Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

【Type:feature 】The SPEL in the mock plugin is secure by default #4606

Merged
merged 11 commits into from
May 3, 2023
Merged

【Type:feature 】The SPEL in the mock plugin is secure by default #4606

merged 11 commits into from
May 3, 2023

Conversation

li-keguo
Copy link
Member

@li-keguo li-keguo commented May 3, 2023

work list:

  • Use SimpleEvaluationContext as the default secure SPEL.
  • Provides a Standard Expression Generator, which is not loaded by default.

@tian-pengfei
Copy link
Contributor

tian-pengfei commented May 3, 2023
edited
Loading

Well done! maybe SimpleEvaluationContextcan completely replace old one . I think we can remove old one. Have you ever try MethodSecurityEvaluationContext. are threre any differences between SimpleEvaluationContext and MethodSecurityEvaluationContext?

@codecov-commenter
Copy link

codecov-commenter commented May 3, 2023
edited
Loading

Codecov Report

Merging #4606 (62b7808) into master (ba6f3a3) will increase coverage by 0.00%.
The diff coverage is 63.15%.

@@            Coverage Diff            @@
##             master    #4606   +/-   ##
=========================================
  Coverage     68.87%   68.87%           
- Complexity     7822     7835   +13     
=========================================
  Files          1039     1041    +2     
  Lines         30034    30058   +24     
  Branches       2739     2739           
=========================================
+ Hits          20685    20703   +18     
- Misses         7728     7734    +6     
  Partials       1621     1621
Impacted Files Coverage Δ
...java/org/apache/shenyu/plugin/mock/MockPlugin.java 0.00% <0.00%> (ø)
.../shenyu/plugin/mock/handler/MockPluginHandler.java 0.00% <0.00%> (ø)
...a/org/apache/shenyu/plugin/mock/util/MockUtil.java 80.00% <66.66%> (+0.40%) ⬆️
...in/mock/generator/StandardExpressionGenerator.java 85.71% <85.71%> (ø)
...shenyu/plugin/mock/util/EvaluationContextUtil.java 89.47% <89.47%> (ø)
...nyu/plugin/mock/generator/ExpressionGenerator.java 100.00% <100.00%> (+10.00%) ⬆️

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@li-keguo
Copy link
Member Author

li-keguo commented May 3, 2023
edited by tian-pengfei
Loading

Well done! maybe SimpleEvaluationContext can completely replace old one . I think we can remove old one. Have you ever try MethodSecurityEvaluationContext. are threre any differences between SimpleEvaluationContext and MethodSecurityEvaluationContext?

The original has been replaced with a secure implementation. see https://docs.spring.io/spring-framework/docs/5.0.6.RELEASE/javadoc-api/org/springframework/expression/spel/support/SimpleEvaluationContext.html

StandardExpressionGenerator is not loaded by default and needs to be enabled by the user.

Without studying the MethodSecurityEvaluationContext, but only providing some clues, he came from spring-security.

@li-keguo li-keguo merged commit 1e678f4 into apache:master May 3, 2023
35 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tian-pengfei tian-pengfei tian-pengfei approved these changes

@yu199195 yu199195 Awaiting requested review from yu199195

Assignees
No one assigned
Labels
feature: plugin plugin: mock type: new feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@li-keguo @tian-pengfei @codecov-commenter