} catch (PropertyAccessException e) { if( e.toString().contains( "The security policy should have prevented" ) ) { Assert.fail("The security policy for the rule should have prevented this from executing..."); } else {
} catch (PropertyAccessException e) { if( e.toString().contains( "The security policy should have prevented" ) ) { Assert.fail("The security policy for the rule should have prevented this from executing..."); } else {
@Test public void testUntrustedMVELSalience() { String drl = "package org.foo.bar\n" + "import "+MaliciousExitHelper.class.getName().replace('$', '.')+" \n" + "rule R1 dialect \"mvel\" salience( MaliciousExitHelper.exit() ) \n" + "when\n" + "then\n" + "end\n"; try { KieServices ks = KieServices.Factory.get(); KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()) .setSourcePath("org/foo/bar/r1.drl")); ks.newKieBuilder(kfs).buildAll(); ReleaseId releaseId = ks.getRepository().getDefaultReleaseId(); KieContainer kc = ks.newKieContainer(releaseId); KieSession ksession = kc.newKieSession(); ksession.fireAllRules(); Assert.fail("The security policy for the rule should have prevented this from executing..."); } catch (PropertyAccessException e) { // weak way of testing but couldn't find a better way if( e.toString().contains( "The security policy should have prevented" ) ) { Assert.fail("The security policy for the rule should have prevented this from executing..."); } else { // test succeeded } } }
@Test public void testUntrustedMVELEnabled() { String drl = "package org.foo.bar\n" + "import "+MaliciousExitHelper.class.getName().replace('$', '.')+" \n" + "rule R1 dialect \"mvel\" enabled( MaliciousExitHelper.isEnabled() ) \n" + "when\n" + "then\n" + "end\n"; try { KieServices ks = KieServices.Factory.get(); KieFileSystem kfs = ks.newKieFileSystem().write(ResourceFactory.newByteArrayResource(drl.getBytes()) .setSourcePath("org/foo/bar/r1.drl")); ks.newKieBuilder(kfs).buildAll(); ReleaseId releaseId = ks.getRepository().getDefaultReleaseId(); KieContainer kc = ks.newKieContainer(releaseId); KieSession ksession = kc.newKieSession(); ksession.fireAllRules(); Assert.fail("The security policy for the rule should have prevented this from executing..."); } catch (PropertyAccessException e) { // weak way of testing but couldn't find a better way if( e.toString().contains( "The security policy should have prevented" ) ) { Assert.fail("The security policy for the rule should have prevented this from executing..."); } else { // test succeeded } } }
} catch (PropertyAccessException e) { if( e.toString().contains( "The security policy should have prevented" ) ) { Assert.fail("The security policy for the rule should have prevented this from executing..."); } else {