Uploaded image for project: 'Commons JEXL'
  1. Commons JEXL
  2. JEXL-120

Make ParseException work in sandboxed environment

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.0.1
    • Fix Version/s: 2.1
    • Labels:
      None

      Description

      We execute JEXL expressions in sandboxed environment (using Java policy mechanism). When the expression is incorrect, the org.apache.commons.jexl2.parser.ParseException is thrown. Unfortunately it tries to access System.getProperty("line.separator", "\n") which fails if access to system property is not allowed.

      java.security.AccessControlException: access denied (java.util.PropertyPermission line.separator read)
          at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
          at java.security.AccessController.checkPermission(AccessController.java:546)
          at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
          at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)
          at java.lang.System.getProperty(System.java:686)
          at org.apache.commons.jexl2.parser.ParseException.initialise(ParseException.java:91)
          at org.apache.commons.jexl2.parser.ParseException.<init>(ParseException.java:34)
          at org.apache.commons.jexl2.parser.Parser.generateParseException(Parser.java:3601)
      

        Attachments

          Activity

            People

            • Assignee:
              henrib Henri Biestro
              Reporter:
              dart0 Lukas Krecan
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: