Fixing issue #10

Autocommit Tue Aug 16 09:52:18 AEST 2016

README.md

@@ -51,7 +51,7 @@ This code will raise a ScriptCPUAbuseException.
     <dependency>
         <groupId>org.javadelight</groupId>
         <artifactId>delight-nashorn-sandbox</artifactId>
-        <version>0.0.5</version>
+        <version>0.0.6</version>
     </dependency>
 
 Find out latest version [here](http://modules.appjangle.com/delight-nashorn-sandbox/latest/project-summary.html).

pom.xml

@@ -70,10 +70,10 @@
 				</configuration>
 			</plugin>
 
-			<!-- <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-assembly-plugin</artifactId> 
+			<!--  <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-assembly-plugin</artifactId> 
 				<version>2.4</version> <executions> <execution> <goals> <goal>attached</goal> 
 				</goals> <phase>package</phase> <configuration> <descriptors> <descriptor>src/assemble/distribution.xml</descriptor> 
-				</descriptors> </configuration> </execution> </executions> </plugin> -->
+				</descriptors> </configuration> </execution> </executions> </plugin> --> 
 
 
 

src/main/java/delight/nashornsandbox/internal/NashornSandboxImpl.java

@@ -13,6 +13,8 @@
 import java.util.Random;
 import java.util.Set;
 import java.util.concurrent.ExecutorService;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 import javax.script.ScriptEngine;
 import javax.script.ScriptException;
 import jdk.nashorn.api.scripting.NashornScriptEngineFactory;
@@ -61,70 +63,76 @@ public void assertScriptEngine() {
       }
       String _xifexpression = null;
       if ((!this.allowPrintFunctions)) {
-        _xifexpression = (("" + 
-          "quit = function() {};\n") + 
-          "exit = function() {};\n");
+        _xifexpression = (("" + "quit = function() {};\n") + "exit = function() {};\n");
       } else {
         _xifexpression = "";
       }
       String _plus = ("\n" + _xifexpression);
-      String _plus_1 = (_plus + 
-        "\n");
+      String _plus_1 = (_plus + "\n");
       String _xifexpression_1 = null;
       if ((!this.allowPrintFunctions)) {
-        _xifexpression_1 = (("" + 
-          "print = function() {};\n") + 
-          "echo = function() {};\n");
+        _xifexpression_1 = (("" + "print = function() {};\n") + "echo = function() {};\n");
       } else {
         _xifexpression_1 = "";
       }
       String _plus_2 = (_plus_1 + _xifexpression_1);
-      String _plus_3 = (_plus_2 + 
-        "\n");
+      String _plus_3 = (_plus_2 + "\n");
       String _xifexpression_2 = null;
       if ((!this.allowReadFunctions)) {
-        _xifexpression_2 = (("" + 
-          "readFully = function() {};\n") + 
-          "readLine = function() {};\n");
+        _xifexpression_2 = (("" + "readFully = function() {};\n") + "readLine = function() {};\n");
       } else {
         _xifexpression_2 = "";
       }
       String _plus_4 = (_plus_3 + _xifexpression_2);
-      String _plus_5 = (_plus_4 + 
-        "\n");
+      String _plus_5 = (_plus_4 + "\n");
       String _xifexpression_3 = null;
       if ((!this.allowLoadFunctions)) {
-        _xifexpression_3 = (("" + 
-          "load = function() {};\n") + 
-          "loadWithNewGlobal = function() {};\n");
+        _xifexpression_3 = (("" + "load = function() {};\n") + "loadWithNewGlobal = function() {};\n");
       } else {
         _xifexpression_3 = "";
       }
       String _plus_6 = (_plus_5 + _xifexpression_3);
-      String _plus_7 = (_plus_6 + 
-        "\n");
+      String _plus_7 = (_plus_6 + "\n");
       String _xifexpression_4 = null;
       if ((!this.allowGlobalsObjects)) {
-        _xifexpression_4 = ((((((("" + 
-          "$ARG = null;\n") + 
-          "$ENV = null;\n") + 
-          "$EXEC = null;\n") + 
-          "$OPTIONS = null;\n") + 
-          "$OUT = null;\n") + 
-          "$ERR = null;\n") + 
-          "$EXIT = null;\n");
+        _xifexpression_4 = ((((((("" + "$ARG = null;\n") + "$ENV = null;\n") + "$EXEC = null;\n") + "$OPTIONS = null;\n") + 
+          "$OUT = null;\n") + "$ERR = null;\n") + "$EXIT = null;\n");
       } else {
         _xifexpression_4 = "";
       }
       String _plus_8 = (_plus_7 + _xifexpression_4);
-      String _plus_9 = (_plus_8 + 
-        "\n");
+      String _plus_9 = (_plus_8 + "\n");
       this.scriptEngine.eval(_plus_9);
     } catch (Throwable _e) {
       throw Exceptions.sneakyThrow(_e);
     }
   }
 
+  private static String replaceGroup(final String str, final String regex, final String replacementForGroup2) {
+    final Pattern pattern = Pattern.compile(regex);
+    final Matcher matcher = pattern.matcher(str);
+    final StringBuffer sb = new StringBuffer();
+    while (matcher.find()) {
+      matcher.appendReplacement(sb, ("$1" + replacementForGroup2));
+    }
+    matcher.appendTail(sb);
+    return sb.toString();
+  }
+
+  private static String injectInterruptionCalls(final String str, final int randomToken) {
+    String _xblockexpression = null;
+    {
+      String res = str.replaceAll(";\\n", ((";intCheckForInterruption" + Integer.valueOf(randomToken)) + "();\n"));
+      String _replaceGroup = NashornSandboxImpl.replaceGroup(res, "(while \\([^\\)]*)(\\) \\{)", ((") {intCheckForInterruption" + Integer.valueOf(randomToken)) + "();\n"));
+      res = _replaceGroup;
+      String _replaceGroup_1 = NashornSandboxImpl.replaceGroup(res, "(for \\([^\\)]*)(\\) \\{)", ((") {intCheckForInterruption" + Integer.valueOf(randomToken)) + "();\n"));
+      res = _replaceGroup_1;
+      String _replaceAll = res.replaceAll("\\} while \\(", (("\nintCheckForInterruption" + Integer.valueOf(randomToken)) + "();\n\\} while \\("));
+      _xblockexpression = res = _replaceAll;
+    }
+    return _xblockexpression;
+  }
+
   @Override
   public Object eval(final String js) {
     try {
@@ -188,9 +196,8 @@ public void run() {
                   _builder.newLine();
                   _builder.append("};");
                   _builder.newLine();
-                  String _replaceAll = beautifiedJs.replaceAll(";\\n", ((";intCheckForInterruption" + Integer.valueOf(randomToken)) + "();\n"));
-                  String _replace = _replaceAll.replace(") {", ((") {intCheckForInterruption" + Integer.valueOf(randomToken)) + "();\n"));
-                  final String securedJs = (_builder.toString() + _replace);
+                  String _injectInterruptionCalls = NashornSandboxImpl.injectInterruptionCalls(beautifiedJs, randomToken);
+                  final String securedJs = (_builder.toString() + _injectInterruptionCalls);
                   final Thread mainThread = Thread.currentThread();
                   Thread _currentThread = Thread.currentThread();
                   monitorThread.setThreadToMonitor(_currentThread);

src/main/xtend/delight/nashornsandbox/internal/NashornSandboxImpl.xtend

@@ -4,11 +4,11 @@ import delight.async.Value
 import delight.nashornsandbox.NashornSandbox
 import delight.nashornsandbox.exceptions.ScriptCPUAbuseException
 import java.util.HashMap
-import java.util.HashSet
 import java.util.Map
 import java.util.Random
-import java.util.Set
 import java.util.concurrent.ExecutorService
+import java.util.regex.Matcher
+import java.util.regex.Pattern
 import javax.script.ScriptEngine
 import javax.script.ScriptException
 import jdk.nashorn.api.scripting.NashornScriptEngineFactory
@@ -46,39 +46,45 @@ class NashornSandboxImpl implements NashornSandbox {
 		for (entry : globalVariables.entrySet) {
 			scriptEngine.put(entry.key, entry.value)
 		}
-
-		scriptEngine.eval("\n" +
-				(if (!this.allowPrintFunctions) "" +
-						"quit = function() {};\n" +
-						"exit = function() {};\n"
-				else "") +
-				"\n" +
-				(if (!this.allowPrintFunctions) "" +
-						"print = function() {};\n" +
-						"echo = function() {};\n"
-				else "") +
-				"\n" +
-				(if (!this.allowReadFunctions) "" +
-						"readFully = function() {};\n" +
-						"readLine = function() {};\n"
-				else "") +
-				"\n" +
-				(if (!this.allowLoadFunctions) "" +
-						"load = function() {};\n" +
-						"loadWithNewGlobal = function() {};\n"
-				else "") +
-				"\n" +
-				(if (!this.allowGlobalsObjects) "" +
-						"$ARG = null;\n" +
-						"$ENV = null;\n" +
-						"$EXEC = null;\n" +
-						"$OPTIONS = null;\n" +
-						"$OUT = null;\n" +
-						"$ERR = null;\n" +
-						"$EXIT = null;\n"
-				else "") +
-                "\n")
-
+
+		scriptEngine.eval(
+			"\n" + (if (!this.allowPrintFunctions)
+				"" + "quit = function() {};\n" + "exit = function() {};\n"
+			else
+				"") + "\n" + (if (!this.allowPrintFunctions)
+				"" + "print = function() {};\n" + "echo = function() {};\n"
+			else
+				"") + "\n" + (if (!this.allowReadFunctions)
+				"" + "readFully = function() {};\n" + "readLine = function() {};\n"
+			else
+				"") + "\n" + (if (!this.allowLoadFunctions)
+				"" + "load = function() {};\n" + "loadWithNewGlobal = function() {};\n"
+			else
+				"") + "\n" +
+				(if (!this.allowGlobalsObjects)
+					"" + "$ARG = null;\n" + "$ENV = null;\n" + "$EXEC = null;\n" + "$OPTIONS = null;\n" +
+						"$OUT = null;\n" + "$ERR = null;\n" + "$EXIT = null;\n"
+				else
+					"") + "\n")
+
+	}
+
+	private def static String replaceGroup(String str, String regex, String replacementForGroup2) {
+		val Pattern pattern = Pattern.compile(regex);
+		val Matcher matcher = pattern.matcher(str);
+		val StringBuffer sb = new StringBuffer();
+		while (matcher.find()) { 
+			matcher.appendReplacement(sb, "$1" + replacementForGroup2);
+		}
+		matcher.appendTail(sb);
+		return sb.toString()
+	}
+
+	private def static String injectInterruptionCalls(String str, int randomToken) {
+		var res = str.replaceAll(';\\n', ';intCheckForInterruption' + randomToken + '();\n')
+		res = replaceGroup(res, "(while \\([^\\)]*)(\\) \\{)", ') {intCheckForInterruption' + randomToken + '();\n')
+		res = replaceGroup(res, "(for \\([^\\)]*)(\\) \\{)", ') {intCheckForInterruption' + randomToken + '();\n')
+		res = res.replaceAll("\\} while \\(", "\nintCheckForInterruption" + randomToken + "();\n\\} while \\(")
 	}
 
 	override Object eval(String js) {
@@ -123,10 +129,10 @@ class NashornSandboxImpl implements NashornSandbox {
 							    throw new Error('Interrupted«randomToken»')
 							}
 						};
-					''' +
-						beautifiedJs.replaceAll(';\\n', ';intCheckForInterruption' + randomToken + '();\n').
-							replace(') {', ') {intCheckForInterruption' + randomToken + '();\n')
-
+					''' + injectInterruptionCalls(beautifiedJs, randomToken)
+
+
+					
 					val mainThread = Thread.currentThread
 
 					monitorThread.threadToMonitor = Thread.currentThread
@@ -241,7 +247,7 @@ class NashornSandboxImpl implements NashornSandbox {
 	override ExecutorService getExecutor() {
 		this.exectuor
 	}
-	
+
 	override get(String variableName) {
 		assertScriptEngine
 		scriptEngine.get(variableName)
@@ -266,13 +272,11 @@ class NashornSandboxImpl implements NashornSandbox {
 	override allowGlobalsObjects(boolean v) {
 		this.allowGlobalsObjects = v
 	}
-	
+
 	new() {
 		this.sandboxClassFilter = new SandboxClassFilter()
 		this.globalVariables = new HashMap<String, Object>
 		allow(InterruptTest)
 	}
-
-
 
 }

src/test/java/delight/nashornsandbox/tests/TestLimitCPU.java

@@ -109,4 +109,25 @@ public void test_while_plus_iteration() {
       _executor.shutdown();
     }
   }
+
+  @Test(expected = ScriptCPUAbuseException.class)
+  public void test_do_while() {
+    final NashornSandbox sandbox = NashornSandboxes.create();
+    try {
+      sandbox.setMaxCPUTime(50);
+      ExecutorService _newSingleThreadExecutor = Executors.newSingleThreadExecutor();
+      sandbox.setExecutor(_newSingleThreadExecutor);
+      StringConcatenation _builder = new StringConcatenation();
+      _builder.append("do {");
+      _builder.newLine();
+      _builder.append("\t");
+      _builder.newLine();
+      _builder.append("} while (true);");
+      _builder.newLine();
+      sandbox.eval(_builder.toString());
+    } finally {
+      ExecutorService _executor = sandbox.getExecutor();
+      _executor.shutdown();
+    }
+  }
 }

src/test/java/delight/nashornsandbox/tests/TestSwitch.java

@@ -0,0 +1,59 @@
+package delight.nashornsandbox.tests;
+
+import delight.nashornsandbox.NashornSandbox;
+import delight.nashornsandbox.NashornSandboxes;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import org.eclipse.xtend2.lib.StringConcatenation;
+import org.junit.Test;
+
+@SuppressWarnings("all")
+public class TestSwitch {
+  @Test
+  public void test() {
+    final NashornSandbox sandbox = NashornSandboxes.create();
+    try {
+      sandbox.allowPrintFunctions(true);
+      sandbox.setMaxCPUTime(50);
+      ExecutorService _newSingleThreadExecutor = Executors.newSingleThreadExecutor();
+      sandbox.setExecutor(_newSingleThreadExecutor);
+      StringConcatenation _builder = new StringConcatenation();
+      _builder.append("var expr = \"one\";");
+      _builder.newLine();
+      _builder.newLine();
+      _builder.append("switch (expr) {");
+      _builder.newLine();
+      _builder.append("  ");
+      _builder.append("case \"one\":");
+      _builder.newLine();
+      _builder.append("    ");
+      _builder.append("// ok");
+      _builder.newLine();
+      _builder.append("    ");
+      _builder.append("break;");
+      _builder.newLine();
+      _builder.append("  ");
+      _builder.append("case \"two\":");
+      _builder.newLine();
+      _builder.append("    ");
+      _builder.append("// ok");
+      _builder.newLine();
+      _builder.append("    ");
+      _builder.append("break;");
+      _builder.newLine();
+      _builder.append("  ");
+      _builder.append("default:");
+      _builder.newLine();
+      _builder.append("    ");
+      _builder.append("print(\"Unknown expression\");");
+      _builder.newLine();
+      _builder.append("}");
+      _builder.newLine();
+      _builder.newLine();
+      sandbox.eval(_builder.toString());
+    } finally {
+      ExecutorService _executor = sandbox.getExecutor();
+      _executor.shutdown();
+    }
+  }
+}

src/test/xtend/delight/nashornsandbox/tests/TestLimitCPU.xtend

@@ -93,6 +93,24 @@ class TestLimitCPU {
 		}
 	}
 
+	@Test(expected=ScriptCPUAbuseException)
+	def void test_do_while() {
+		val sandbox = NashornSandboxes.create()
+		try {
+
+			sandbox.maxCPUTime = 50
+			sandbox.executor = Executors.newSingleThreadExecutor
+
+			sandbox.eval('''
+				do {
+					
+				} while (true);
+			''')
+		} finally {
+			sandbox.executor.shutdown()
+		}
+	}
+
 
 
 }