.release.jar:4.1.3.release] @ org.s...
Read more

methods - python can't use function in submodule -

-
my folder structure this: pythonstuff/ program.py modulea/ __init__.py foo.py bar.py here's code bar.py : def hello(): print("hello, world!") here's code program.py : #!/usr/bin/env python3 modulea import bar bar.hello() i run $ python3 program.py somehow error: file "program.py", line 3, in <module> bar.hello() attributeerror: 'module' object has no attribute 'hello' edit: __init__.py file empty. edit2: after trying realized had bar.py in root directory contained hello() method. bar.py in modulea/ directory empty. add it import os __all__ = [] module in os.listdir(os.path.dirname(__file__)): if module != '__init__.py' , module[-3:] == '.py': __all__.append(module[:-3]) the init .py files required make python treat directories containing packages; done prevent directories common name, such string, unintentionally hiding v...
Read more