diff options
-rw-r--r-- | src/main/java/org/traccar/config/Keys.java | 83 | ||||
-rw-r--r-- | src/main/java/org/traccar/handler/ComputedAttributesHandler.java | 25 |
2 files changed, 4 insertions, 104 deletions
diff --git a/src/main/java/org/traccar/config/Keys.java b/src/main/java/org/traccar/config/Keys.java index 49af7cfab..53f0336cc 100644 --- a/src/main/java/org/traccar/config/Keys.java +++ b/src/main/java/org/traccar/config/Keys.java @@ -1300,102 +1300,25 @@ public final class Keys { "processing.computedAttributes.deviceAttributes", List.of(KeyType.CONFIG)); /** - * Enable annotation constructs processing. - * When disabled, parsing a script/expression using syntactic annotation constructs (@annotation) will throw a parsing exception. - */ - public static final ConfigKey<Boolean> PROCESSING_COMPUTED_ATTRIBUTES_ANNOTATION = new BooleanConfigKey( - "processing.computedAttributes.parser.annotation", - List.of(KeyType.CONFIG)); - /** - * Enable array references processing. - * When disabled, parsing a script/expression using 'obj[ ref ]' where ref is not a string or integer literal will throw a parsing exception; - */ - public static final ConfigKey<Boolean> PROCESSING_COMPUTED_ATTRIBUTES_ARRAY_REFERENCES = new BooleanConfigKey( - "processing.computedAttributes.parser.arrayReferences", - List.of(KeyType.CONFIG)); - /** - * Enable lambda declaration. - * When disabled, parsing a script/expression using syntactic lambda constructs (->,function) will throw a parsing exception. - */ - public static final ConfigKey<Boolean> PROCESSING_COMPUTED_ATTRIBUTES_LAMBDA = new BooleanConfigKey( - "processing.computedAttributes.parser.lambda", - List.of(KeyType.CONFIG)); - /** - * Enable whether redefining local variables is an error. - * When disabled, parsing a script/expression using a local variable or parameter syntax will throw a parsing exception. - */ - public static final ConfigKey<Boolean> PROCESSING_COMPUTED_ATTRIBUTES_LEXICAL = new BooleanConfigKey( - "processing.computedAttributes.parser.lexical", - List.of(KeyType.CONFIG)); - /** - * Enable whether local variables shade global variables outside their scope. - */ - public static final ConfigKey<Boolean> PROCESSING_COMPUTED_ATTRIBUTES_LEXICAL_SHADE = new BooleanConfigKey( - "processing.computedAttributes.parser.lexicalShade", - List.of(KeyType.CONFIG)); - /** * Enable local variables declaration. */ public static final ConfigKey<Boolean> PROCESSING_COMPUTED_ATTRIBUTES_LOCAL_VARIABLES = new BooleanConfigKey( - "processing.computedAttributes.parser.localVariables", + "processing.computedAttributes.localVariables", List.of(KeyType.CONFIG)); /** * Enable loops processing. */ public static final ConfigKey<Boolean> PROCESSING_COMPUTED_ATTRIBUTES_LOOPS = new BooleanConfigKey( - "processing.computedAttributes.parser.loops", - List.of(KeyType.CONFIG)); - /** - * Set whether object method calls are enabled. - * When disabled, parsing a script/expression using 'obj.method()' will throw a parsing exception; - */ - public static final ConfigKey<Boolean> PROCESSING_COMPUTED_ATTRIBUTES_METHOD_CALLS = new BooleanConfigKey( - "processing.computedAttributes.parser.method_calls", + "processing.computedAttributes.loops", List.of(KeyType.CONFIG)); /** * Enable new instances creation. * When disabled, parsing a script/expression using 'new(...)' will throw a parsing exception; using a class as functor will fail. */ public static final ConfigKey<Boolean> PROCESSING_COMPUTED_ATTRIBUTES_NEW_INSTANCE_CREATION = new BooleanConfigKey( - "processing.computedAttributes.parser.newInstanceCreation", + "processing.computedAttributes.newInstanceCreation", List.of(KeyType.CONFIG)); /** - * Enable pragma expressions processing. - * When disabled, parsing a script/expression using syntactic pragma constructs (#pragma) will throw a parsing exception. - */ - public static final ConfigKey<Boolean> PROCESSING_COMPUTED_ATTRIBUTES_PRAGMA = new BooleanConfigKey( - "processing.computedAttributes.parser.pragma", - List.of(KeyType.CONFIG)); - /** - * Enable scripts constructs processing. - * When disabled, parsing a script using syntactic script constructs (statements, ...) will throw a parsing exception. - * Dangerous, as can be used to escalate privileges on the Traccar server. - */ - public static final ConfigKey<Boolean> PROCESSING_COMPUTED_ATTRIBUTES_SCRIPT_CONSTRUCTS = new BooleanConfigKey( - "processing.computedAttributes.parser.scriptConstructs", - List.of(KeyType.CONFIG)); - /** - * Enable side effect expressions processing. - * When disabled, parsing a script/expression using syntactical constructs modifying variables or members will throw a parsing exception. - */ - public static final ConfigKey<Boolean> PROCESSING_COMPUTED_ATTRIBUTES_SIDE_EFFECT = new BooleanConfigKey( - "processing.computedAttributes.parser.sideEffect", - List.of(KeyType.CONFIG)); - /** - * Set whether side effect expressions on global variables (aka non-local) are enabled. - * When disabled, parsing a script/expression using syntactical constructs modifying variables including all potentially ant-ish variables will throw a parsing exception. - */ - public static final ConfigKey<Boolean> PROCESSING_COMPUTED_ATTRIBUTES_SIDE_EFFECT_GLOBAL = new BooleanConfigKey( - "processing.computedAttributes.parser.sideEffectGlobal", - List.of(KeyType.CONFIG)); - /** - * Enable array/map/set literal expressions processing. - */ - public static final ConfigKey<Boolean> PROCESSING_COMPUTED_ATTRIBUTES_STRUCTURED_LITERAL = new BooleanConfigKey( - "processing.computedAttributes.parser.structuredLiteral", - List.of(KeyType.CONFIG)); - - /** * Boolean flag to enable or disable reverse geocoder. */ public static final ConfigKey<Boolean> GEOCODER_ENABLE = new BooleanConfigKey( diff --git a/src/main/java/org/traccar/handler/ComputedAttributesHandler.java b/src/main/java/org/traccar/handler/ComputedAttributesHandler.java index c3f202fa2..912665630 100644 --- a/src/main/java/org/traccar/handler/ComputedAttributesHandler.java +++ b/src/main/java/org/traccar/handler/ComputedAttributesHandler.java @@ -57,39 +57,16 @@ public class ComputedAttributesHandler extends BaseDataHandler { @Inject public ComputedAttributesHandler(Config config, CacheManager cacheManager) { this.cacheManager = cacheManager; - boolean enableJEXLAnnotation = config.getBoolean(Keys.PROCESSING_COMPUTED_ATTRIBUTES_ANNOTATION); - boolean enableJEXLArrayReferences = config.getBoolean(Keys.PROCESSING_COMPUTED_ATTRIBUTES_ARRAY_REFERENCES); - boolean enableJEXLLambdas = config.getBoolean(Keys.PROCESSING_COMPUTED_ATTRIBUTES_LAMBDA); - boolean enableJEXLLexical = config.getBoolean(Keys.PROCESSING_COMPUTED_ATTRIBUTES_LEXICAL); - boolean enableJEXLLexicalShade = config.getBoolean(Keys.PROCESSING_COMPUTED_ATTRIBUTES_LEXICAL_SHADE); boolean enableJEXLLocalVariables = config.getBoolean(Keys.PROCESSING_COMPUTED_ATTRIBUTES_LOCAL_VARIABLES); boolean enableJEXLLoops = config.getBoolean(Keys.PROCESSING_COMPUTED_ATTRIBUTES_LOOPS); - boolean enableJEXLMethodCalls = config.getBoolean(Keys.PROCESSING_COMPUTED_ATTRIBUTES_METHOD_CALLS); boolean enableJEXLNewInstanceCreation = config.getBoolean(Keys.PROCESSING_COMPUTED_ATTRIBUTES_NEW_INSTANCE_CREATION); - boolean enableJEXLPragma = config.getBoolean(Keys.PROCESSING_COMPUTED_ATTRIBUTES_PRAGMA); - boolean enableJEXLScriptConstructs = config.getBoolean(Keys.PROCESSING_COMPUTED_ATTRIBUTES_SCRIPT_CONSTRUCTS); - boolean enableJEXLSideEffect = config.getBoolean(Keys.PROCESSING_COMPUTED_ATTRIBUTES_SIDE_EFFECT); - boolean enableJEXLSideEffectGlobal = config.getBoolean(Keys.PROCESSING_COMPUTED_ATTRIBUTES_SIDE_EFFECT_GLOBAL); - boolean enableJEXLStructuredLiteral = config.getBoolean(Keys.PROCESSING_COMPUTED_ATTRIBUTES_STRUCTURED_LITERAL); JexlSandbox sandbox = new JexlSandbox(false); sandbox.allow("com.safe.Functions"); - boolean enableJEXLRegister = true; JexlFeatures features = new JexlFeatures() - .annotation(enableJEXLAnnotation) - .arrayReferenceExpr(enableJEXLArrayReferences) - .lambda(enableJEXLLambdas) - .lexical(enableJEXLLexical) - .lexicalShade(enableJEXLLexicalShade) .localVar(enableJEXLLocalVariables) .loops(enableJEXLLoops) - .methodCall(enableJEXLMethodCalls) .newInstance(enableJEXLNewInstanceCreation) - .pragma(enableJEXLPragma) - .register(enableJEXLRegister) - .script(enableJEXLScriptConstructs) - .sideEffect(enableJEXLSideEffect) - .sideEffectGlobal(enableJEXLSideEffectGlobal) - .structuredLiteral(enableJEXLStructuredLiteral); + .structuredLiteral(true); engine = new JexlBuilder() .strict(true) .namespaces(Collections.singletonMap("math", Math.class)) |