aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/main/java/org/traccar/config/Keys.java83
-rw-r--r--src/main/java/org/traccar/handler/ComputedAttributesHandler.java25
2 files changed, 4 insertions, 104 deletions
diff --git a/src/main/java/org/traccar/config/Keys.java b/src/main/java/org/traccar/config/Keys.java
index 49af7cfab..53f0336cc 100644
--- a/src/main/java/org/traccar/config/Keys.java
+++ b/src/main/java/org/traccar/config/Keys.java
@@ -1300,102 +1300,25 @@ public final class Keys {
"processing.computedAttributes.deviceAttributes",
List.of(KeyType.CONFIG));
/**
- * Enable annotation constructs processing.
- * When disabled, parsing a script/expression using syntactic annotation constructs (@annotation) will throw a parsing exception.
- */
- public static final ConfigKey<Boolean> PROCESSING_COMPUTED_ATTRIBUTES_ANNOTATION = new BooleanConfigKey(
- "processing.computedAttributes.parser.annotation",
- List.of(KeyType.CONFIG));
- /**
- * Enable array references processing.
- * When disabled, parsing a script/expression using 'obj[ ref ]' where ref is not a string or integer literal will throw a parsing exception;
- */
- public static final ConfigKey<Boolean> PROCESSING_COMPUTED_ATTRIBUTES_ARRAY_REFERENCES = new BooleanConfigKey(
- "processing.computedAttributes.parser.arrayReferences",
- List.of(KeyType.CONFIG));
- /**
- * Enable lambda declaration.
- * When disabled, parsing a script/expression using syntactic lambda constructs (->,function) will throw a parsing exception.
- */
- public static final ConfigKey<Boolean> PROCESSING_COMPUTED_ATTRIBUTES_LAMBDA = new BooleanConfigKey(
- "processing.computedAttributes.parser.lambda",
- List.of(KeyType.CONFIG));
- /**
- * Enable whether redefining local variables is an error.
- * When disabled, parsing a script/expression using a local variable or parameter syntax will throw a parsing exception.
- */
- public static final ConfigKey<Boolean> PROCESSING_COMPUTED_ATTRIBUTES_LEXICAL = new BooleanConfigKey(
- "processing.computedAttributes.parser.lexical",
- List.of(KeyType.CONFIG));
- /**
- * Enable whether local variables shade global variables outside their scope.
- */
- public static final ConfigKey<Boolean> PROCESSING_COMPUTED_ATTRIBUTES_LEXICAL_SHADE = new BooleanConfigKey(
- "processing.computedAttributes.parser.lexicalShade",
- List.of(KeyType.CONFIG));
- /**
* Enable local variables declaration.
*/
public static final ConfigKey<Boolean> PROCESSING_COMPUTED_ATTRIBUTES_LOCAL_VARIABLES = new BooleanConfigKey(
- "processing.computedAttributes.parser.localVariables",
+ "processing.computedAttributes.localVariables",
List.of(KeyType.CONFIG));
/**
* Enable loops processing.
*/
public static final ConfigKey<Boolean> PROCESSING_COMPUTED_ATTRIBUTES_LOOPS = new BooleanConfigKey(
- "processing.computedAttributes.parser.loops",
- List.of(KeyType.CONFIG));
- /**
- * Set whether object method calls are enabled.
- * When disabled, parsing a script/expression using 'obj.method()' will throw a parsing exception;
- */
- public static final ConfigKey<Boolean> PROCESSING_COMPUTED_ATTRIBUTES_METHOD_CALLS = new BooleanConfigKey(
- "processing.computedAttributes.parser.method_calls",
+ "processing.computedAttributes.loops",
List.of(KeyType.CONFIG));
/**
* Enable new instances creation.
* When disabled, parsing a script/expression using 'new(...)' will throw a parsing exception; using a class as functor will fail.
*/
public static final ConfigKey<Boolean> PROCESSING_COMPUTED_ATTRIBUTES_NEW_INSTANCE_CREATION = new BooleanConfigKey(
- "processing.computedAttributes.parser.newInstanceCreation",
+ "processing.computedAttributes.newInstanceCreation",
List.of(KeyType.CONFIG));
/**
- * Enable pragma expressions processing.
- * When disabled, parsing a script/expression using syntactic pragma constructs (#pragma) will throw a parsing exception.
- */
- public static final ConfigKey<Boolean> PROCESSING_COMPUTED_ATTRIBUTES_PRAGMA = new BooleanConfigKey(
- "processing.computedAttributes.parser.pragma",
- List.of(KeyType.CONFIG));
- /**
- * Enable scripts constructs processing.
- * When disabled, parsing a script using syntactic script constructs (statements, ...) will throw a parsing exception.
- * Dangerous, as can be used to escalate privileges on the Traccar server.
- */
- public static final ConfigKey<Boolean> PROCESSING_COMPUTED_ATTRIBUTES_SCRIPT_CONSTRUCTS = new BooleanConfigKey(
- "processing.computedAttributes.parser.scriptConstructs",
- List.of(KeyType.CONFIG));
- /**
- * Enable side effect expressions processing.
- * When disabled, parsing a script/expression using syntactical constructs modifying variables or members will throw a parsing exception.
- */
- public static final ConfigKey<Boolean> PROCESSING_COMPUTED_ATTRIBUTES_SIDE_EFFECT = new BooleanConfigKey(
- "processing.computedAttributes.parser.sideEffect",
- List.of(KeyType.CONFIG));
- /**
- * Set whether side effect expressions on global variables (aka non-local) are enabled.
- * When disabled, parsing a script/expression using syntactical constructs modifying variables including all potentially ant-ish variables will throw a parsing exception.
- */
- public static final ConfigKey<Boolean> PROCESSING_COMPUTED_ATTRIBUTES_SIDE_EFFECT_GLOBAL = new BooleanConfigKey(
- "processing.computedAttributes.parser.sideEffectGlobal",
- List.of(KeyType.CONFIG));
- /**
- * Enable array/map/set literal expressions processing.
- */
- public static final ConfigKey<Boolean> PROCESSING_COMPUTED_ATTRIBUTES_STRUCTURED_LITERAL = new BooleanConfigKey(
- "processing.computedAttributes.parser.structuredLiteral",
- List.of(KeyType.CONFIG));
-
- /**
* Boolean flag to enable or disable reverse geocoder.
*/
public static final ConfigKey<Boolean> GEOCODER_ENABLE = new BooleanConfigKey(
diff --git a/src/main/java/org/traccar/handler/ComputedAttributesHandler.java b/src/main/java/org/traccar/handler/ComputedAttributesHandler.java
index c3f202fa2..912665630 100644
--- a/src/main/java/org/traccar/handler/ComputedAttributesHandler.java
+++ b/src/main/java/org/traccar/handler/ComputedAttributesHandler.java
@@ -57,39 +57,16 @@ public class ComputedAttributesHandler extends BaseDataHandler {
@Inject
public ComputedAttributesHandler(Config config, CacheManager cacheManager) {
this.cacheManager = cacheManager;
- boolean enableJEXLAnnotation = config.getBoolean(Keys.PROCESSING_COMPUTED_ATTRIBUTES_ANNOTATION);
- boolean enableJEXLArrayReferences = config.getBoolean(Keys.PROCESSING_COMPUTED_ATTRIBUTES_ARRAY_REFERENCES);
- boolean enableJEXLLambdas = config.getBoolean(Keys.PROCESSING_COMPUTED_ATTRIBUTES_LAMBDA);
- boolean enableJEXLLexical = config.getBoolean(Keys.PROCESSING_COMPUTED_ATTRIBUTES_LEXICAL);
- boolean enableJEXLLexicalShade = config.getBoolean(Keys.PROCESSING_COMPUTED_ATTRIBUTES_LEXICAL_SHADE);
boolean enableJEXLLocalVariables = config.getBoolean(Keys.PROCESSING_COMPUTED_ATTRIBUTES_LOCAL_VARIABLES);
boolean enableJEXLLoops = config.getBoolean(Keys.PROCESSING_COMPUTED_ATTRIBUTES_LOOPS);
- boolean enableJEXLMethodCalls = config.getBoolean(Keys.PROCESSING_COMPUTED_ATTRIBUTES_METHOD_CALLS);
boolean enableJEXLNewInstanceCreation = config.getBoolean(Keys.PROCESSING_COMPUTED_ATTRIBUTES_NEW_INSTANCE_CREATION);
- boolean enableJEXLPragma = config.getBoolean(Keys.PROCESSING_COMPUTED_ATTRIBUTES_PRAGMA);
- boolean enableJEXLScriptConstructs = config.getBoolean(Keys.PROCESSING_COMPUTED_ATTRIBUTES_SCRIPT_CONSTRUCTS);
- boolean enableJEXLSideEffect = config.getBoolean(Keys.PROCESSING_COMPUTED_ATTRIBUTES_SIDE_EFFECT);
- boolean enableJEXLSideEffectGlobal = config.getBoolean(Keys.PROCESSING_COMPUTED_ATTRIBUTES_SIDE_EFFECT_GLOBAL);
- boolean enableJEXLStructuredLiteral = config.getBoolean(Keys.PROCESSING_COMPUTED_ATTRIBUTES_STRUCTURED_LITERAL);
JexlSandbox sandbox = new JexlSandbox(false);
sandbox.allow("com.safe.Functions");
- boolean enableJEXLRegister = true;
JexlFeatures features = new JexlFeatures()
- .annotation(enableJEXLAnnotation)
- .arrayReferenceExpr(enableJEXLArrayReferences)
- .lambda(enableJEXLLambdas)
- .lexical(enableJEXLLexical)
- .lexicalShade(enableJEXLLexicalShade)
.localVar(enableJEXLLocalVariables)
.loops(enableJEXLLoops)
- .methodCall(enableJEXLMethodCalls)
.newInstance(enableJEXLNewInstanceCreation)
- .pragma(enableJEXLPragma)
- .register(enableJEXLRegister)
- .script(enableJEXLScriptConstructs)
- .sideEffect(enableJEXLSideEffect)
- .sideEffectGlobal(enableJEXLSideEffectGlobal)
- .structuredLiteral(enableJEXLStructuredLiteral);
+ .structuredLiteral(true);
engine = new JexlBuilder()
.strict(true)
.namespaces(Collections.singletonMap("math", Math.class))