8074021: Indirect eval fails when used as an element of an array or as a property of an object
Reviewed-by: attila, hannesw
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/nashorn/samples/showenv.js Fri Feb 27 18:03:18 2015 +0530
@@ -0,0 +1,82 @@
+#// Usage: jjs -fx showenv.js
+
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * - Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Oracle nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+if (!$OPTIONS._fx) {
+ print("Usage: jjs -fx showenv.js");
+ exit(1);
+}
+
+// This script displays environment entries as a HTML table.
+// Demonstrates heredoc to generate HTML content and display
+// using JavaFX WebView.
+
+// JavaFX classes used
+var Scene = Java.type("javafx.scene.Scene");
+var WebView = Java.type("javafx.scene.web.WebView");
+
+// JavaFX start method
+function start(stage) {
+ start.title = "Your Environment";
+ var wv = new WebView();
+ var envrows = "";
+ for (var i in $ENV) {
+ envrows += <<TBL
+<tr>
+<td>
+${i}
+</td>
+<td>
+${$ENV[i]}
+</td>
+</tr>
+TBL
+ }
+
+ wv.engine.loadContent(<<EOF
+<html>
+<head>
+<title>
+Your Environment
+</title>
+</head>
+<body>
+<h1>Your Environment</h1>
+<table border="1">
+${envrows}
+</table>
+</body>
+</html>
+EOF, "text/html");
+ stage.scene = new Scene(wv, 750, 500);
+ stage.show();
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/nashorn/samples/showsysprops.js Fri Feb 27 18:03:18 2015 +0530
@@ -0,0 +1,84 @@
+#// Usage: jjs -fx showsysprops.js
+
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * - Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of Oracle nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+if (!$OPTIONS._fx) {
+ print("Usage: jjs -fx showsysprops.js");
+ exit(1);
+}
+
+// This script displays System properties as a HTML table.
+// Demonstrates heredoc to generate HTML content and display
+// using JavaFX WebView.
+
+// JavaFX, Java classes used
+var Scene = Java.type("javafx.scene.Scene");
+var System = Java.type("java.lang.System");
+var WebView = Java.type("javafx.scene.web.WebView");
+
+// JavaFX start method
+function start(stage) {
+ start.title = "Your System Properties";
+ var wv = new WebView();
+ var sysproprows = "";
+ var sysprops = System.properties;
+ for (var i in sysprops) {
+ sysproprows += <<TBL
+<tr>
+<td>
+${i}
+</td>
+<td>
+${sysprops[i]}
+</td>
+</tr>
+TBL
+ }
+
+ wv.engine.loadContent(<<EOF
+<html>
+<head>
+<title>
+Your System Properties
+</title>
+</head>
+<body>
+<h1>Your System Properties</h1>
+<table border="1">
+${sysproprows}
+</table>
+</body>
+</html>
+EOF, "text/html");
+ stage.scene = new Scene(wv, 750, 500);
+ stage.show();
+}
--- a/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/objects/Global.java Wed Jul 05 20:22:22 2017 +0200
+++ b/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/objects/Global.java Fri Feb 27 18:03:18 2015 +0530
@@ -951,7 +951,7 @@
return str;
}
final Global global = Global.instanceFrom(self);
- final ScriptObject scope = self instanceof ScriptObject ? (ScriptObject)self : global;
+ final ScriptObject scope = self instanceof ScriptObject && ((ScriptObject)self).isScope() ? (ScriptObject)self : global;
return global.getContext().eval(scope, str.toString(), callThis, location, strict, true);
}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/nashorn/test/script/basic/JDK-8074021.js Fri Feb 27 18:03:18 2015 +0530
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * JDK-8074021: Indirect eval fails when used as an element of an array or as a property of an object
+ *
+ * @test
+ * @run
+ */
+
+var obj = { foo: eval };
+Assert.assertTrue(obj.foo("typeof(print) == 'function'"));
+Assert.assertTrue(obj.foo("RegExp instanceof Function"));
+Assert.assertEquals(obj.foo("String(new Array(2, 4, 3))"), "2,4,3");
+obj.foo("print('hello')");
+
+var args = [ eval ];
+Assert.assertTrue(args[0]("typeof(print) == 'function'"));
+Assert.assertTrue(args[0]("RegExp instanceof Function"));
+Assert.assertEquals(args[0]("String(new Array(2, 4, 3))"), "2,4,3");
+args[0]("print('hello')");
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/nashorn/test/script/basic/JDK-8074021.js.EXPECTED Fri Feb 27 18:03:18 2015 +0530
@@ -0,0 +1,2 @@
+hello
+hello