8055811: Tests for Nashorn ClassFilter Support
Reviewed-by: sundar, attila
Contributed-by: Sergey Lugovoy <sergey.lugovoy@oracle.com>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/nashorn/test/script/trusted/classfilter_extends.js Tue Aug 26 13:26:15 2014 +0400
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * @test
+ * @bug 8036987
+ * @run
+ */
+
+var factory = Java.type('jdk.nashorn.api.scripting.NashornScriptEngineFactory')
+var engine = new factory().getScriptEngine(function(str){
+ return str.indexOf('java.lang.Class') != -1
+ || str == 'java.lang.System'
+ || str.indexOf('java.util') != -1;
+})
+
+function tryEval (str) {
+ try {
+ print(eval(str))
+ print(engine.eval(str))
+ } catch (exc) {
+ print(exc.message)
+ }
+}
+
+tryEval("Java.type('java.util.ArrayList')")
+tryEval("Java.type('java.lang.String')")
+tryEval("java.util.ArrayList")
+tryEval("java.lang.String")
+tryEval("Java.extend(java.util.ArrayList, {})")
+tryEval("Java.extend(java.io.File, {})")
+tryEval("new java.lang.NullPointerException();")
+tryEval("try { java.lang.System.load(null) } catch (e) { e }")
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/nashorn/test/script/trusted/classfilter_extends.js.EXPECTED Tue Aug 26 13:26:15 2014 +0400
@@ -0,0 +1,16 @@
+[JavaClass java.util.ArrayList]
+[JavaClass java.util.ArrayList]
+[JavaClass java.lang.String]
+java.lang.ClassNotFoundException: java.lang.String
+[JavaClass java.util.ArrayList]
+[JavaClass java.util.ArrayList]
+[JavaClass java.lang.String]
+[JavaPackage java.lang.String]
+[JavaClass jdk.nashorn.javaadapters.java.util.ArrayList]
+[JavaClass jdk.nashorn.javaadapters.java.util.ArrayList]
+[JavaClass jdk.nashorn.javaadapters.java.io.File]
+TypeError: Java.extend needs Java types as its arguments. in <eval> at line number 1
+java.lang.NullPointerException
+java.lang.ClassNotFoundException: java.lang.NullPointerException
+java.lang.NullPointerException: library can't be null
+java.lang.NullPointerException: library can't be null
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/nashorn/test/script/trusted/classfilter_mozilla_compat.js Tue Aug 26 13:26:15 2014 +0400
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * @test
+ * @bug 8036987
+ * @run
+ */
+
+var factory = Java.type('jdk.nashorn.api.scripting.NashornScriptEngineFactory')
+var engine = new factory().getScriptEngine(function(str){
+ return str.indexOf('java.util') != -1;
+})
+
+load("nashorn:mozilla_compat.js");
+engine.eval("load('nashorn:mozilla_compat.js');")
+
+function tryEval (str) {
+ try {
+ print(eval(str))
+ print(engine.eval(str))
+ } catch (exc) {
+ print(exc.message)
+ }
+}
+
+tryEval("new JavaAdapter(javax.script.ScriptContext){}.class")
+tryEval("new JavaAdapter(java.util.ArrayList){}.class")
+tryEval("importClass(java.lang.Integer); Integer")
+tryEval("importClass(java.util.HashSet); HashSet")
+tryEval("importPackage(java.lang); Integer")
+tryEval("importPackage(java.util); HashMap")
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/nashorn/test/script/trusted/classfilter_mozilla_compat.js.EXPECTED Tue Aug 26 13:26:15 2014 +0400
@@ -0,0 +1,12 @@
+class javax.script.ScriptContext$$NashornJavaAdapter
+TypeError: Java.extend needs at least one type argument. in nashorn:mozilla_compat.js at line number 39
+class jdk.nashorn.javaadapters.java.util.ArrayList
+class jdk.nashorn.javaadapters.java.util.ArrayList
+[JavaClass java.lang.Integer]
+TypeError: [object JavaPackage] is not a Java class in nashorn:mozilla_compat.js at line number 373 at column number 16
+[JavaClass java.util.HashSet]
+[JavaClass java.util.HashSet]
+[JavaClass java.lang.Integer]
+ReferenceError: "Integer" is not defined in nashorn:mozilla_compat.js at line number 67
+[JavaClass java.util.HashMap]
+[JavaClass java.util.HashMap]
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/nashorn/test/src/jdk/nashorn/internal/runtime/ClassFilterTest.java Tue Aug 26 13:26:15 2014 +0400
@@ -0,0 +1,165 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package jdk.nashorn.internal.runtime;
+
+
+import jdk.nashorn.api.scripting.ClassFilter;
+import jdk.nashorn.api.scripting.NashornScriptEngineFactory;
+import jdk.nashorn.api.scripting.URLReader;
+import org.testng.annotations.Test;
+
+import javax.script.ScriptEngine;
+import javax.script.ScriptException;
+import java.io.File;
+
+import static org.testng.Assert.fail;
+
+public class ClassFilterTest {
+
+ private final String codeCache = "build/nashorn_code_cache";
+
+ @Test
+ public void runExternalJsTest() {
+ String[] paths = new String[]{
+ "test/script/basic/compile-octane.js",
+ "test/script/basic/jquery.js",
+ "test/script/basic/prototype.js",
+ "test/script/basic/runsunspider.js",
+ "test/script/basic/underscore.js",
+ "test/script/basic/yui.js",
+ "test/script/basic/run-octane.js"
+ };
+ NashornScriptEngineFactory factory = new NashornScriptEngineFactory();
+ for (String path : paths) {
+ ScriptEngine engine = factory.getScriptEngine(new String[]{"-scripting"}, getClass().getClassLoader(), getClassFilter());
+ try {
+ engine.eval(new URLReader(new File(path).toURI().toURL()));
+ } catch (Exception e) {
+ fail("Script " + path + " fails with exception :" + e.getMessage());
+ }
+ }
+ }
+
+ @Test
+ public void noJavaOptionTest() {
+ NashornScriptEngineFactory factory = new NashornScriptEngineFactory();
+ ScriptEngine engine = factory.getScriptEngine(new String[]{"--no-java"}, getClass().getClassLoader(), getClassFilter());
+ try {
+ engine.eval("var str = Java.type('java.lang.String');");
+ fail("TypeError should have been thrown");
+ } catch (ScriptException exc) {
+ }
+ }
+
+ @Test
+ public void securityTest() {
+ if (System.getSecurityManager() == null) {
+ return;
+ }
+
+ NashornScriptEngineFactory factory = new NashornScriptEngineFactory();
+ ScriptEngine engine = factory.getScriptEngine(getClassFilter());
+ try {
+ engine.eval("var thread = Java.type('sun.misc.Unsafe')");
+ fail("SecurityException should have been thrown");
+ } catch (final Exception exc) {
+ }
+ try {
+ engine.eval("var thread = new sun.misc.Unsafe()");
+ fail("SecurityException should have been thrown");
+ } catch (final Exception exc) {
+ }
+ try {
+ engine.eval("var thread = Java.extend(sun.misc.Unsafe, {})");
+ fail("TypeError should have been thrown");
+ } catch (final Exception exc) {
+ }
+ try {
+ engine.eval("java.lang.System.exit(0)");
+ fail("SecurityException should have been thrown");
+ } catch (final Exception exc) {
+ }
+
+ }
+
+ @Test
+ public void persistentCacheTest() {
+ System.setProperty("nashorn.persistent.code.cache", codeCache);
+ NashornScriptEngineFactory factory = new NashornScriptEngineFactory();
+ ScriptEngine engine = factory.getScriptEngine(
+ new String[]{"--persistent-code-cache"},
+ getClass().getClassLoader(),
+ getClassFilter()
+ );
+ String testScript = "var a = Java.type('java.lang.String');" + generateCodeForPersistentStore();
+ try {
+ engine.eval(testScript);
+ } catch (final ScriptException exc) {
+ fail(exc.getMessage());
+ }
+ ScriptEngine engineSafe = factory.getScriptEngine(
+ new String[]{"--persistent-code-cache"},
+ getClass().getClassLoader(),
+ new ClassFilter() {
+ @Override
+ public boolean exposeToScripts(String s) {
+ return false;
+ }
+ }
+ );
+ try {
+ engineSafe.eval(testScript);
+ fail("ClassNotFoundException should have been thrown");
+ } catch (final Exception exc) {
+ if (!(exc.getCause() instanceof ClassNotFoundException)) {
+ fail("ClassNotFoundException expected");
+ }
+ }
+ }
+
+ private String generateCodeForPersistentStore() {
+ StringBuilder stringBuilder = new StringBuilder();
+ for (int i=0; i < 100; i++) {
+ stringBuilder.append("function i")
+ .append(i)
+ .append("(y, z) { var x")
+ .append(i)
+ .append(" = ")
+ .append(i)
+ .append(";}");
+ }
+ return stringBuilder.toString();
+ }
+
+ private ClassFilter getClassFilter() {
+ return new ClassFilter() {
+ @Override
+ public boolean exposeToScripts(String s) {
+ return true;
+ }
+ };
+ }
+}