package org.apache.commons.jexl3.introspection;

import java.io.File;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import org.apache.commons.jexl3.JexlArithmetic;
import org.apache.commons.jexl3.JexlBuilder;
import org.apache.commons.jexl3.JexlContext;
import org.apache.commons.jexl3.JexlEngine;
import org.apache.commons.jexl3.JexlException;
import org.apache.commons.jexl3.JexlScript;
import org.apache.commons.jexl3.JexlTestCase;
import org.apache.commons.jexl3.MapContext;
import org.apache.commons.jexl3.annotations.NoJexl;
import org.apache.commons.jexl3.internal.MapBuilder;
import org.apache.commons.jexl3.introspection.JexlSandbox;
import org.apache.commons.lang3.reflect.testbed.Bar;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/commons/jexl3/introspection/SandboxTest.class */
public class SandboxTest extends JexlTestCase {
    static final Log LOGGER = LogFactory.getLog(SandboxTest.class.getName());

    /* loaded from: input_file:org/apache/commons/jexl3/introspection/SandboxTest$Arithmetic350.class */
    public static class Arithmetic350 extends JexlArithmetic {
        JexlArithmetic.MapBuilder mb;

        public Arithmetic350(boolean z) {
            super(z);
            this.mb = new MapBuilder(3);
        }

        public JexlArithmetic.MapBuilder mapBuilder(int i) {
            return this.mb;
        }

        Map<?, ?> getLastMap() {
            return (Map) this.mb.create();
        }
    }

    /* loaded from: input_file:org/apache/commons/jexl3/introspection/SandboxTest$CallMeNot.class */
    public static abstract class CallMeNot {

        @NoJexl
        public String NONO = "should not be accessible!";

        @NoJexl
        public void callMeNot() {
            throw new RuntimeException("should not be callable!");
        }

        public String allowInherit() {
            return "this is allowed";
        }
    }

    @NoJexl
    /* loaded from: input_file:org/apache/commons/jexl3/introspection/SandboxTest$CantCallMe.class */
    public interface CantCallMe {
        void tryMe();
    }

    /* loaded from: input_file:org/apache/commons/jexl3/introspection/SandboxTest$CantSeeMe.class */
    public static class CantSeeMe {
        public boolean doIt() {
            return false;
        }
    }

    /* loaded from: input_file:org/apache/commons/jexl3/introspection/SandboxTest$Foo.class */
    public static class Foo extends CallMeNot implements CantCallMe, TryCallMe {
        String name;
        public String alias;

        @NoJexl
        public Foo(String str, String str2) {
            throw new RuntimeException("should not be callable!");
        }

        public Foo(String str) {
            this.name = str;
            this.alias = str + "-alias";
        }

        public String getName() {
            return this.name;
        }

        public void setName(String str) {
            this.name = str;
        }

        public String Quux() {
            return this.name + "-quux";
        }

        public int doIt() {
            return 42;
        }

        @NoJexl
        public String cantCallMe() {
            throw new RuntimeException("should not be callable!");
        }

        @Override // org.apache.commons.jexl3.introspection.SandboxTest.CantCallMe
        public void tryMe() {
            throw new RuntimeException("should not be callable!");
        }

        @Override // org.apache.commons.jexl3.introspection.SandboxTest.TryCallMe
        public void tryMeARiver() {
            throw new RuntimeException("should not be callable!");
        }
    }

    /* loaded from: input_file:org/apache/commons/jexl3/introspection/SandboxTest$Foo386.class */
    public static class Foo386 implements SomeInterface {
        @Override // org.apache.commons.jexl3.introspection.SandboxTest.SomeInterface
        public int bar() {
            return 42;
        }
    }

    /* loaded from: input_file:org/apache/commons/jexl3/introspection/SandboxTest$Foo42.class */
    public static class Foo42 {
        public int getFoo() {
            return 42;
        }
    }

    /* loaded from: input_file:org/apache/commons/jexl3/introspection/SandboxTest$Foo43.class */
    public static class Foo43 extends Foo42 {
        @Override // org.apache.commons.jexl3.introspection.SandboxTest.Foo42
        @NoJexl
        public int getFoo() {
            return 43;
        }
    }

    /* loaded from: input_file:org/apache/commons/jexl3/introspection/SandboxTest$Foo44.class */
    public static class Foo44 extends Foo43 {
        @Override // org.apache.commons.jexl3.introspection.SandboxTest.Foo43, org.apache.commons.jexl3.introspection.SandboxTest.Foo42
        public int getFoo() {
            return 44;
        }
    }

    /* loaded from: input_file:org/apache/commons/jexl3/introspection/SandboxTest$Operation.class */
    public static abstract class Operation {
        protected final int base;

        public Operation(int i) {
            this.base = i;
        }

        public abstract int someOp(int i);

        public abstract int nonCallable(int i);
    }

    /* loaded from: input_file:org/apache/commons/jexl3/introspection/SandboxTest$Operation2.class */
    public static class Operation2 extends Operation {
        public Operation2(int i) {
            super(i);
        }

        @Override // org.apache.commons.jexl3.introspection.SandboxTest.Operation
        public int someOp(int i) {
            return this.base + i;
        }

        @Override // org.apache.commons.jexl3.introspection.SandboxTest.Operation
        public int nonCallable(int i) {
            throw new UnsupportedOperationException("do NOT call");
        }
    }

    /* loaded from: input_file:org/apache/commons/jexl3/introspection/SandboxTest$Quux386.class */
    public static class Quux386 extends Foo386 {
        @Override // org.apache.commons.jexl3.introspection.SandboxTest.Foo386, org.apache.commons.jexl3.introspection.SandboxTest.SomeInterface
        public int bar() {
            return -42;
        }
    }

    /* loaded from: input_file:org/apache/commons/jexl3/introspection/SandboxTest$SomeInterface.class */
    public interface SomeInterface {
        int bar();
    }

    /* loaded from: input_file:org/apache/commons/jexl3/introspection/SandboxTest$TryCallMe.class */
    public interface TryCallMe {
        @NoJexl
        void tryMeARiver();
    }

    public SandboxTest() {
        super("SandboxTest");
    }

    @Test
    public void testCtorBlock() throws Exception {
        String str = "new('" + Foo.class.getName() + "', '42')";
        Assert.assertEquals("42", ((Foo) this.JEXL.createScript(str).execute((JexlContext) null)).getName());
        JexlSandbox jexlSandbox = new JexlSandbox();
        jexlSandbox.block(Foo.class.getName()).execute(new String[]{""});
        try {
            new JexlBuilder().sandbox(jexlSandbox).strict(true).safe(false).create().createScript(str).execute((JexlContext) null);
            Assert.fail("ctor should not be accessible");
        } catch (JexlException.Method e) {
            LOGGER.debug(e.toString());
        }
    }

    @Test
    public void testMethodBlock() throws Exception {
        JexlScript createScript = this.JEXL.createScript("foo.Quux()", new String[]{"foo"});
        Foo foo = new Foo("42");
        Assert.assertEquals(foo.Quux(), createScript.execute((JexlContext) null, new Object[]{foo}));
        JexlSandbox jexlSandbox = new JexlSandbox();
        jexlSandbox.block(Foo.class.getName()).execute(new String[]{"Quux"});
        try {
            new JexlBuilder().sandbox(jexlSandbox).strict(true).safe(false).create().createScript("foo.Quux()", new String[]{"foo"}).execute((JexlContext) null, new Object[]{foo});
            Assert.fail("Quux should not be accessible");
        } catch (JexlException.Method e) {
            LOGGER.debug(e.toString());
        }
    }

    @Test
    public void testGetBlock() throws Exception {
        JexlScript createScript = this.JEXL.createScript("foo.alias", new String[]{"foo"});
        Foo foo = new Foo("42");
        Assert.assertEquals(foo.alias, createScript.execute((JexlContext) null, new Object[]{foo}));
        JexlSandbox jexlSandbox = new JexlSandbox();
        jexlSandbox.block(Foo.class.getName()).read(new String[]{"alias"});
        try {
            new JexlBuilder().sandbox(jexlSandbox).strict(true).safe(false).create().createScript("foo.alias", new String[]{"foo"}).execute((JexlContext) null, new Object[]{foo});
            Assert.fail("alias should not be accessible");
        } catch (JexlException.Property e) {
            LOGGER.debug(e.toString());
        }
    }

    @Test
    public void testSetBlock() throws Exception {
        JexlScript createScript = this.JEXL.createScript("foo.alias = $0", new String[]{"foo", "$0"});
        Foo foo = new Foo("42");
        Assert.assertEquals("43", createScript.execute((JexlContext) null, new Object[]{foo, "43"}));
        JexlSandbox jexlSandbox = new JexlSandbox();
        jexlSandbox.block(Foo.class.getName()).write(new String[]{"alias"});
        try {
            new JexlBuilder().sandbox(jexlSandbox).strict(true).safe(false).create().createScript("foo.alias = $0", new String[]{"foo", "$0"}).execute((JexlContext) null, new Object[]{foo, "43"});
            Assert.fail("alias should not be accessible");
        } catch (JexlException.Property e) {
            LOGGER.debug(e.toString());
        }
    }

    @Test
    public void testCantSeeMe() throws Exception {
        MapContext mapContext = new MapContext();
        JexlSandbox jexlSandbox = new JexlSandbox(false);
        jexlSandbox.allow(Foo.class.getName());
        JexlEngine create = new JexlBuilder().sandbox(jexlSandbox).strict(true).safe(false).create();
        mapContext.set("foo", new CantSeeMe());
        try {
            create.createScript("foo.doIt()").execute(mapContext);
            Assert.fail("should have failed, doIt()");
        } catch (JexlException e) {
        }
        mapContext.set("foo", new Foo("42"));
        Assert.assertEquals(42L, ((Integer) r0.execute(mapContext)).intValue());
    }

    @Test
    public void testCtorAllow() throws Exception {
        String str = "new('" + Foo.class.getName() + "', '42')";
        JexlSandbox jexlSandbox = new JexlSandbox();
        jexlSandbox.allow(Foo.class.getName()).execute(new String[]{""});
        Assert.assertEquals("42", ((Foo) new JexlBuilder().sandbox(jexlSandbox).strict(true).safe(false).create().createScript(str).execute((JexlContext) null)).getName());
    }

    @Test
    public void testMethodAllow() throws Exception {
        Foo foo = new Foo("42");
        JexlSandbox jexlSandbox = new JexlSandbox();
        jexlSandbox.allow(Foo.class.getName()).execute(new String[]{"Quux"});
        Assert.assertEquals(foo.Quux(), new JexlBuilder().sandbox(jexlSandbox).strict(true).safe(false).create().createScript("foo.Quux()", new String[]{"foo"}).execute((JexlContext) null, new Object[]{foo}));
    }

    @Test
    public void testMethodNoJexl() throws Exception {
        Foo foo = new Foo("42");
        JexlEngine create = new JexlBuilder().strict(true).safe(false).create();
        for (String str : new String[]{"foo.cantCallMe()", "foo.tryMe()", "foo.tryMeARiver()", "foo.callMeNot()", "foo.NONO", "new('org.apache.commons.jexl3.SandboxTest$Foo', 'one', 'two')"}) {
            try {
                create.createScript(str, new String[]{"foo"}).execute((JexlContext) null, new Object[]{foo});
                Assert.fail("should have not been possible");
            } catch (JexlException.Method | JexlException.Property e) {
                LOGGER.debug(e.toString());
            }
        }
    }

    @Test
    public void testGetAllow() throws Exception {
        Foo foo = new Foo("42");
        JexlSandbox jexlSandbox = new JexlSandbox();
        jexlSandbox.allow(Foo.class.getName()).read(new String[]{"alias"});
        jexlSandbox.get(Foo.class.getName()).read().alias("alias", "ALIAS");
        JexlEngine create = new JexlBuilder().sandbox(jexlSandbox).safe(false).strict(true).create();
        Assert.assertEquals(foo.alias, create.createScript("foo.alias", new String[]{"foo"}).execute((JexlContext) null, new Object[]{foo}));
        Assert.assertEquals(foo.alias, create.createScript("foo.ALIAS", new String[]{"foo"}).execute((JexlContext) null, new Object[]{foo}));
    }

    @Test
    public void testSetAllow() throws Exception {
        Foo foo = new Foo("42");
        JexlSandbox jexlSandbox = new JexlSandbox();
        jexlSandbox.allow(Foo.class.getName()).write(new String[]{"alias"});
        Assert.assertEquals("43", new JexlBuilder().sandbox(jexlSandbox).safe(false).strict(true).create().createScript("foo.alias = $0", new String[]{"foo", "$0"}).execute((JexlContext) null, new Object[]{foo, "43"}));
        Assert.assertEquals("43", foo.alias);
    }

    @Test
    public void testRestrict() throws Exception {
        MapContext mapContext = new MapContext();
        mapContext.set("System", System.class);
        JexlSandbox jexlSandbox = new JexlSandbox();
        jexlSandbox.allow(System.class.getName()).execute(new String[]{"currentTimeMillis"});
        jexlSandbox.block(File.class.getName()).execute(new String[]{""});
        JexlEngine create = new JexlBuilder().permissions(JexlPermissions.UNRESTRICTED).sandbox(jexlSandbox).safe(false).strict(true).create();
        try {
            create.createScript("System.exit()").execute(mapContext);
            Assert.fail("should not allow calling exit!");
        } catch (JexlException e) {
            LOGGER.debug(e.toString());
        }
        try {
            create.createScript("System.exit(1)").execute(mapContext);
            Assert.fail("should not allow calling exit!");
        } catch (JexlException e2) {
            LOGGER.debug(e2.toString());
        }
        try {
            create.createScript("new('java.io.File', '/tmp/should-not-be-created')").execute(mapContext);
            Assert.fail("should not allow creating a file");
        } catch (JexlException e3) {
            LOGGER.debug(e3.toString());
        }
        Assert.assertNotNull(create.createScript("System.currentTimeMillis()").execute(mapContext));
    }

    @Test
    public void testSandboxInherit0() throws Exception {
        ArrayList arrayList = new ArrayList();
        JexlSandbox jexlSandbox = new JexlSandbox(false, true);
        jexlSandbox.allow(List.class.getName());
        JexlEngine create = new JexlBuilder().sandbox(jexlSandbox).safe(false).strict(true).create();
        JexlScript createScript = create.createScript("foo.add(y)", new String[]{"foo", "y"});
        JexlScript createScript2 = create.createScript("foo[x] = y", new String[]{"foo", "x", "y"});
        JexlScript createScript3 = create.createScript("foo[x]", new String[]{"foo", "x"});
        Assert.assertEquals(true, createScript.execute((JexlContext) null, new Object[]{arrayList, "nothing"}));
        Assert.assertEquals("nothing", createScript3.execute((JexlContext) null, new Object[]{arrayList, 0}));
        Assert.assertEquals("42", createScript2.execute((JexlContext) null, new Object[]{arrayList, 0, "42"}));
        Assert.assertEquals("42", createScript3.execute((JexlContext) null, new Object[]{arrayList, 0}));
    }

    @Test
    public void testSandboxInherit1() throws Exception {
        Operation2 operation2 = new Operation2(12);
        JexlSandbox jexlSandbox = new JexlSandbox(false, true);
        jexlSandbox.allow(Operation.class.getName());
        jexlSandbox.block(Operation.class.getName()).execute(new String[]{"nonCallable"});
        JexlEngine create = new JexlBuilder().sandbox(jexlSandbox).safe(false).strict(true).create();
        Assert.assertEquals(42, create.createScript("foo.someOp(y)", new String[]{"foo", "y"}).execute((JexlContext) null, new Object[]{operation2, 30}));
        try {
            create.createScript("foo.nonCallable(y)", new String[]{"foo", "y"}).execute((JexlContext) null, new Object[]{operation2, 0});
            Assert.fail("should not be possible");
        } catch (JexlException e) {
            LOGGER.debug(e.toString());
        }
    }

    @Test
    public void testInheritedPermission0() {
        Foo386 foo386 = new Foo386();
        JexlSandbox jexlSandbox = new JexlSandbox(false, true);
        jexlSandbox.permissions(SomeInterface.class.getName(), true, true, true, true);
        Assert.assertEquals(42, new JexlBuilder().sandbox(jexlSandbox).safe(false).strict(true).create().createScript("foo.bar()", new String[]{"foo"}).execute((JexlContext) null, new Object[]{foo386}));
    }

    @Test
    public void testNonInheritedPermission0() {
        Foo386 foo386 = new Foo386();
        JexlSandbox jexlSandbox = new JexlSandbox(false, true);
        jexlSandbox.permissions(SomeInterface.class.getName(), false, true, true, true);
        try {
            new JexlBuilder().sandbox(jexlSandbox).safe(false).strict(true).create().createScript("foo.bar()", new String[]{"foo"}).execute((JexlContext) null, new Object[]{foo386});
            Assert.fail("should not be possible");
        } catch (JexlException e) {
            LOGGER.debug(e.toString());
        }
    }

    @Test
    public void testInheritedPermission1() {
        Quux386 quux386 = new Quux386();
        JexlSandbox jexlSandbox = new JexlSandbox(false, true);
        jexlSandbox.permissions(Foo386.class.getName(), true, true, true, true);
        Assert.assertEquals(-42, new JexlBuilder().sandbox(jexlSandbox).safe(false).strict(true).create().createScript("foo.bar()", new String[]{"foo"}).execute((JexlContext) null, new Object[]{quux386}));
    }

    @Test
    public void testNonInheritedPermission1() {
        Quux386 quux386 = new Quux386();
        JexlSandbox jexlSandbox = new JexlSandbox(false, true);
        jexlSandbox.permissions(Foo386.class.getName(), false, true, true, true);
        try {
            new JexlBuilder().sandbox(jexlSandbox).safe(false).strict(true).create().createScript("foo.bar()", new String[]{"foo"}).execute((JexlContext) null, new Object[]{quux386});
            Assert.fail("should not be possible");
        } catch (JexlException e) {
            LOGGER.debug(e.toString());
        }
    }

    @Test
    public void testNoJexl312() throws Exception {
        MapContext mapContext = new MapContext();
        try {
            new JexlBuilder().safe(false).strict(true).create().createScript("x.getFoo()", new String[]{"x"}).execute(mapContext, new Object[]{new Foo44()});
            Assert.fail("should have thrown");
        } catch (JexlException e) {
            Assert.assertNotNull(e);
        }
    }

    @Test
    public void testGetNullKeyAllowed0() throws Exception {
        Assert.assertEquals("foo", new JexlBuilder().sandbox(new JexlSandbox(true)).create().createExpression("{null : 'foo'}[null]").evaluate((JexlContext) null));
    }

    @Test
    public void testGetNullKeyAllowed1() throws Exception {
        JexlSandbox jexlSandbox = new JexlSandbox(true, true);
        jexlSandbox.permissions("java.util.Map", false, true, true).read().add("quux");
        JexlEngine create = new JexlBuilder().sandbox(jexlSandbox).create();
        try {
            create.createExpression("{'quux' : 'foo'}['quux']").evaluate((JexlContext) null);
            Assert.fail("should have blocked 'quux'");
        } catch (JexlException.Property e) {
            Assert.assertTrue(e.getMessage().contains("undefined"));
        }
        for (String str : Arrays.asList("'foo'", "null")) {
            Assert.assertEquals("foo", create.createExpression("{" + str + " : 'foo'}[" + str + "]").evaluate((JexlContext) null));
        }
    }

    @Test
    public void testGetNullKeyBlocked() throws Exception {
        JexlSandbox jexlSandbox = new JexlSandbox(true, true);
        JexlSandbox.Permissions permissions = jexlSandbox.permissions("java.util.Map", false, true, true);
        permissions.read().add((String) null);
        permissions.read().add("quux");
        JexlEngine create = new JexlBuilder().sandbox(jexlSandbox).create();
        Assert.assertEquals("foo", create.createExpression("{'bar' : 'foo'}['bar']").evaluate((JexlContext) null));
        for (String str : Arrays.asList("'quux'", "null")) {
            try {
                create.createExpression("{" + str + " : 'foo'}[" + str + "]").evaluate((JexlContext) null);
                Assert.fail("should have blocked " + str);
            } catch (JexlException.Property e) {
                Assert.assertTrue(e.getMessage().contains("undefined"));
            }
        }
    }

    @Test
    public void testSetNullKeyAllowed0() throws Exception {
        Arithmetic350 arithmetic350 = new Arithmetic350(true);
        JexlEngine create = new JexlBuilder().arithmetic(arithmetic350).sandbox(new JexlSandbox(true)).create();
        create.createExpression("{null : 'foo'}[null] = 'bar'").evaluate(new MapContext());
        Assert.assertEquals(Bar.VALUE, arithmetic350.getLastMap().get(null));
    }

    @Test
    public void testSetNullKeyAllowed1() throws Exception {
        Arithmetic350 arithmetic350 = new Arithmetic350(true);
        JexlSandbox jexlSandbox = new JexlSandbox(true, true);
        jexlSandbox.permissions("java.util.Map", true, false, true).write().add("quux");
        JexlEngine create = new JexlBuilder().arithmetic(arithmetic350).sandbox(jexlSandbox).create();
        try {
            create.createExpression("{'quux' : 'foo'}['quux'] = '42'").evaluate((JexlContext) null);
            Assert.fail("should have blocked 'quux'");
        } catch (JexlException.Property e) {
            Assert.assertTrue(e.getMessage().contains("undefined"));
        }
        create.createExpression("{'bar' : 'foo'}['bar'] = '42'").evaluate((JexlContext) null);
        Map<?, ?> lastMap = arithmetic350.getLastMap();
        Assert.assertEquals("42", lastMap.get(Bar.VALUE));
        lastMap.clear();
        create.createExpression("{null : 'foo'}[null] = '42'").evaluate((JexlContext) null);
        Assert.assertEquals("42", arithmetic350.getLastMap().get(null));
    }

    @Test
    public void testSetNullKeyBlocked() throws Exception {
        Arithmetic350 arithmetic350 = new Arithmetic350(true);
        JexlSandbox jexlSandbox = new JexlSandbox(true, true);
        JexlSandbox.Permissions permissions = jexlSandbox.permissions("java.util.Map", true, false, true);
        permissions.write().add((String) null);
        permissions.write().add("quux");
        JexlEngine create = new JexlBuilder().arithmetic(arithmetic350).sandbox(jexlSandbox).create();
        create.createExpression("{'bar' : 'foo'}['bar'] = '42'").evaluate((JexlContext) null);
        Assert.assertEquals("42", arithmetic350.getLastMap().get(Bar.VALUE));
        for (String str : Arrays.asList("'quux'", "null")) {
            try {
                create.createExpression("{" + str + " : 'foo'}[" + str + "] = '42'").evaluate((JexlContext) null);
                Assert.fail("should have blocked " + str);
            } catch (JexlException.Property e) {
                Assert.assertTrue(e.getMessage().contains("undefined"));
            }
        }
    }
}
