(commons-jexl) 01/01: Merge pull request #400 from apache/JEXL-458

Sun, 26 Apr 2026 11:53:47 -0700 

This is an automated email from the ASF dual-hosted git repository.

henrib pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-jexl.git

commit ac298d34e657eb6052e3d33d4922e42791d85120
Merge: cc88f57d 9aa3c013
Author: Henrib <[email protected]>
AuthorDate: Sun Apr 26 20:53:31 2026 +0200

    Merge pull request #400 from apache/JEXL-458
    
    This PR (JEXL-458) updates the permissions model to support more expressive 
allow/deny configurations (including positive/whitelist semantics) and 
refactors tests to consistently use a restricted-but-sufficient default 
permission set for the suite.
    
    Changes:
    
    Extend permissions parsing/representation to support positive (+) 
package/class declarations and add context-aware allow(Class, Method/Field) 
checks.
    Update introspection and script-engine integration to apply the refined 
permission checks.
    Align/adjust unit tests and release notes to reflect the new permission 
behavior and defaults.

 RELEASE-NOTES.txt                                  |   3 +-
 src/changes/changes.xml                            |   1 +
 .../java/org/apache/commons/jexl3/JexlBuilder.java |   6 +-
 .../jexl3/internal/introspection/ClassMap.java     |  22 +-
 .../jexl3/internal/introspection/Permissions.java  | 384 ++++++++++++++-------
 .../internal/introspection/PermissionsParser.java  |  50 ++-
 .../jexl3/introspection/JexlPermissions.java       | 300 ++++++++++------
 .../commons/jexl3/scripting/JexlScriptEngine.java  |  20 +-
 .../org/apache/commons/jexl3/ArithmeticTest.java   |  34 +-
 .../jexl3/{JexlTest.java => ExpressionsTest.java}  |   6 +-
 src/test/java/org/apache/commons/jexl3/Foo.java    |   5 +-
 .../org/apache/commons/jexl3/Issues300Test.java    |  15 +-
 .../org/apache/commons/jexl3/Issues400Test.java    |  48 ++-
 .../java/org/apache/commons/jexl3/JXLTTest.java    |   9 +-
 src/test/java/org/apache/commons/jexl3/Jexl.java   |   3 +-
 .../org/apache/commons/jexl3/JexlTestCase.java     | 334 +++++++-----------
 .../apache/commons/jexl3/LoggingPermissions.java   |  94 +++++
 .../java/org/apache/commons/jexl3/SwitchTest.java  |   3 +-
 .../apache/commons/jexl3/examples/StreamTest.java  |  30 +-
 .../internal/introspection/DiscoveryTest.java      |  16 +-
 .../jexl3/internal/introspection/NoJexlTest.java   |   2 +-
 .../internal/introspection/PermissionsTest.java    |  19 +-
 .../scripting/JexlScriptEngineOptionalTest.java    |   8 +
 .../jexl3/scripting/JexlScriptEngineTest.java      |  46 ++-
 24 files changed, 926 insertions(+), 532 deletions(-)

Reply via email to