From 77c75be5e0bcfc43ec762b135fe6da6dcbbd8253 Mon Sep 17 00:00:00 2001 From: darbyjack Date: Mon, 25 Jul 2022 18:54:44 -0500 Subject: [PATCH] Add in sandbox for Nashorn --- .../evaluator/NashornScriptEvaluator.java | 5 +---- .../evaluator/QuickJsScriptEvaluator.java | 3 ++- .../evaluator/QuickJsScriptEvaluatorFactory.java | 15 +++++---------- 3 files changed, 8 insertions(+), 15 deletions(-) diff --git a/evaluator/src/main/java/com/extendedclip/papi/expansion/javascript/evaluator/NashornScriptEvaluator.java b/evaluator/src/main/java/com/extendedclip/papi/expansion/javascript/evaluator/NashornScriptEvaluator.java index 5dcf77b..7b56539 100644 --- a/evaluator/src/main/java/com/extendedclip/papi/expansion/javascript/evaluator/NashornScriptEvaluator.java +++ b/evaluator/src/main/java/com/extendedclip/papi/expansion/javascript/evaluator/NashornScriptEvaluator.java @@ -1,7 +1,5 @@ package com.extendedclip.papi.expansion.javascript.evaluator; -import com.koushikdutta.quack.QuackContext; -import org.openjdk.nashorn.api.scripting.NashornScriptEngine; import org.openjdk.nashorn.api.scripting.NashornScriptEngineFactory; import javax.script.Bindings; @@ -9,7 +7,6 @@ import javax.script.ScriptContext; import javax.script.ScriptEngine; import javax.script.ScriptException; import java.util.Map; -import java.util.stream.Stream; public final class NashornScriptEvaluator implements ScriptEvaluator { private final NashornScriptEngineFactory scriptEngineFactory; @@ -22,7 +19,7 @@ public final class NashornScriptEvaluator implements ScriptEvaluator { @Override public Object execute(final Map additionalBindings, final String script) throws EvaluatorException, ScriptException { - final ScriptEngine engine = scriptEngineFactory.getScriptEngine(); + final ScriptEngine engine = scriptEngineFactory.getScriptEngine("--no-java"); final Bindings globalBindings = engine.getBindings(ScriptContext.ENGINE_SCOPE); globalBindings.putAll(bindings); globalBindings.putAll(additionalBindings); diff --git a/evaluator/src/main/java/com/extendedclip/papi/expansion/javascript/evaluator/QuickJsScriptEvaluator.java b/evaluator/src/main/java/com/extendedclip/papi/expansion/javascript/evaluator/QuickJsScriptEvaluator.java index c6ef4e8..0a35546 100644 --- a/evaluator/src/main/java/com/extendedclip/papi/expansion/javascript/evaluator/QuickJsScriptEvaluator.java +++ b/evaluator/src/main/java/com/extendedclip/papi/expansion/javascript/evaluator/QuickJsScriptEvaluator.java @@ -1,6 +1,7 @@ package com.extendedclip.papi.expansion.javascript.evaluator; -import com.koushikdutta.quack.*; +import com.koushikdutta.quack.JavaScriptObject; +import com.koushikdutta.quack.QuackContext; import java.util.Map; diff --git a/evaluator/src/main/java/com/extendedclip/papi/expansion/javascript/evaluator/QuickJsScriptEvaluatorFactory.java b/evaluator/src/main/java/com/extendedclip/papi/expansion/javascript/evaluator/QuickJsScriptEvaluatorFactory.java index 8e67226..cb6b443 100644 --- a/evaluator/src/main/java/com/extendedclip/papi/expansion/javascript/evaluator/QuickJsScriptEvaluatorFactory.java +++ b/evaluator/src/main/java/com/extendedclip/papi/expansion/javascript/evaluator/QuickJsScriptEvaluatorFactory.java @@ -3,19 +3,14 @@ package com.extendedclip.papi.expansion.javascript.evaluator; import com.extendedclip.papi.expansion.javascript.evaluator.util.InjectionUtil; import javax.script.ScriptException; -import java.io.File; import java.io.IOException; -import java.io.InputStream; -import java.net.*; -import java.nio.channels.Channels; -import java.nio.channels.FileChannel; -import java.nio.channels.ReadableByteChannel; -import java.nio.file.StandardOpenOption; +import java.net.URISyntaxException; +import java.net.URL; import java.security.NoSuchAlgorithmException; -import java.util.*; +import java.util.Collection; +import java.util.Collections; +import java.util.Map; import java.util.function.Function; -import java.util.jar.JarFile; -import java.util.zip.ZipEntry; public final class QuickJsScriptEvaluatorFactory implements ScriptEvaluatorFactory { private static final String TEST_EVALUATION_SCRIPT = "10 * 10";