-
Notifications
You must be signed in to change notification settings - Fork 96
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Allow Thymeleaf to check for allowed method access of Java supertypes
To prevent Thymeleaf templates from accessing methods on built-in Java types that are not allowed, it ships with a list of allowed supertypes. Its org.thymeleaf.util.ExpressionUtils type has an isMemberAllowed method that calls getDeclaredMethods() on those types, so that needs to work for all these types in a native image. Without this addition neither Spring support (using SpEL expressions) nor OGNL-based expressions work correctly. Recent versions of Thymeleaf have expanded the list with two additional types, which is why the M2 version has 7 new entries while the RC1 / latest has 9. Obviously the tests don't cover these. For details, check out https://github.com/thymeleaf/thymeleaf/blob/3.1-master/lib/thymeleaf/src/main/java/org/thymeleaf/util/ExpressionUtils.java
- Loading branch information
Showing
6 changed files
with
224 additions
and
2 deletions.
There are no files selected for viewing
49 changes: 49 additions & 0 deletions
49
metadata/org.thymeleaf/thymeleaf/3.1.0.M2/reflect-config.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
63 changes: 63 additions & 0 deletions
63
metadata/org.thymeleaf/thymeleaf/3.1.0.RC1/reflect-config.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
55 changes: 55 additions & 0 deletions
55
...src/org.thymeleaf/thymeleaf/3.1.0.M2/src/test/java/org/thymeleaf/ExpressionUtilsTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,55 @@ | ||
| /* | ||
| * Copyright and related rights waived via CC0 | ||
| * | ||
| * You should have received a copy of the CC0 legalcode along with this | ||
| * work. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>. | ||
| */ | ||
| package org.thymeleaf; | ||
|
|
||
| import org.junit.jupiter.api.Test; | ||
|
|
||
| import java.util.Calendar; | ||
| import java.util.Collections; | ||
| import java.util.Map; | ||
|
|
||
| import static org.assertj.core.api.Assertions.assertThat; | ||
| import static org.thymeleaf.util.ExpressionUtils.isMemberAllowed; | ||
|
|
||
| /** | ||
| * Not including test for {@link java.util.Set} here, as it doesn't have any methods of its own. | ||
| * | ||
| * @see org.thymeleaf.util.ExpressionUtils#ALLOWED_JAVA_SUPERS | ||
| */ | ||
| public class ExpressionUtilsTest { | ||
|
|
||
| @Test | ||
| void allowsCollectionMethods() { | ||
| assertThat(isMemberAllowed(Collections.emptySet(), "isEmpty")).isTrue(); | ||
| } | ||
|
|
||
| @Test | ||
| void allowsIterableMethods() { | ||
| assertThat(isMemberAllowed(Collections.emptyList(), "iterator")).isTrue(); | ||
| } | ||
|
|
||
| @Test | ||
| void allowsListMethods() { | ||
| assertThat(isMemberAllowed(Collections.emptyList(), "get")).isTrue(); | ||
| } | ||
|
|
||
| @Test | ||
| void allowsMapMethods() { | ||
| assertThat(isMemberAllowed(Collections.emptyMap(), "put")).isTrue(); | ||
| } | ||
|
|
||
| @Test | ||
| void allowsMapEntryMethods() { | ||
| Map.Entry<String, String> entry = Collections.singletonMap("key", "value").entrySet().iterator().next(); | ||
| assertThat(isMemberAllowed(entry, "getKey")).isTrue(); | ||
| } | ||
|
|
||
| @Test | ||
| void allowsCalendarMethods() { | ||
| assertThat(isMemberAllowed(Calendar.getInstance(), "clear")).isTrue(); | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
55 changes: 55 additions & 0 deletions
55
...rc/org.thymeleaf/thymeleaf/3.1.0.RC1/src/test/java/org/thymeleaf/ExpressionUtilsTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,55 @@ | ||
| /* | ||
| * Copyright and related rights waived via CC0 | ||
| * | ||
| * You should have received a copy of the CC0 legalcode along with this | ||
| * work. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>. | ||
| */ | ||
| package org.thymeleaf; | ||
|
|
||
| import org.junit.jupiter.api.Test; | ||
|
|
||
| import java.util.Calendar; | ||
| import java.util.Collections; | ||
| import java.util.Map; | ||
|
|
||
| import static org.assertj.core.api.Assertions.assertThat; | ||
| import static org.thymeleaf.util.ExpressionUtils.isMemberAllowed; | ||
|
|
||
| /** | ||
| * Not including test for {@link java.util.Set} here, as it doesn't have any methods of its own. | ||
| * | ||
| * @see org.thymeleaf.util.ExpressionUtils#ALLOWED_JAVA_SUPERS | ||
| */ | ||
| public class ExpressionUtilsTest { | ||
|
|
||
| @Test | ||
| void allowsCollectionMethods() { | ||
| assertThat(isMemberAllowed(Collections.emptySet(), "isEmpty")).isTrue(); | ||
| } | ||
|
|
||
| @Test | ||
| void allowsIterableMethods() { | ||
| assertThat(isMemberAllowed(Collections.emptyList(), "iterator")).isTrue(); | ||
| } | ||
|
|
||
| @Test | ||
| void allowsListMethods() { | ||
| assertThat(isMemberAllowed(Collections.emptyList(), "get")).isTrue(); | ||
| } | ||
|
|
||
| @Test | ||
| void allowsMapMethods() { | ||
| assertThat(isMemberAllowed(Collections.emptyMap(), "put")).isTrue(); | ||
| } | ||
|
|
||
| @Test | ||
| void allowsMapEntryMethods() { | ||
| Map.Entry<String, String> entry = Collections.singletonMap("key", "value").entrySet().iterator().next(); | ||
| assertThat(isMemberAllowed(entry, "getKey")).isTrue(); | ||
| } | ||
|
|
||
| @Test | ||
| void allowsCalendarMethods() { | ||
| assertThat(isMemberAllowed(Calendar.getInstance(), "clear")).isTrue(); | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters