-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
【Type:feature 】The SPEL in the mock plugin is secure by default #4606
Conversation
…ture/mock-safe-spel
Well done! maybe SimpleEvaluationContextcan completely replace old one . I think we can remove old one. Have you ever try |
…ture/mock-safe-spel
Codecov Report
@@ Coverage Diff @@
## master #4606 +/- ##
=========================================
Coverage 68.87% 68.87%
- Complexity 7822 7835 +13
=========================================
Files 1039 1041 +2
Lines 30034 30058 +24
Branches 2739 2739
=========================================
+ Hits 20685 20703 +18
- Misses 7728 7734 +6
Partials 1621 1621
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
The original has been replaced with a secure implementation. see https://docs.spring.io/spring-framework/docs/5.0.6.RELEASE/javadoc-api/org/springframework/expression/spel/support/SimpleEvaluationContext.html StandardExpressionGenerator is not loaded by default and needs to be enabled by the user. Without studying the MethodSecurityEvaluationContext, but only providing some clues, he came from spring-security. |
work list: