Skip to content

Commit

Permalink
Merge pull request #145 from javadelight/change-to-recent-java-version
Browse files Browse the repository at this point in the history
Upgrade to Java 20
  • Loading branch information
mxro authored Jul 27, 2023
2 parents 6e34d10 + 8276850 commit 358dd2d
Show file tree
Hide file tree
Showing 13 changed files with 24 additions and 37 deletions.
2 changes: 1 addition & 1 deletion .classpath
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
<attribute name="test" value="true"/>
</attributes>
</classpathentry>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8">
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-20">
<attributes>
<attribute name="maven.pomderived" value="true"/>
</attributes>
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ jobs:
strategy:
matrix:
# Build with all versions that can load the nashorn standalone Jar:
java: [ 11, 12, 13 ]
java: [ 20 ]
name: Java ${{ matrix.java }} build
steps:
- uses: actions/checkout@v2
Expand All @@ -30,7 +30,7 @@ jobs:
strategy:
matrix:
# test against latest update of each major Java version, as well as specific updates of LTS versions:
java: [ 8, 9, 10, 11, 12, 13 ]
java: [ 20 ]
name: Java ${{ matrix.java }} test
steps:
- uses: actions/download-artifact@v2
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ jobs:
- name: Set up Maven Central Repository
uses: actions/setup-java@v2
with:
java-version: '11'
java-version: '20'
distribution: 'adopt'
server-id: ossrh
server-username: MAVEN_USERNAME
Expand Down
8 changes: 4 additions & 4 deletions .settings/org.eclipse.jdt.core.prefs
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
eclipse.preferences.version=1
org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8
org.eclipse.jdt.core.compiler.compliance=1.8
org.eclipse.jdt.core.compiler.codegen.targetPlatform=20
org.eclipse.jdt.core.compiler.compliance=20
org.eclipse.jdt.core.compiler.problem.enablePreviewFeatures=disabled
org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
org.eclipse.jdt.core.compiler.problem.reportPreviewFeatures=ignore
org.eclipse.jdt.core.compiler.processAnnotations=disabled
org.eclipse.jdt.core.compiler.release=disabled
org.eclipse.jdt.core.compiler.source=1.8
org.eclipse.jdt.core.compiler.release=enabled
org.eclipse.jdt.core.compiler.source=20
3 changes: 3 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ Part of the [Java Delight Suite](https://github.com/javadelight/delight-main#jav

[![Maven Central](https://img.shields.io/maven-central/v/org.javadelight/delight-nashorn-sandbox.svg)](https://search.maven.org/#search%7Cga%7C1%7Cdelight-nashorn-sandbox)

Note: Use version 0.3.x if you are using a Java version older than Java 20.

Open Security Issues: [# 73](https://github.com/javadelight/delight-nashorn-sandbox/issues/73) [# 117](https://github.com/javadelight/delight-nashorn-sandbox/issues/117)

## Usage
Expand Down Expand Up @@ -110,6 +112,7 @@ for JS evaluation and better handling of monitoring for threads for possible CPU

## Version History

- 0.4.0: Upgrade to Java 20
- 0.3.2: Updating JSBeautifier dependency ([PR #143](https://github.com/javadelight/delight-nashorn-sandbox/pull/143) by [davejbur](https://github.com/davejbur))
- 0.3.1: Protect against RegEx attacks in sanitising script input by [PR #139](https://github.com/javadelight/delight-nashorn-sandbox/pull/139)
- 0.3.0: Creating a wrapper for Script Context to be passed to eval to avoid accidental exposure. Resolves [Issue #134](https://github.com/javadelight/delight-nashorn-sandbox/issues/134)
Expand Down
11 changes: 5 additions & 6 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@

<groupId>org.javadelight</groupId>
<artifactId>delight-nashorn-sandbox</artifactId>
<version>0.3.2</version>
<version>0.4.0</version>
<description>A safe sandbox to execute JavaScript code from Nashorn.</description>
<url>https://github.com/javadelight/delight-nashorn-sandbox</url>

Expand Down Expand Up @@ -34,8 +34,7 @@
<dependency>
<groupId>org.openjdk.nashorn</groupId>
<artifactId>nashorn-core</artifactId>
<version>15.2</version>
<optional>true</optional>
<version>15.4</version>
</dependency>
<dependency>
<groupId>junit</groupId>
Expand Down Expand Up @@ -131,9 +130,9 @@

<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.11.0</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
<release>20</release>
</configuration>
</plugin>

Expand All @@ -145,7 +144,7 @@
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<extensions>true</extensions>
<version>2.5.3</version>
<version>5.1.9</version>
<configuration>
<instructions>
<Bundle-SymbolicName>${project.artifactId}</Bundle-SymbolicName>
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
package delight.nashornsandbox.internal;

import jdk.nashorn.api.scripting.ClassFilter;
import org.openjdk.nashorn.api.scripting.ClassFilter;

public class JdkNashornClassFilter extends SandboxClassFilter implements ClassFilter {

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -317,13 +317,7 @@ private static String getBeautifyJs() {

@SuppressWarnings("unchecked")
private static Function<String, String> beautifierAsFunction(Object beautifyScript) {
if (NashornDetection.isJDKNashornScriptObjectMirror(beautifyScript)) {
return script -> {
jdk.nashorn.api.scripting.ScriptObjectMirror scriptObjectMirror = (jdk.nashorn.api.scripting.ScriptObjectMirror) beautifyScript;
return (String) scriptObjectMirror.call("beautify", script, BEAUTIFY_OPTIONS);
};
}


if (NashornDetection.isStandaloneNashornScriptObjectMirror(beautifyScript)) {
return script -> {
org.openjdk.nashorn.api.scripting.ScriptObjectMirror scriptObjectMirror = (org.openjdk.nashorn.api.scripting.ScriptObjectMirror) beautifyScript;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -209,9 +209,6 @@ protected void sanitizeBindings(Bindings bindings) {
}
}




@Override
public SandboxScriptContext createScriptContext() {
ScriptContext context = new SimpleScriptContext();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,7 @@ public ThreadMonitor(final long maxCPUTime, final long maxMemory) {
memoryCounter = null;
}
}

private void reset() {
stop.set(false);
scriptFinished.set(false);
Expand All @@ -100,7 +101,6 @@ private void reset() {
threadToMonitor = null;
}

@SuppressWarnings("deprecation")
public void run() {
try {
// wait, for threadToMonitor to be set in JS evaluator thread
Expand Down Expand Up @@ -146,7 +146,8 @@ public void run() {
return;
}
if (!scriptFinished.get()) {
threadToMonitor.stop();
stop.set(true);
threadToMonitor.interrupt();
scriptKilled.set(true);
}
return;
Expand Down
4 changes: 0 additions & 4 deletions src/test/java/delight/nashornsandbox/TestAccessFunction.java
Original file line number Diff line number Diff line change
Expand Up @@ -22,10 +22,6 @@ public void test_access_variable() throws ScriptCPUAbuseException, ScriptExcepti
}

private Object findAndCall(Object _get) {
if (NashornDetection.isJDKNashornScriptObjectMirror(_get)) {
jdk.nashorn.api.scripting.ScriptObjectMirror scriptObjectMirror = (jdk.nashorn.api.scripting.ScriptObjectMirror) _get;
return scriptObjectMirror.call(_get);
}

if (NashornDetection.isStandaloneNashornScriptObjectMirror(_get)) {
org.openjdk.nashorn.api.scripting.ScriptObjectMirror scriptObjectMirror = (org.openjdk.nashorn.api.scripting.ScriptObjectMirror) _get;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
import javax.script.ScriptContext;
import javax.script.ScriptException;
import javax.script.SimpleBindings;
import javax.script.SimpleScriptContext;

import org.junit.Assert;
import org.junit.Test;
Expand Down Expand Up @@ -55,7 +54,7 @@ public void testWithExistingBindings() throws ScriptCPUAbuseException, ScriptExc
newBinding.put("Date", "2112018");

final Object res = sandbox.eval("function method() { return parseInt(Date);} method();", newContext);
Assert.assertTrue(res.equals(2112018));
Assert.assertEquals(2112018.0, res);
}


Expand Down
6 changes: 2 additions & 4 deletions src/test/java/delight/nashornsandbox/TestMemoryLimit.java
Original file line number Diff line number Diff line change
Expand Up @@ -29,17 +29,15 @@
public class TestMemoryLimit {
private static final int MEMORY_LIMIT = 700 * 1024 * 20;

@Test
public void test() throws ScriptCPUAbuseException, ScriptException {
@Test(expected = ScriptMemoryAbuseException.class)
public void test() throws ScriptCPUAbuseException, ScriptMemoryAbuseException, ScriptException {
final NashornSandbox sandbox = NashornSandboxes.create();
try {
sandbox.setMaxMemory(MEMORY_LIMIT);
sandbox.setExecutor(Executors.newSingleThreadExecutor());
final String js = "var o={},i=0; while (true) {o[i++] = 'abc'}";
sandbox.eval(js);
fail("Exception should be thrown");
} catch (final ScriptMemoryAbuseException e) {
assertFalse(e.isScriptKilled());
} finally {
sandbox.getExecutor().shutdown();
}
Expand Down

0 comments on commit 358dd2d

Please sign in to comment.