package org.apache.commons.jexl3.introspection;

import java.io.File;
import org.apache.commons.jexl3.JexlBuilder;
import org.apache.commons.jexl3.JexlContext;
import org.apache.commons.jexl3.JexlEngine;
import org.apache.commons.jexl3.JexlException;
import org.apache.commons.jexl3.JexlScript;
import org.apache.commons.jexl3.JexlTestCase;
import org.apache.commons.jexl3.MapContext;
import org.apache.commons.jexl3.annotations.NoJexl;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/commons/jexl3/introspection/SandboxTest.class */
public class SandboxTest extends JexlTestCase {
    static final Log LOGGER = LogFactory.getLog(SandboxTest.class.getName());

    /* loaded from: input_file:org/apache/commons/jexl3/introspection/SandboxTest$CallMeNot.class */
    public static abstract class CallMeNot {

        @NoJexl
        public String NONO = "should not be accessible!";

        @NoJexl
        public void callMeNot() {
            throw new RuntimeException("should not be callable!");
        }
    }

    @NoJexl
    /* loaded from: input_file:org/apache/commons/jexl3/introspection/SandboxTest$CantCallMe.class */
    public interface CantCallMe {
        void tryMe();
    }

    /* loaded from: input_file:org/apache/commons/jexl3/introspection/SandboxTest$CantSeeMe.class */
    public static class CantSeeMe {
        public boolean doIt() {
            return false;
        }
    }

    /* loaded from: input_file:org/apache/commons/jexl3/introspection/SandboxTest$Foo.class */
    public static class Foo extends CallMeNot implements CantCallMe, TryCallMe {
        String name;
        public String alias;

        @NoJexl
        public Foo(String str, String str2) {
            throw new RuntimeException("should not be callable!");
        }

        public Foo(String str) {
            this.name = str;
            this.alias = str + "-alias";
        }

        public String getName() {
            return this.name;
        }

        public void setName(String str) {
            this.name = str;
        }

        public String Quux() {
            return this.name + "-quux";
        }

        public int doIt() {
            return 42;
        }

        @NoJexl
        public String cantCallMe() {
            throw new RuntimeException("should not be callable!");
        }

        @Override // org.apache.commons.jexl3.introspection.SandboxTest.CantCallMe
        public void tryMe() {
            throw new RuntimeException("should not be callable!");
        }

        @Override // org.apache.commons.jexl3.introspection.SandboxTest.TryCallMe
        public void tryMeARiver() {
            throw new RuntimeException("should not be callable!");
        }
    }

    /* loaded from: input_file:org/apache/commons/jexl3/introspection/SandboxTest$TryCallMe.class */
    public interface TryCallMe {
        @NoJexl
        void tryMeARiver();
    }

    public SandboxTest() {
        super("SandboxTest");
    }

    @Test
    public void testCtorBlack() throws Exception {
        String str = "new('" + Foo.class.getName() + "', '42')";
        Assert.assertEquals("42", ((Foo) this.JEXL.createScript(str).execute((JexlContext) null)).getName());
        JexlSandbox jexlSandbox = new JexlSandbox();
        jexlSandbox.black(Foo.class.getName()).execute(new String[]{""});
        try {
            new JexlBuilder().sandbox(jexlSandbox).strict(true).create().createScript(str).execute((JexlContext) null);
            Assert.fail("ctor should not be accessible");
        } catch (JexlException.Method e) {
            LOGGER.info(e.toString());
        }
    }

    @Test
    public void testMethodBlack() throws Exception {
        JexlScript createScript = this.JEXL.createScript("foo.Quux()", new String[]{"foo"});
        Foo foo = new Foo("42");
        Assert.assertEquals(foo.Quux(), createScript.execute((JexlContext) null, new Object[]{foo}));
        JexlSandbox jexlSandbox = new JexlSandbox();
        jexlSandbox.black(Foo.class.getName()).execute(new String[]{"Quux"});
        try {
            new JexlBuilder().sandbox(jexlSandbox).strict(true).create().createScript("foo.Quux()", new String[]{"foo"}).execute((JexlContext) null, new Object[]{foo});
            Assert.fail("Quux should not be accessible");
        } catch (JexlException.Method e) {
            LOGGER.info(e.toString());
        }
    }

    @Test
    public void testGetBlack() throws Exception {
        JexlScript createScript = this.JEXL.createScript("foo.alias", new String[]{"foo"});
        Foo foo = new Foo("42");
        Assert.assertEquals(foo.alias, createScript.execute((JexlContext) null, new Object[]{foo}));
        JexlSandbox jexlSandbox = new JexlSandbox();
        jexlSandbox.black(Foo.class.getName()).read(new String[]{"alias"});
        try {
            new JexlBuilder().sandbox(jexlSandbox).strict(true).create().createScript("foo.alias", new String[]{"foo"}).execute((JexlContext) null, new Object[]{foo});
            Assert.fail("alias should not be accessible");
        } catch (JexlException.Property e) {
            LOGGER.info(e.toString());
        }
    }

    @Test
    public void testSetBlack() throws Exception {
        JexlScript createScript = this.JEXL.createScript("foo.alias = $0", new String[]{"foo", "$0"});
        Foo foo = new Foo("42");
        Assert.assertEquals("43", createScript.execute((JexlContext) null, new Object[]{foo, "43"}));
        JexlSandbox jexlSandbox = new JexlSandbox();
        jexlSandbox.black(Foo.class.getName()).write(new String[]{"alias"});
        try {
            new JexlBuilder().sandbox(jexlSandbox).strict(true).create().createScript("foo.alias = $0", new String[]{"foo", "$0"}).execute((JexlContext) null, new Object[]{foo, "43"});
            Assert.fail("alias should not be accessible");
        } catch (JexlException.Property e) {
            LOGGER.info(e.toString());
        }
    }

    @Test
    public void testCantSeeMe() throws Exception {
        MapContext mapContext = new MapContext();
        JexlSandbox jexlSandbox = new JexlSandbox(false);
        jexlSandbox.white(Foo.class.getName());
        JexlEngine create = new JexlBuilder().sandbox(jexlSandbox).strict(true).create();
        mapContext.set("foo", new CantSeeMe());
        try {
            create.createScript("foo.doIt()").execute(mapContext);
            Assert.fail("should have failed, doIt()");
        } catch (JexlException e) {
        }
        mapContext.set("foo", new Foo("42"));
        Assert.assertEquals(42L, ((Integer) r0.execute(mapContext)).intValue());
    }

    @Test
    public void testCtorWhite() throws Exception {
        String str = "new('" + Foo.class.getName() + "', '42')";
        JexlSandbox jexlSandbox = new JexlSandbox();
        jexlSandbox.white(Foo.class.getName()).execute(new String[]{""});
        Assert.assertEquals("42", ((Foo) new JexlBuilder().sandbox(jexlSandbox).strict(true).create().createScript(str).execute((JexlContext) null)).getName());
    }

    @Test
    public void testMethodWhite() throws Exception {
        Foo foo = new Foo("42");
        JexlSandbox jexlSandbox = new JexlSandbox();
        jexlSandbox.white(Foo.class.getName()).execute(new String[]{"Quux"});
        Assert.assertEquals(foo.Quux(), new JexlBuilder().sandbox(jexlSandbox).strict(true).create().createScript("foo.Quux()", new String[]{"foo"}).execute((JexlContext) null, new Object[]{foo}));
    }

    @Test
    public void testMethodNoJexl() throws Exception {
        Foo foo = new Foo("42");
        JexlEngine create = new JexlBuilder().strict(true).create();
        for (String str : new String[]{"foo.cantCallMe()", "foo.tryMe()", "foo.tryMeARiver()", "foo.callMeNot()", "foo.NONO", "new('org.apache.commons.jexl3.SandboxTest$Foo', 'one', 'two')"}) {
            try {
                create.createScript(str, new String[]{"foo"}).execute((JexlContext) null, new Object[]{foo});
                Assert.fail("should have not been possible");
            } catch (JexlException.Method e) {
                LOGGER.info(e.toString());
            } catch (JexlException.Property e2) {
                LOGGER.info(e2.toString());
            }
        }
    }

    @Test
    public void testGetWhite() throws Exception {
        Foo foo = new Foo("42");
        JexlSandbox jexlSandbox = new JexlSandbox();
        jexlSandbox.white(Foo.class.getName()).read(new String[]{"alias"});
        jexlSandbox.get(Foo.class.getName()).read().alias("alias", "ALIAS");
        JexlEngine create = new JexlBuilder().sandbox(jexlSandbox).strict(true).create();
        Assert.assertEquals(foo.alias, create.createScript("foo.alias", new String[]{"foo"}).execute((JexlContext) null, new Object[]{foo}));
        Assert.assertEquals(foo.alias, create.createScript("foo.ALIAS", new String[]{"foo"}).execute((JexlContext) null, new Object[]{foo}));
    }

    @Test
    public void testSetWhite() throws Exception {
        Foo foo = new Foo("42");
        JexlSandbox jexlSandbox = new JexlSandbox();
        jexlSandbox.white(Foo.class.getName()).write(new String[]{"alias"});
        Assert.assertEquals("43", new JexlBuilder().sandbox(jexlSandbox).strict(true).create().createScript("foo.alias = $0", new String[]{"foo", "$0"}).execute((JexlContext) null, new Object[]{foo, "43"}));
        Assert.assertEquals("43", foo.alias);
    }

    @Test
    public void testRestrict() throws Exception {
        MapContext mapContext = new MapContext();
        mapContext.set("System", System.class);
        JexlSandbox jexlSandbox = new JexlSandbox();
        jexlSandbox.white(System.class.getName()).execute(new String[]{"currentTimeMillis"});
        jexlSandbox.black(File.class.getName()).execute(new String[]{""});
        JexlEngine create = new JexlBuilder().sandbox(jexlSandbox).strict(true).create();
        try {
            create.createScript("System.exit()").execute(mapContext);
            Assert.fail("should not allow calling exit!");
        } catch (JexlException e) {
            LOGGER.info(e.toString());
        }
        try {
            create.createScript("System.exit(1)").execute(mapContext);
            Assert.fail("should not allow calling exit!");
        } catch (JexlException e2) {
            LOGGER.info(e2.toString());
        }
        try {
            create.createScript("new('java.io.File', '/tmp/should-not-be-created')").execute(mapContext);
            Assert.fail("should not allow creating a file");
        } catch (JexlException e3) {
            LOGGER.info(e3.toString());
        }
        Assert.assertNotNull(create.createScript("System.currentTimeMillis()").execute(mapContext));
    }
}
