package org.apache.commons.jexl2;

import java.io.File;
import java.util.Map;
import java.util.logging.Logger;
import org.apache.commons.jexl2.JexlException;
import org.apache.commons.jexl2.introspection.Sandbox;
import org.apache.commons.jexl2.introspection.SandboxUberspectImpl;
import org.apache.commons.logging.Log;

/* loaded from: input_file:org/apache/commons/jexl2/SandboxTest.class */
public class SandboxTest extends JexlTestCase {
    static final Logger LOGGER = Logger.getLogger(VarTest.class.getName());

    /* loaded from: input_file:org/apache/commons/jexl2/SandboxTest$Foo.class */
    public static class Foo {
        String name;
        public String alias;

        public Foo(String str) {
            this.name = str;
            this.alias = str + "-alias";
        }

        public String getName() {
            return this.name;
        }

        public void setName(String str) {
            this.name = str;
        }

        public String Quux() {
            return this.name + "-quux";
        }
    }

    public void testCtorBlack() throws Exception {
        String str = "new('" + Foo.class.getName() + "', '42')";
        assertEquals("42", ((Foo) this.JEXL.createScript(str).execute((JexlContext) null)).getName());
        Sandbox sandbox = new Sandbox();
        sandbox.black(Foo.class.getName()).execute(new String[]{""});
        JexlEngine jexlEngine = new JexlEngine(new SandboxUberspectImpl((Log) null, sandbox), (JexlArithmetic) null, (Map) null, (Log) null);
        jexlEngine.setStrict(true);
        try {
            jexlEngine.createScript(str).execute((JexlContext) null);
            fail("ctor should not be accessible");
        } catch (JexlException.Method e) {
            LOGGER.info(e.toString());
        }
    }

    public void testMethodBlack() throws Exception {
        Script createScript = this.JEXL.createScript("foo.Quux()", new String[]{"foo"});
        Foo foo = new Foo("42");
        assertEquals(foo.Quux(), createScript.execute((JexlContext) null, new Object[]{foo}));
        Sandbox sandbox = new Sandbox();
        sandbox.black(Foo.class.getName()).execute(new String[]{"Quux"});
        JexlEngine jexlEngine = new JexlEngine(new SandboxUberspectImpl((Log) null, sandbox), (JexlArithmetic) null, (Map) null, (Log) null);
        jexlEngine.setStrict(true);
        try {
            jexlEngine.createScript("foo.Quux()", new String[]{"foo"}).execute((JexlContext) null, new Object[]{foo});
            fail("Quux should not be accessible");
        } catch (JexlException.Method e) {
            LOGGER.info(e.toString());
        }
    }

    public void testGetBlack() throws Exception {
        Script createScript = this.JEXL.createScript("foo.alias", new String[]{"foo"});
        Foo foo = new Foo("42");
        assertEquals(foo.alias, createScript.execute((JexlContext) null, new Object[]{foo}));
        Sandbox sandbox = new Sandbox();
        sandbox.black(Foo.class.getName()).read(new String[]{"alias"});
        JexlEngine jexlEngine = new JexlEngine(new SandboxUberspectImpl((Log) null, sandbox), (JexlArithmetic) null, (Map) null, (Log) null);
        jexlEngine.setStrict(true);
        try {
            jexlEngine.createScript("foo.alias", new String[]{"foo"}).execute((JexlContext) null, new Object[]{foo});
            fail("alias should not be accessible");
        } catch (JexlException.Property e) {
            LOGGER.info(e.toString());
        }
    }

    public void testSetBlack() throws Exception {
        Script createScript = this.JEXL.createScript("foo.alias = $0", new String[]{"foo", "$0"});
        Foo foo = new Foo("42");
        assertEquals("43", createScript.execute((JexlContext) null, new Object[]{foo, "43"}));
        Sandbox sandbox = new Sandbox();
        sandbox.black(Foo.class.getName()).write(new String[]{"alias"});
        JexlEngine jexlEngine = new JexlEngine(new SandboxUberspectImpl((Log) null, sandbox), (JexlArithmetic) null, (Map) null, (Log) null);
        jexlEngine.setStrict(true);
        try {
            jexlEngine.createScript("foo.alias = $0", new String[]{"foo", "$0"}).execute((JexlContext) null, new Object[]{foo, "43"});
            fail("alias should not be accessible");
        } catch (JexlException.Property e) {
            LOGGER.info(e.toString());
        }
    }

    public void testCtorWhite() throws Exception {
        String str = "new('" + Foo.class.getName() + "', '42')";
        Sandbox sandbox = new Sandbox();
        sandbox.white(Foo.class.getName()).execute(new String[]{""});
        JexlEngine jexlEngine = new JexlEngine(new SandboxUberspectImpl((Log) null, sandbox), (JexlArithmetic) null, (Map) null, (Log) null);
        jexlEngine.setStrict(true);
        assertEquals("42", ((Foo) jexlEngine.createScript(str).execute((JexlContext) null)).getName());
    }

    public void testMethodWhite() throws Exception {
        Foo foo = new Foo("42");
        Sandbox sandbox = new Sandbox();
        sandbox.white(Foo.class.getName()).execute(new String[]{"Quux"});
        JexlEngine jexlEngine = new JexlEngine(new SandboxUberspectImpl((Log) null, sandbox), (JexlArithmetic) null, (Map) null, (Log) null);
        jexlEngine.setStrict(true);
        assertEquals(foo.Quux(), jexlEngine.createScript("foo.Quux()", new String[]{"foo"}).execute((JexlContext) null, new Object[]{foo}));
    }

    public void testGetWhite() throws Exception {
        Foo foo = new Foo("42");
        Sandbox sandbox = new Sandbox();
        sandbox.white(Foo.class.getName()).read(new String[]{"alias"});
        sandbox.get(Foo.class.getName()).read().alias("alias", "ALIAS");
        JexlEngine jexlEngine = new JexlEngine(new SandboxUberspectImpl((Log) null, sandbox), (JexlArithmetic) null, (Map) null, (Log) null);
        jexlEngine.setStrict(true);
        assertEquals(foo.alias, jexlEngine.createScript("foo.alias", new String[]{"foo"}).execute((JexlContext) null, new Object[]{foo}));
        assertEquals(foo.alias, jexlEngine.createScript("foo.ALIAS", new String[]{"foo"}).execute((JexlContext) null, new Object[]{foo}));
    }

    public void testSetWhite() throws Exception {
        Foo foo = new Foo("42");
        Sandbox sandbox = new Sandbox();
        sandbox.white(Foo.class.getName()).write(new String[]{"alias"});
        JexlEngine jexlEngine = new JexlEngine(new SandboxUberspectImpl((Log) null, sandbox), (JexlArithmetic) null, (Map) null, (Log) null);
        jexlEngine.setStrict(true);
        assertEquals("43", jexlEngine.createScript("foo.alias = $0", new String[]{"foo", "$0"}).execute((JexlContext) null, new Object[]{foo, "43"}));
        assertEquals("43", foo.alias);
    }

    public void testRestrict() throws Exception {
        MapContext mapContext = new MapContext();
        mapContext.set("System", System.class);
        Sandbox sandbox = new Sandbox();
        sandbox.white(System.class.getName()).execute(new String[]{"currentTimeMillis"});
        sandbox.black(File.class.getName()).execute(new String[]{""});
        JexlEngine jexlEngine = new JexlEngine(new SandboxUberspectImpl((Log) null, sandbox), (JexlArithmetic) null, (Map) null, (Log) null);
        jexlEngine.setStrict(true);
        try {
            jexlEngine.createScript("System.exit()").execute(mapContext);
            fail("should not allow calling exit!");
        } catch (JexlException e) {
            LOGGER.info(e.toString());
        }
        try {
            jexlEngine.createScript("new('java.io.File', '/tmp/should-not-be-created')").execute(mapContext);
            fail("should not allow creating a file");
        } catch (JexlException e2) {
            LOGGER.info(e2.toString());
        }
        assertNotNull(jexlEngine.createScript("System.currentTimeMillis()").execute(mapContext));
    }
}
