add JS mapper configuration to allow use of "unsafe" standard objects…

… (useful when debugging)

Signed-off-by: Thomas Jaeckle <thomas.jaeckle@bosch.io>

connectivity/service/src/main/java/org/eclipse/ditto/connectivity/service/config/javascript/DefaultJavaScriptConfig.java

@@ -33,12 +33,15 @@ public final class DefaultJavaScriptConfig implements JavaScriptConfig {
     private final int maxScriptSizeBytes;
     private final Duration maxScriptExecutionTime;
     private final int maxScriptStackDepth;
+    private final boolean allowUnsafeStandardObjects;
 
     private DefaultJavaScriptConfig(final ScopedConfig config) {
         maxScriptSizeBytes = config.getPositiveIntOrThrow(JavaScriptConfigValue.MAX_SCRIPT_SIZE_BYTES);
         maxScriptExecutionTime =
                 config.getNonNegativeAndNonZeroDurationOrThrow(JavaScriptConfigValue.MAX_SCRIPT_EXECUTION_TIME);
         maxScriptStackDepth = config.getPositiveIntOrThrow(JavaScriptConfigValue.MAX_SCRIPT_STACK_DEPTH);
+        allowUnsafeStandardObjects = config.getBoolean(JavaScriptConfigValue.ALLOW_UNSAFE_STANDARD_OBJECTS
+                .getConfigPath());
     }
 
     /**
@@ -68,6 +71,11 @@ public int getMaxScriptStackDepth() {
         return maxScriptStackDepth;
     }
 
+    @Override
+    public boolean isAllowUnsafeStandardObjects() {
+        return allowUnsafeStandardObjects;
+    }
+
     @Override
     public boolean equals(final Object o) {
         if (this == o) {
@@ -79,12 +87,13 @@ public boolean equals(final Object o) {
         final DefaultJavaScriptConfig that = (DefaultJavaScriptConfig) o;
         return maxScriptSizeBytes == that.maxScriptSizeBytes &&
                 maxScriptStackDepth == that.maxScriptStackDepth &&
+                allowUnsafeStandardObjects == that.allowUnsafeStandardObjects &&
                 Objects.equals(maxScriptExecutionTime, that.maxScriptExecutionTime);
     }
 
     @Override
     public int hashCode() {
-        return Objects.hash(maxScriptSizeBytes, maxScriptExecutionTime, maxScriptStackDepth);
+        return Objects.hash(maxScriptSizeBytes, maxScriptExecutionTime, maxScriptStackDepth, allowUnsafeStandardObjects);
     }
 
     @Override
@@ -93,6 +102,7 @@ public String toString() {
                 "maxScriptSizeBytes=" + maxScriptSizeBytes +
                 ", maxScriptExecutionTime=" + maxScriptExecutionTime +
                 ", maxScriptStackDepth=" + maxScriptStackDepth +
+                ", allowUnsafeStandardObjects=" + allowUnsafeStandardObjects +
                 "]";
     }
 

connectivity/service/src/main/java/org/eclipse/ditto/connectivity/service/config/javascript/JavaScriptConfig.java

@@ -49,6 +49,13 @@ public interface JavaScriptConfig {
      */
     int getMaxScriptStackDepth();
 
+    /**
+     * Whether to allow using 'print', 'exit', 'quit' in JavaScript executions, only intended for debugging purposes.
+     *
+     * @return whether to allow using unsafe standard objects in JS mapping.
+     */
+    boolean isAllowUnsafeStandardObjects();
+
     /**
      * An enumeration of the known config path expressions and their associated default values for
      * {@code JavaScriptConfig}.
@@ -68,7 +75,12 @@ enum JavaScriptConfigValue implements KnownConfigValue {
         /**
          * The maximum call stack depth in the mapping script.
          */
-        MAX_SCRIPT_STACK_DEPTH("maxScriptStackDepth", 10);
+        MAX_SCRIPT_STACK_DEPTH("maxScriptStackDepth", 10),
+
+        /**
+         * Whether to allow using 'print', 'exit', 'quit' in JavaScript executions, only intended for debugging purposes.
+         */
+        ALLOW_UNSAFE_STANDARD_OBJECTS("allowUnsafeStandardObjects", false);
 
         private final String path;
         private final Object defaultValue;

connectivity/service/src/main/java/org/eclipse/ditto/connectivity/service/mapping/javascript/JavaScriptMessageMapperRhino.java

@@ -21,14 +21,14 @@
 
 import javax.annotation.Nullable;
 
+import org.eclipse.ditto.connectivity.api.ExternalMessage;
 import org.eclipse.ditto.connectivity.model.MessageMapperConfigurationFailedException;
 import org.eclipse.ditto.connectivity.service.config.javascript.JavaScriptConfig;
 import org.eclipse.ditto.connectivity.service.config.mapping.MappingConfig;
-import org.eclipse.ditto.protocol.Adaptable;
 import org.eclipse.ditto.connectivity.service.mapping.AbstractMessageMapper;
 import org.eclipse.ditto.connectivity.service.mapping.MessageMapperConfiguration;
 import org.eclipse.ditto.connectivity.service.mapping.PayloadMapper;
-import org.eclipse.ditto.connectivity.api.ExternalMessage;
+import org.eclipse.ditto.protocol.Adaptable;
 import org.mozilla.javascript.Context;
 import org.mozilla.javascript.ContextFactory;
 import org.mozilla.javascript.RhinoException;
@@ -93,7 +93,12 @@ public void doConfigure(final MappingConfig mappingConfig, final MessageMapperCo
         try {
             // create scope once and load the required libraries in order to get best performance:
             contextFactory.call(cx -> {
-                final Scriptable scope = cx.initSafeStandardObjects(); // that one disables "print, exit, quit", etc.
+                final Scriptable scope;
+                if (javaScriptConfig.isAllowUnsafeStandardObjects()) {
+                    scope = cx.initStandardObjects();
+                } else {
+                    scope = cx.initSafeStandardObjects(); // that one disables "print, exit, quit", etc.
+                }
                 initLibraries(cx, scope);
                 return scope;
             });

connectivity/service/src/main/resources/connectivity.conf

@@ -447,6 +447,8 @@ ditto {
         # the maximum call stack depth in the mapping script
         # prevents recursions or other too complex computation
         maxScriptStackDepth = 25
+        # Whether to allow using 'print', 'exit', 'quit' in JavaScript executions, only intended for debugging purposes
+        allowUnsafeStandardObjects = false
       }
 
       mapper-limits {