8074021: Indirect eval fails when used as an element of an array or as a property of an object

Reviewed-by: attila, hannesw
This commit is contained in:
Athijegannathan Sundararajan 2015-02-27 18:03:18 +05:30
parent 44cc65ae49
commit ffd434caa1
5 changed files with 210 additions and 1 deletions
nashorn
samples
src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/objects
test/script/basic

@ -0,0 +1,82 @@
#// Usage: jjs -fx showenv.js
/*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* - Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* - Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* - Neither the name of Oracle nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
if (!$OPTIONS._fx) {
print("Usage: jjs -fx showenv.js");
exit(1);
}
// This script displays environment entries as a HTML table.
// Demonstrates heredoc to generate HTML content and display
// using JavaFX WebView.
// JavaFX classes used
var Scene = Java.type("javafx.scene.Scene");
var WebView = Java.type("javafx.scene.web.WebView");
// JavaFX start method
function start(stage) {
start.title = "Your Environment";
var wv = new WebView();
var envrows = "";
for (var i in $ENV) {
envrows += <<TBL
<tr>
<td>
${i}
</td>
<td>
${$ENV[i]}
</td>
</tr>
TBL
}
wv.engine.loadContent(<<EOF
<html>
<head>
<title>
Your Environment
</title>
</head>
<body>
<h1>Your Environment</h1>
<table border="1">
${envrows}
</table>
</body>
</html>
EOF, "text/html");
stage.scene = new Scene(wv, 750, 500);
stage.show();
}

@ -0,0 +1,84 @@
#// Usage: jjs -fx showsysprops.js
/*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* - Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* - Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* - Neither the name of Oracle nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
if (!$OPTIONS._fx) {
print("Usage: jjs -fx showsysprops.js");
exit(1);
}
// This script displays System properties as a HTML table.
// Demonstrates heredoc to generate HTML content and display
// using JavaFX WebView.
// JavaFX, Java classes used
var Scene = Java.type("javafx.scene.Scene");
var System = Java.type("java.lang.System");
var WebView = Java.type("javafx.scene.web.WebView");
// JavaFX start method
function start(stage) {
start.title = "Your System Properties";
var wv = new WebView();
var sysproprows = "";
var sysprops = System.properties;
for (var i in sysprops) {
sysproprows += <<TBL
<tr>
<td>
${i}
</td>
<td>
${sysprops[i]}
</td>
</tr>
TBL
}
wv.engine.loadContent(<<EOF
<html>
<head>
<title>
Your System Properties
</title>
</head>
<body>
<h1>Your System Properties</h1>
<table border="1">
${sysproprows}
</table>
</body>
</html>
EOF, "text/html");
stage.scene = new Scene(wv, 750, 500);
stage.show();
}

@ -951,7 +951,7 @@ public final class Global extends ScriptObject implements Scope {
return str;
}
final Global global = Global.instanceFrom(self);
final ScriptObject scope = self instanceof ScriptObject ? (ScriptObject)self : global;
final ScriptObject scope = self instanceof ScriptObject && ((ScriptObject)self).isScope() ? (ScriptObject)self : global;
return global.getContext().eval(scope, str.toString(), callThis, location, strict, true);
}

@ -0,0 +1,41 @@
/*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* JDK-8074021: Indirect eval fails when used as an element of an array or as a property of an object
*
* @test
* @run
*/
var obj = { foo: eval };
Assert.assertTrue(obj.foo("typeof(print) == 'function'"));
Assert.assertTrue(obj.foo("RegExp instanceof Function"));
Assert.assertEquals(obj.foo("String(new Array(2, 4, 3))"), "2,4,3");
obj.foo("print('hello')");
var args = [ eval ];
Assert.assertTrue(args[0]("typeof(print) == 'function'"));
Assert.assertTrue(args[0]("RegExp instanceof Function"));
Assert.assertEquals(args[0]("String(new Array(2, 4, 3))"), "2,4,3");
args[0]("print('hello')");

@ -0,0 +1,2 @@
hello
hello