[
https://issues.apache.org/jira/browse/JEXL-145?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14090869#comment-14090869
]
Ian Connor commented on JEXL-145:
---------------------------------
A potential fix is to replace code of the format
{{
String actual = sandbox.execute(obj.getClass().getName(), method);
}}
with
{{
String objClassName = (obj instanceof Class) ? ((Class<?>)obj).getName() :
obj.getClass().getName();
String actual = sandbox.execute(objClassName, method);
}}
> Incorrect test case in SandboxTest
> ----------------------------------
>
> Key: JEXL-145
> URL: https://issues.apache.org/jira/browse/JEXL-145
> Project: Commons JEXL
> Issue Type: Bug
> Affects Versions: 2.1.1
> Environment: JDK 1.7.0_45
> Reporter: Ian Connor
>
> Whilst debugging blacklisting of static functions using the Sandbox class and
> unable to get it to work I checked the testcase SandboxTest. I subsequently
> found that the test of System.exit() in testRestrict() passes not because
> System.currentTimeMillis() is whitelisted but because of a signature mismatch
> i.e System.exit() requires an int parameter. Changing the expression to
> System.exit(1) causes the test to end prematruely due to exit() being called.
> The white listing fails in SandboxUberspectImpl.getMethod() because obj is a
> Class and getClass().getName() returns "java.lang.Class" which doesn't match
> "java.lang.System" as specified in SandboxTest.testRestrict().
--
This message was sent by Atlassian JIRA
(v6.2#6252)
