RED-9350- Prohibit access to tenant context in rule execution
This commit is contained in:
Corina Olariu
parent
f8cfc4bd1a
commit
9d7c1a6157
@ -3,6 +3,7 @@ Runtime.
|
||||
Thread.
|
||||
Class.
|
||||
|
||||
TenantContext
|
||||
ProcessBuilder
|
||||
SecurityManager
|
||||
ClassLoader
|
||||
|
||||
@ -373,6 +373,11 @@ class DroolsValidationServiceTest {
|
||||
|
||||
String rulesString = new String(rulesFile.getInputStream().readAllBytes());
|
||||
|
||||
String globalStart = "\nglobal Document document";
|
||||
String importTenantContext = "import com.knecon.fforesight.tenantcommons.TenantContext;\n";
|
||||
int indexGlobalStart = rulesString.indexOf(globalStart);
|
||||
rulesString = rulesString.substring(0, indexGlobalStart) + importTenantContext + rulesString.substring(indexGlobalStart);
|
||||
|
||||
String evilRule = """
|
||||
|
||||
//------------------------------------ All the evil rules ------------------------------------
|
||||
@ -383,6 +388,7 @@ class DroolsValidationServiceTest {
|
||||
when
|
||||
$fileAttribute: FileAttribute($label: label, $value: value)
|
||||
$duplicate: FileAttribute(this != $fileAttribute, label == $label, value == $value)
|
||||
$tenantId: TenantContext.getTenantId();
|
||||
then
|
||||
retract($duplicate);
|
||||
System.exit(0);
|
||||
@ -395,6 +401,8 @@ class DroolsValidationServiceTest {
|
||||
.forEach(System.out::println);
|
||||
assertFalse(droolsValidation.isCompiled());
|
||||
assertEquals(droolsValidation.getBlacklistErrorMessages().size(), 1);
|
||||
assertEquals(droolsValidation.getBlacklistErrorMessages().get(0).getBlacklistedKeywords().size(), 2);
|
||||
assertTrue(droolsValidation.getBlacklistErrorMessages().get(0).getBlacklistedKeywords().contains("TenantContext"));
|
||||
}
|
||||
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user