Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
2.0.1
-
None
Description
We execute JEXL expressions in sandboxed environment (using Java policy mechanism). When the expression is incorrect, the org.apache.commons.jexl2.parser.ParseException is thrown. Unfortunately it tries to access System.getProperty("line.separator", "\n") which fails if access to system property is not allowed.
java.security.AccessControlException: access denied (java.util.PropertyPermission line.separator read) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285) at java.lang.System.getProperty(System.java:686) at org.apache.commons.jexl2.parser.ParseException.initialise(ParseException.java:91) at org.apache.commons.jexl2.parser.ParseException.<init>(ParseException.java:34) at org.apache.commons.jexl2.parser.Parser.generateParseException(Parser.java:3601)