Using Graal.js 19.0.0 via Scripting in platform/core.network

enterprise/web.core/build.xml

@@ -21,4 +21,7 @@
 -->
 <project basedir="." default="build" name="enterprise/web.core">
     <import file="../../nbbuild/templates/projectized.xml"/>
+    <taskdef name="configureproxy" classname="org.netbeans.nbbuild.extlibs.ConfigureProxy" classpath="${nbantext.jar}"/>
+    <configureproxy connectTo="http://netbeans.apache.org" hostProperty="proxyHost" portProperty="proxyPort"/>
+    <setproxy proxyhost="${proxyHost}" proxyPort="${proxyPort}"/>
 </project>

groovy/gradle/build.xml

@@ -23,6 +23,8 @@
     <description>Builds, tests, and runs the project org.netbeans.modules.gradle</description>
     <import file="../../nbbuild/templates/projectized.xml"/>
 
+    <taskdef name="configureproxy" classname="org.netbeans.nbbuild.extlibs.ConfigureProxy" classpath="${nbantext.jar}"/>
+
     <property name="test-unit-sys-prop.test.data.dir" location="test/data"/>
     <property name="tooling" value="netbeans-gradle-tooling"/>
     <available property="have.gradle.wrapper" file="${tooling}/gradle/wrapper/gradle-wrapper.jar"/>
@@ -36,9 +38,18 @@
         <copy file="external/gradle-wrapper-4.10.2.jar" tofile="${tooling}/gradle/wrapper/gradle-wrapper.jar"/>
     </target>
 
-    <target name="build-tooling-lib" depends="-copy-gradle-wrapper,-uptodate-tooling" unless="tooling.uptodate">
+    <target name="build-tooling-lib" depends="-download.release.files,-copy-gradle-wrapper,-uptodate-tooling" unless="tooling.uptodate">
+        <configureproxy connectTo="http://netbeans.apache.org" hostProperty="proxyHost" portProperty="proxyPort"/>
+        <condition property="gradle.proxy.args" value="-Dhttp.proxyHost=${proxyHost} -Dhttp.proxyPort=${proxyPort} -Dhttps.proxyHost=${proxyHost} -Dhttps.proxyPort=${proxyPort}">
+            <not>
+                <equals arg1="${proxyHost}" arg2="" />
+            </not>
+        </condition>
+        <property name="gradle.proxy.args" value=""/>
+
         <java fork="true" dir="${tooling}" classpath="${tooling}/gradle/wrapper/gradle-wrapper.jar" classname="org.gradle.wrapper.GradleWrapperMain" failonerror="true">
             <sysproperty key="org.gradle.appname" value="Gradle"/>
+            <arg line="${gradle.proxy.args}"/>
             <arg line="clean build -x check"/>
         </java>
         <copy file="${tooling}/build/libs/${tooling}.jar" todir="build/tooling" overwrite="true"/>

ide/libs.graalsdk/arch.xml

@@ -148,7 +148,10 @@
       <usecase id="org.graalvm.polyglot" name="Use Graal SDK directly">
           <api category="third" group="java" name="org.graalvm.polyglot" type="export">
               This module re-exports <code>org.graalvm.polyglot</code> APIs.
-              Use them to obtain directly, if you trust the provider of those APIs.
+              Use them to obtain access to the GraalVM directly, if you only
+              want to work with them and generic
+              <a href="@org-netbeans-api-scripting@/org/netbeans/api/scripting/Scripting.html">Scripting</a>
+              wrapper isn't enough.
           </api>
       </usecase>
   </p>
@@ -551,7 +554,9 @@
       <api name="allowAllAccess" type="export" group="property" category="stable">
         By default all the <a href="http://graalvm.org">GraalVM</a> engines
         (named <code>GraalVM:something</code>)
-        run in a very restricted, secure sandbox. That means they cannot
+        run in a very restricted, secure sandbox. See
+        <a href="@TOP@/org/netbeans/libs/graalsdk/GraalSDK.html">GraalSDK</a>
+        for details. That means the languages cannot
         access local files, ports, etc. Some languages (like
         <a href="https://gihub.com/graalvm/fastr">>FastR</a>
         implementation of the <b>R</b> language) need such access. In such

ide/libs.graalsdk/external/binaries-list

@@ -14,4 +14,4 @@
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
-0E1CCE754C9EF8847B473FAB3F848D1FE324F09E org.graalvm.sdk:graal-sdk:1.0.0-rc12
+3C22A79D3CCCCFD161F4DD935C30C745F6FFF848 org.graalvm.sdk:graal-sdk:19.0.0

ide/libs.graalsdk/external/graal-sdk-1.0.0-license.txt → ide/libs.graalsdk/external/graal-sdk-19.0.0-license.txt

@@ -2,8 +2,8 @@ Name: Graal SDK and Truffle API
 Description: Graal SDK and Truffle API
 License: UPL
 Origin: https://github.com/oracle/graal
-Version: 1.0
-Files: graal-sdk-1.0.0-rc12.jar
+Version: 19.0.0
+Files: graal-sdk-19.0.0.jar
 
 Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
 

ide/libs.graalsdk/nbproject/project.properties

@@ -19,7 +19,7 @@ javac.source=1.8
 javac.compilerargs=-Xlint -Xlint:-serial
 is.autoload=true
 
-release.external/graal-sdk-1.0.0-rc12.jar=modules/ext/graal-sdk-1.0.0-rc12.jar
+release.external/graal-sdk-19.0.0.jar=modules/ext/graal-sdk-19.0.0.jar
 
 javadoc.arch=${basedir}/arch.xml
 javadoc.apichanges=${basedir}/apichanges.xml

ide/libs.graalsdk/nbproject/project.xml

@@ -30,7 +30,7 @@
                     <build-prerequisite/>
                     <compile-dependency/>
                     <run-dependency>
-                        <specification-version>1.0</specification-version>
+                        <specification-version>1.2</specification-version>
                     </run-dependency>
                 </dependency>
                 <dependency>
@@ -80,8 +80,8 @@
                 <package>org.netbeans.libs.graalsdk</package>
             </public-packages>
             <class-path-extension>
-                <runtime-relative-path>ext/graal-sdk-1.0.0-rc12.jar</runtime-relative-path>
-                <binary-origin>external/graal-sdk-1.0.0-rc12.jar</binary-origin>
+                <runtime-relative-path>ext/graal-sdk-19.0.0.jar</runtime-relative-path>
+                <binary-origin>external/graal-sdk-19.0.0.jar</binary-origin>
             </class-path-extension>
         </data>
     </configuration>

ide/libs.graalsdk/src/org/netbeans/libs/graalsdk/GraalSDK.java

@@ -18,17 +18,48 @@
  */
 package org.netbeans.libs.graalsdk;
 
+import java.util.List;
 import org.graalvm.polyglot.Context;
+import org.graalvm.polyglot.Context.Builder;
 import org.graalvm.polyglot.Engine;
+import org.graalvm.polyglot.HostAccess;
 
 /**
  * Integration of <a href="@org-netbeans-api-scripting@/overview-summary.html">NetBeans Scripting</a>
  * API and GraalVM; see the {@link org.netbeans.libs.graalsdk tutorial} for more details.
+ * <h2>Security</h2>
  * <p>
- * As a secondary usecase, it is possible to request this module and gain access to
- * {@code org.graalvm.polyglot} package directly. Consult {@link Context} and {@link Engine}
+ * By default all the <a href="http://graalvm.org">GraalVM</a> engines
+ * (named <code>GraalVM:something</code>)
+ * run in a very restricted, secure sandbox:
+ * </p>
+ * {@codesnippet org.netbeans.libs.graalsdk.impl.GraalContext#SANDBOX}
+ * <p>
+ * The languages cannot access local files, ports, etc. They can access <b>public</b>
+ * fields and <b>public</b> methods of objects passed into their scripts (but not
+ * those methods exposed by base {@link Object} class). The scripts can access
+ * elements of Java arrays and {@link List} elements. Methods of a 
+ * {@linkplain FunctionalInterface functional interfaces} are callable by the 
+ * scripts.
+ * </p>
+ * <p>
+ * For some languages such restrictions are too tight. They
+ * need to gain wider access. This can be done by setting <code>allowAllAccess</code>
+ * attribute to {@code true}:
+ * </p>
+ * {@codesnippet org.netbeans.libs.graalsdk.ScriptingTutorial#allowAllAccess}
+ * <p>
+ * Once enabled, the {@link HostAccess#ALL} and {@link Builder#allowAllAccess(boolean) allowAllAccess(true)}
+ * is then used to construct the engine's environment.
+ * </p>
+ * <h2>Polyglot API Access</h2>
+ * <p>
+ * As a consequence of packaging the GraalVM APIs, it is possible to request this module and gain access to
+ * {@link org.graalvm.polyglot} package directly. Consult {@link Context} and {@link Engine}
  * classes as a starting points when
- * accessing the Graal SDK polyglot API directly.
+ * accessing the Graal SDK directly. Preferably use only if the 
+ * <a href="@org-netbeans-api-scripting@/overview-summary.html">NetBeans Scripting</a>
+ * API wrapper isn't good enough.
  */
 public final class GraalSDK {
     private GraalSDK() {

ide/libs.graalsdk/src/org/netbeans/libs/graalsdk/impl/GraalContext.java

@@ -22,23 +22,48 @@
 import java.io.OutputStreamWriter;
 import java.io.Reader;
 import java.io.Writer;
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
+import java.lang.reflect.Proxy;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 import javax.script.Bindings;
 import javax.script.ScriptContext;
 import javax.script.SimpleBindings;
 import org.graalvm.polyglot.Context;
+import org.graalvm.polyglot.HostAccess;
+import org.graalvm.polyglot.PolyglotAccess;
 import org.openide.util.io.ReaderInputStream;
 
 final class GraalContext implements ScriptContext {
+    private final static String ALLOW_ALL_ACCESS = "allowAllAccess"; // NOI18N
     private Context ctx;
     private final WriterOutputStream writer = new WriterOutputStream(new OutputStreamWriter(System.out));
     private final WriterOutputStream errorWriter = new WriterOutputStream(new OutputStreamWriter(System.err));
     private Reader reader;
+    private final Bindings globals;
     private SimpleBindings bindings;
     private boolean allowAllAccess;
 
+    // BEGIN: org.netbeans.libs.graalsdk.impl.GraalContext#SANDBOX
+    private static final HostAccess SANDBOX = HostAccess.newBuilder().
+            allowPublicAccess(true).
+            allowArrayAccess(true).
+            allowListAccess(true).
+            allowAllImplementations(true).
+            denyAccess(Class.class).
+            denyAccess(Method.class).
+            denyAccess(Field.class).
+            denyAccess(Proxy.class).
+            denyAccess(Object.class, false).
+            build();
+    // END: org.netbeans.libs.graalsdk.impl.GraalContext#SANDBOX
+
+    GraalContext(Bindings globals) {
+        this.globals = globals;
+    }
+
     synchronized final Context ctx() {
         if (ctx == null) {
             final Context.Builder b = Context.newBuilder();
@@ -51,15 +76,18 @@ synchronized final Context ctx() {
                     throw raise(RuntimeException.class, ex);
                 }
             }
-            if (allowAllAccess) {
+            b.allowPolyglotAccess(PolyglotAccess.ALL);
+            if (Boolean.TRUE.equals(getAttribute(ALLOW_ALL_ACCESS, ScriptContext.GLOBAL_SCOPE))) {
+                b.allowHostAccess(HostAccess.ALL);
                 b.allowAllAccess(true);
+            } else {
+                b.allowHostAccess(SANDBOX);
             }
             ctx = b.build();
         }
         return ctx;
     }
 
-
     @Override
     public void setBindings(Bindings bindings, int scope) {
         throw new UnsupportedOperationException();
@@ -85,7 +113,7 @@ private void assertGlobalScope(int scope) throws IllegalArgumentException {
     @Override
     public void setAttribute(String name, Object value, int scope) {
         assertGlobalScope(scope);
-        if ("allowAllAccess".equals(name)) { // NOI18N
+        if (ALLOW_ALL_ACCESS.equals(name)) {
             if (this.ctx == null) {
                 this.allowAllAccess = Boolean.TRUE.equals(value);
                 return;
@@ -98,10 +126,12 @@ public void setAttribute(String name, Object value, int scope) {
     @Override
     public Object getAttribute(String name, int scope) {
         assertGlobalScope(scope);
-        if ("allowAllAccess".equals(name)) { // NOI18N
-            return this.allowAllAccess;
+        if (ALLOW_ALL_ACCESS.equals(name)) {
+            if (this.allowAllAccess) {
+                return true;
+            }
         }
-        return null;
+        return globals == null ? null : globals.get(name);
     }
 
     @Override

ide/libs.graalsdk/src/org/netbeans/libs/graalsdk/impl/GraalEngineFactory.java

@@ -60,7 +60,7 @@ public List<String> getMimeTypes() {
 
     @Override
     public List<String> getNames() {
-        return Arrays.asList(language.getName());
+        return Arrays.asList(language.getName(), getEngineName());
     }
 
     @Override

ide/libs.graalsdk/src/org/netbeans/libs/graalsdk/impl/GraalEnginesProvider.java

@@ -21,7 +21,9 @@
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
+import javax.script.Bindings;
 import javax.script.ScriptEngineFactory;
+import javax.script.ScriptEngineManager;
 import org.graalvm.polyglot.Engine;
 import org.graalvm.polyglot.Language;
 import org.netbeans.spi.scripting.EngineProvider;
@@ -36,19 +38,24 @@ public GraalEnginesProvider() {
 
     @Override
     public List<ScriptEngineFactory> factories() {
+        return factories(null);
+    }
+
+    @Override
+    public List<ScriptEngineFactory> factories(ScriptEngineManager m) {
         List<ScriptEngineFactory> arr = new ArrayList<>();
         try {
             if (disable == null) {
-                enumerateLanguages(arr);
+                enumerateLanguages(arr, m == null ? null : m.getBindings());
             }
         } catch (IllegalStateException | LinkageError err) {
             disable = err;
         }
         return arr;
     }
 
-    private void enumerateLanguages(List<ScriptEngineFactory> arr) {
-        final GraalContext ctx = new GraalContext();
+    private void enumerateLanguages(List<ScriptEngineFactory> arr, Bindings globals) {
+        final GraalContext ctx = new GraalContext(globals);
         try (Engine engine = Engine.newBuilder().build()) {
             for (Map.Entry<String, Language> entry : engine.getLanguages().entrySet()) {
                 arr.add(new GraalEngineFactory(ctx, entry.getKey(), entry.getValue()));