From f6ab32d778088bcaf9a154318ca491de98ec2a85 Mon Sep 17 00:00:00 2001
From: Guillaume Lamirand <guillaume.lamirand@graviteesource.com>
Date: Wed, 21 Aug 2024 17:34:37 +0200
Subject: [PATCH] fix: add missing dateutil extension

---
 pom.xml                                                     | 6 ++++++
 .../io/gravitee/policy/groovy/sandbox/SecuredResolver.java  | 4 ++++
 src/main/resources/groovy-whitelist                         | 4 ++++
 3 files changed, 14 insertions(+)

diff --git a/pom.xml b/pom.xml
index 96ffc26..e18db99 100644
--- a/pom.xml
+++ b/pom.xml
@@ -120,6 +120,12 @@
             <version>${groovy.version}</version>
         </dependency>
 
+        <dependency>
+            <groupId>org.codehaus.groovy</groupId>
+            <artifactId>groovy-dateutil</artifactId>
+            <version>${groovy.version}</version>
+        </dependency>
+
         <dependency>
             <groupId>org.kohsuke</groupId>
             <artifactId>groovy-sandbox</artifactId>
diff --git a/src/main/java/io/gravitee/policy/groovy/sandbox/SecuredResolver.java b/src/main/java/io/gravitee/policy/groovy/sandbox/SecuredResolver.java
index 22b78a3..dc3d019 100644
--- a/src/main/java/io/gravitee/policy/groovy/sandbox/SecuredResolver.java
+++ b/src/main/java/io/gravitee/policy/groovy/sandbox/SecuredResolver.java
@@ -35,6 +35,8 @@
 import org.apache.commons.lang3.reflect.ConstructorUtils;
 import org.apache.commons.lang3.reflect.FieldUtils;
 import org.apache.commons.lang3.reflect.MethodUtils;
+import org.apache.groovy.dateutil.extensions.DateUtilExtensions;
+import org.apache.groovy.dateutil.extensions.DateUtilStaticExtensions;
 import org.codehaus.groovy.runtime.DateGroovyMethods;
 import org.codehaus.groovy.runtime.DefaultGroovyMethods;
 import org.codehaus.groovy.runtime.EncodingGroovyMethods;
@@ -90,6 +92,8 @@ public class SecuredResolver {
         StringGroovyMethods.class,
         EncodingGroovyMethods.class,
         DateGroovyMethods.class,
+        DateUtilExtensions.class,
+        DateUtilStaticExtensions.class,
     };
 
     private static final List<String> ALLOWED_ARRAY_NATIVE_METHODS = Arrays.asList("getAt", "putAt", "getLength");
diff --git a/src/main/resources/groovy-whitelist b/src/main/resources/groovy-whitelist
index ea2c674..fd49d48 100644
--- a/src/main/resources/groovy-whitelist
+++ b/src/main/resources/groovy-whitelist
@@ -68,6 +68,9 @@ class java.util.List
 class java.util.Map
 class java.util.Queue
 class java.util.Random
+class org.codehaus.groovy.runtime.DateGroovyMethods
+class org.apache.groovy.dateutil.extensions.DateUtilExtensions
+class org.apache.groovy.dateutil.extensions.DateUtilStaticExtensions
 
 # Allows method signatures
 method groovy.json.JsonSlurper parseText java.lang.String
@@ -1174,6 +1177,7 @@ method org.codehaus.groovy.runtime.StringGroovyMethods tr java.lang.CharSequence
 method org.codehaus.groovy.runtime.StringGroovyMethods unexpand java.lang.CharSequence
 method org.codehaus.groovy.runtime.StringGroovyMethods unexpand java.lang.CharSequence int
 method org.codehaus.groovy.runtime.StringGroovyMethods unexpandLine java.lang.CharSequence int
+
 # Allows constructor signatures
 
 # Allows annotations