From 64ca51bf1ad2fe9541526b1c7ac58efab016eec3 Mon Sep 17 00:00:00 2001
From: Max Rohde <1448524+mxro@users.noreply.github.com>
Date: Thu, 6 Jul 2023 08:43:29 +1000
Subject: [PATCH 1/9] Changing to more recent Java version only
---
.github/workflows/build.yml | 4 ++--
.github/workflows/publish.yml | 2 +-
pom.xml | 3 +--
.../nashornsandbox/internal/JdkNashornClassFilter.java | 2 +-
.../java/delight/nashornsandbox/internal/JsSanitizer.java | 8 +-------
.../nashornsandbox/internal/NashornSandboxImpl.java | 3 ---
.../delight/nashornsandbox/internal/ThreadMonitor.java | 5 +++--
7 files changed, 9 insertions(+), 18 deletions(-)
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 11ba256..cf56893 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -9,7 +9,7 @@ jobs:
strategy:
matrix:
# Build with all versions that can load the nashorn standalone Jar:
- java: [ 11, 12, 13 ]
+ java: [ 20 ]
name: Java ${{ matrix.java }} build
steps:
- uses: actions/checkout@v2
@@ -30,7 +30,7 @@ jobs:
strategy:
matrix:
# test against latest update of each major Java version, as well as specific updates of LTS versions:
- java: [ 8, 9, 10, 11, 12, 13 ]
+ java: [ 20 ]
name: Java ${{ matrix.java }} test
steps:
- uses: actions/download-artifact@v2
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 8dd8104..df702f0 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -15,7 +15,7 @@ jobs:
- name: Set up Maven Central Repository
uses: actions/setup-java@v2
with:
- java-version: '11'
+ java-version: '20'
distribution: 'adopt'
server-id: ossrh
server-username: MAVEN_USERNAME
diff --git a/pom.xml b/pom.xml
index c462922..e37c584 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
org.javadelight
delight-nashorn-sandbox
- 0.3.2
+ 0.4.0
A safe sandbox to execute JavaScript code from Nashorn.
https://github.com/javadelight/delight-nashorn-sandbox
@@ -35,7 +35,6 @@
org.openjdk.nashorn
nashorn-core
15.2
- true
junit
diff --git a/src/main/java/delight/nashornsandbox/internal/JdkNashornClassFilter.java b/src/main/java/delight/nashornsandbox/internal/JdkNashornClassFilter.java
index e072f86..ddc4df1 100644
--- a/src/main/java/delight/nashornsandbox/internal/JdkNashornClassFilter.java
+++ b/src/main/java/delight/nashornsandbox/internal/JdkNashornClassFilter.java
@@ -1,6 +1,6 @@
package delight.nashornsandbox.internal;
-import jdk.nashorn.api.scripting.ClassFilter;
+import org.openjdk.nashorn.api.scripting.ClassFilter;
public class JdkNashornClassFilter extends SandboxClassFilter implements ClassFilter {
diff --git a/src/main/java/delight/nashornsandbox/internal/JsSanitizer.java b/src/main/java/delight/nashornsandbox/internal/JsSanitizer.java
index a50b50b..105a39a 100644
--- a/src/main/java/delight/nashornsandbox/internal/JsSanitizer.java
+++ b/src/main/java/delight/nashornsandbox/internal/JsSanitizer.java
@@ -317,13 +317,7 @@ private static String getBeautifyJs() {
@SuppressWarnings("unchecked")
private static Function beautifierAsFunction(Object beautifyScript) {
- if (NashornDetection.isJDKNashornScriptObjectMirror(beautifyScript)) {
- return script -> {
- jdk.nashorn.api.scripting.ScriptObjectMirror scriptObjectMirror = (jdk.nashorn.api.scripting.ScriptObjectMirror) beautifyScript;
- return (String) scriptObjectMirror.call("beautify", script, BEAUTIFY_OPTIONS);
- };
- }
-
+
if (NashornDetection.isStandaloneNashornScriptObjectMirror(beautifyScript)) {
return script -> {
org.openjdk.nashorn.api.scripting.ScriptObjectMirror scriptObjectMirror = (org.openjdk.nashorn.api.scripting.ScriptObjectMirror) beautifyScript;
diff --git a/src/main/java/delight/nashornsandbox/internal/NashornSandboxImpl.java b/src/main/java/delight/nashornsandbox/internal/NashornSandboxImpl.java
index 0f0a63f..bac5bdc 100644
--- a/src/main/java/delight/nashornsandbox/internal/NashornSandboxImpl.java
+++ b/src/main/java/delight/nashornsandbox/internal/NashornSandboxImpl.java
@@ -209,9 +209,6 @@ protected void sanitizeBindings(Bindings bindings) {
}
}
-
-
-
@Override
public SandboxScriptContext createScriptContext() {
ScriptContext context = new SimpleScriptContext();
diff --git a/src/main/java/delight/nashornsandbox/internal/ThreadMonitor.java b/src/main/java/delight/nashornsandbox/internal/ThreadMonitor.java
index 2c3a5a9..caf6160 100644
--- a/src/main/java/delight/nashornsandbox/internal/ThreadMonitor.java
+++ b/src/main/java/delight/nashornsandbox/internal/ThreadMonitor.java
@@ -91,6 +91,7 @@ public ThreadMonitor(final long maxCPUTime, final long maxMemory) {
memoryCounter = null;
}
}
+
private void reset() {
stop.set(false);
scriptFinished.set(false);
@@ -100,7 +101,6 @@ private void reset() {
threadToMonitor = null;
}
- @SuppressWarnings("deprecation")
public void run() {
try {
// wait, for threadToMonitor to be set in JS evaluator thread
@@ -146,7 +146,8 @@ public void run() {
return;
}
if (!scriptFinished.get()) {
- threadToMonitor.stop();
+ stop.set(true);
+ threadToMonitor.interrupt();
scriptKilled.set(true);
}
return;
From 44b24b0ce709feecb9b4298c77049618a7886c82 Mon Sep 17 00:00:00 2001
From: Max Rohde <1448524+mxro@users.noreply.github.com>
Date: Thu, 6 Jul 2023 08:54:28 +1000
Subject: [PATCH 2/9] Working on upgrading to latest Java version
---
.classpath | 2 +-
.settings/org.eclipse.jdt.core.prefs | 8 ++++----
pom.xml | 4 ++--
.../java/delight/nashornsandbox/TestAccessFunction.java | 4 ----
4 files changed, 7 insertions(+), 11 deletions(-)
diff --git a/.classpath b/.classpath
index 3e0c728..67dc756 100644
--- a/.classpath
+++ b/.classpath
@@ -13,7 +13,7 @@
-
+
diff --git a/.settings/org.eclipse.jdt.core.prefs b/.settings/org.eclipse.jdt.core.prefs
index 1b6e1ef..70bf2fd 100644
--- a/.settings/org.eclipse.jdt.core.prefs
+++ b/.settings/org.eclipse.jdt.core.prefs
@@ -1,9 +1,9 @@
eclipse.preferences.version=1
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8
-org.eclipse.jdt.core.compiler.compliance=1.8
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=20
+org.eclipse.jdt.core.compiler.compliance=20
org.eclipse.jdt.core.compiler.problem.enablePreviewFeatures=disabled
org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
org.eclipse.jdt.core.compiler.problem.reportPreviewFeatures=ignore
org.eclipse.jdt.core.compiler.processAnnotations=disabled
-org.eclipse.jdt.core.compiler.release=disabled
-org.eclipse.jdt.core.compiler.source=1.8
+org.eclipse.jdt.core.compiler.release=enabled
+org.eclipse.jdt.core.compiler.source=20
diff --git a/pom.xml b/pom.xml
index e37c584..ab2270c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -130,9 +130,9 @@
maven-compiler-plugin
+ 3.11.0
-
- 1.8
+ 20
diff --git a/src/test/java/delight/nashornsandbox/TestAccessFunction.java b/src/test/java/delight/nashornsandbox/TestAccessFunction.java
index d0f6894..660c13a 100644
--- a/src/test/java/delight/nashornsandbox/TestAccessFunction.java
+++ b/src/test/java/delight/nashornsandbox/TestAccessFunction.java
@@ -22,10 +22,6 @@ public void test_access_variable() throws ScriptCPUAbuseException, ScriptExcepti
}
private Object findAndCall(Object _get) {
- if (NashornDetection.isJDKNashornScriptObjectMirror(_get)) {
- jdk.nashorn.api.scripting.ScriptObjectMirror scriptObjectMirror = (jdk.nashorn.api.scripting.ScriptObjectMirror) _get;
- return scriptObjectMirror.call(_get);
- }
if (NashornDetection.isStandaloneNashornScriptObjectMirror(_get)) {
org.openjdk.nashorn.api.scripting.ScriptObjectMirror scriptObjectMirror = (org.openjdk.nashorn.api.scripting.ScriptObjectMirror) _get;
From 31082977d87bb04aa4b16c716a5e82bfe70cdd05 Mon Sep 17 00:00:00 2001
From: Max Rohde <1448524+mxro@users.noreply.github.com>
Date: Fri, 28 Jul 2023 07:27:55 +1000
Subject: [PATCH 3/9] Upgrading to latest nashorn version
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index ab2270c..97ab50e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -34,7 +34,7 @@
org.openjdk.nashorn
nashorn-core
- 15.2
+ 15.4
junit
From 9d75bb7013fb8c4ae7bb784a485bea2f969d31a0 Mon Sep 17 00:00:00 2001
From: Max Rohde <1448524+mxro@users.noreply.github.com>
Date: Fri, 28 Jul 2023 07:29:33 +1000
Subject: [PATCH 4/9] Fixing test
---
.../TestEvalWithScriptContextWithNewBindings.java | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/test/java/delight/nashornsandbox/TestEvalWithScriptContextWithNewBindings.java b/src/test/java/delight/nashornsandbox/TestEvalWithScriptContextWithNewBindings.java
index b403d8f..062156a 100644
--- a/src/test/java/delight/nashornsandbox/TestEvalWithScriptContextWithNewBindings.java
+++ b/src/test/java/delight/nashornsandbox/TestEvalWithScriptContextWithNewBindings.java
@@ -4,7 +4,6 @@
import javax.script.ScriptContext;
import javax.script.ScriptException;
import javax.script.SimpleBindings;
-import javax.script.SimpleScriptContext;
import org.junit.Assert;
import org.junit.Test;
@@ -55,7 +54,7 @@ public void testWithExistingBindings() throws ScriptCPUAbuseException, ScriptExc
newBinding.put("Date", "2112018");
final Object res = sandbox.eval("function method() { return parseInt(Date);} method();", newContext);
- Assert.assertTrue(res.equals(2112018));
+ Assert.assertEquals(2112018.0, res);
}
From 5e58b43a4840e2f4178f4631bdc456f7c46568a5 Mon Sep 17 00:00:00 2001
From: Max Rohde <1448524+mxro@users.noreply.github.com>
Date: Fri, 28 Jul 2023 07:32:16 +1000
Subject: [PATCH 5/9] Updating readme
---
README.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/README.md b/README.md
index 087287e..c38a66f 100644
--- a/README.md
+++ b/README.md
@@ -110,6 +110,7 @@ for JS evaluation and better handling of monitoring for threads for possible CPU
## Version History
+- 0.4.0: Upgrade to Java 20
- 0.3.2: Updating JSBeautifier dependency ([PR #143](https://github.com/javadelight/delight-nashorn-sandbox/pull/143) by [davejbur](https://github.com/davejbur))
- 0.3.1: Protect against RegEx attacks in sanitising script input by [PR #139](https://github.com/javadelight/delight-nashorn-sandbox/pull/139)
- 0.3.0: Creating a wrapper for Script Context to be passed to eval to avoid accidental exposure. Resolves [Issue #134](https://github.com/javadelight/delight-nashorn-sandbox/issues/134)
From aead914079b1ce44b707cb0b3ad7ab3c97ebdf17 Mon Sep 17 00:00:00 2001
From: Max Rohde <1448524+mxro@users.noreply.github.com>
Date: Fri, 28 Jul 2023 07:34:05 +1000
Subject: [PATCH 6/9] Fixing build, upgrading bundle plugin
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 97ab50e..a85dce2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -144,7 +144,7 @@
org.apache.felix
maven-bundle-plugin
true
- 2.5.3
+ 4.2.1
${project.artifactId}
From b3304510116cb068e9e035a4fe3cb6e9075abcdc Mon Sep 17 00:00:00 2001
From: Max Rohde <1448524+mxro@users.noreply.github.com>
Date: Fri, 28 Jul 2023 07:48:17 +1000
Subject: [PATCH 7/9] Fixing unit test, adding expected exception
---
src/test/java/delight/nashornsandbox/TestMemoryLimit.java | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/src/test/java/delight/nashornsandbox/TestMemoryLimit.java b/src/test/java/delight/nashornsandbox/TestMemoryLimit.java
index f281881..f744c34 100644
--- a/src/test/java/delight/nashornsandbox/TestMemoryLimit.java
+++ b/src/test/java/delight/nashornsandbox/TestMemoryLimit.java
@@ -29,8 +29,8 @@
public class TestMemoryLimit {
private static final int MEMORY_LIMIT = 700 * 1024 * 20;
- @Test
- public void test() throws ScriptCPUAbuseException, ScriptException {
+ @Test(expected = ScriptMemoryAbuseException.class)
+ public void test() throws ScriptCPUAbuseException, ScriptMemoryAbuseException, ScriptException {
final NashornSandbox sandbox = NashornSandboxes.create();
try {
sandbox.setMaxMemory(MEMORY_LIMIT);
@@ -38,8 +38,6 @@ public void test() throws ScriptCPUAbuseException, ScriptException {
final String js = "var o={},i=0; while (true) {o[i++] = 'abc'}";
sandbox.eval(js);
fail("Exception should be thrown");
- } catch (final ScriptMemoryAbuseException e) {
- assertFalse(e.isScriptKilled());
} finally {
sandbox.getExecutor().shutdown();
}
From 6da10dd805f9da1b2bafdd9289be9c9e76b3071d Mon Sep 17 00:00:00 2001
From: Max Rohde <1448524+mxro@users.noreply.github.com>
Date: Fri, 28 Jul 2023 07:49:56 +1000
Subject: [PATCH 8/9] Adding note to Readme
---
README.md | 2 ++
1 file changed, 2 insertions(+)
diff --git a/README.md b/README.md
index c38a66f..c55d198 100644
--- a/README.md
+++ b/README.md
@@ -8,6 +8,8 @@ Part of the [Java Delight Suite](https://github.com/javadelight/delight-main#jav
[![Maven Central](https://img.shields.io/maven-central/v/org.javadelight/delight-nashorn-sandbox.svg)](https://search.maven.org/#search%7Cga%7C1%7Cdelight-nashorn-sandbox)
+Note: Use version 0.3.x if you are using a Java version older than Java 20.
+
Open Security Issues: [# 73](https://github.com/javadelight/delight-nashorn-sandbox/issues/73) [# 117](https://github.com/javadelight/delight-nashorn-sandbox/issues/117)
## Usage
From 82768504652ab36407fb3b9ac9175f5ca4b1c68a Mon Sep 17 00:00:00 2001
From: Max Rohde <1448524+mxro@users.noreply.github.com>
Date: Fri, 28 Jul 2023 07:56:48 +1000
Subject: [PATCH 9/9] Upgrading maven bundle plugin to fix build
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index a85dce2..e1cf6ba 100644
--- a/pom.xml
+++ b/pom.xml
@@ -144,7 +144,7 @@
org.apache.felix
maven-bundle-plugin
true
- 4.2.1
+ 5.1.9
${project.artifactId}