Split MethodValidator from ReturnTypeValidator

Author: jasmith-hs

src/main/java/com/hubspot/jinjava/JinjavaConfig.java

@@ -26,8 +26,10 @@
 import com.hubspot.jinjava.el.JinjavaObjectUnwrapper;
 import com.hubspot.jinjava.el.JinjavaProcessors;
 import com.hubspot.jinjava.el.ObjectUnwrapper;
-import com.hubspot.jinjava.el.ext.MethodValidator;
+import com.hubspot.jinjava.el.ext.AllowlistMethodValidator;
+import com.hubspot.jinjava.el.ext.AllowlistReturnTypeValidator;
 import com.hubspot.jinjava.el.ext.MethodValidatorConfig;
+import com.hubspot.jinjava.el.ext.ReturnTypeValidatorConfig;
 import com.hubspot.jinjava.features.FeatureConfig;
 import com.hubspot.jinjava.features.Features;
 import com.hubspot.jinjava.interpret.Context.Library;
@@ -163,17 +165,25 @@ default TokenScannerSymbols getTokenScannerSymbols() {
   }
 
   @Value.Default
-  default MethodValidator getMethodValidator() {
-    return MethodValidator.create(
+  default AllowlistMethodValidator getMethodValidator() {
+    return AllowlistMethodValidator.create(
       MethodValidatorConfig.builder().addDefaultAllowlistGroups().build()
     );
   }
 
+  @Value.Default
+  default AllowlistReturnTypeValidator getReturnTypeValidator() {
+    return AllowlistReturnTypeValidator.create(
+      ReturnTypeValidatorConfig.builder().addDefaultAllowlistGroups().build()
+    );
+  }
+
   @Value.Default
   default ELResolver getElResolver() {
     return JinjavaInterpreterResolver.createDefaultResolver(
       isDefaultReadOnlyResolver(),
-      getMethodValidator()
+      getMethodValidator(),
+      getReturnTypeValidator()
     );
   }
 
@@ -247,16 +257,7 @@ default boolean isIterateOverMapKeys() {
     return getLegacyOverrides().isIterateOverMapKeys();
   }
 
-  class Builder extends ImmutableJinjavaConfig.Builder {
-
-    public Builder withReadOnlyResolver(boolean readOnlyResolver) {
-      return withElResolver(
-        readOnlyResolver
-          ? JinjavaInterpreterResolver.DEFAULT_RESOLVER_READ_ONLY
-          : JinjavaInterpreterResolver.DEFAULT_RESOLVER_READ_WRITE
-      );
-    }
-  }
+  class Builder extends ImmutableJinjavaConfig.Builder {}
 
   static Builder builder() {
     return new Builder();

src/main/java/com/hubspot/jinjava/el/JinjavaInterpreterResolver.java

@@ -4,13 +4,15 @@
 
 import com.google.common.collect.ImmutableMap;
 import com.hubspot.jinjava.el.ext.AbstractCallableMethod;
+import com.hubspot.jinjava.el.ext.AllowlistMethodValidator;
+import com.hubspot.jinjava.el.ext.AllowlistReturnTypeValidator;
 import com.hubspot.jinjava.el.ext.DeferredParsingException;
 import com.hubspot.jinjava.el.ext.ExtendedParser;
 import com.hubspot.jinjava.el.ext.JinjavaBeanELResolver;
 import com.hubspot.jinjava.el.ext.JinjavaListELResolver;
-import com.hubspot.jinjava.el.ext.MethodValidator;
 import com.hubspot.jinjava.el.ext.MethodValidatorConfig;
 import com.hubspot.jinjava.el.ext.NamedParameter;
+import com.hubspot.jinjava.el.ext.ReturnTypeValidatorConfig;
 import com.hubspot.jinjava.interpret.DeferredValueException;
 import com.hubspot.jinjava.interpret.DisabledException;
 import com.hubspot.jinjava.interpret.JinjavaInterpreter;
@@ -23,6 +25,7 @@
 import com.hubspot.jinjava.objects.PyWrapper;
 import com.hubspot.jinjava.objects.collections.SizeLimitingPyList;
 import com.hubspot.jinjava.objects.collections.SizeLimitingPyMap;
+import com.hubspot.jinjava.objects.collections.SizeLimitingPySet;
 import com.hubspot.jinjava.objects.date.FormattedDate;
 import com.hubspot.jinjava.objects.date.InvalidDateFormatException;
 import com.hubspot.jinjava.objects.date.PyishDate;
@@ -41,6 +44,7 @@
 import java.util.Locale;
 import java.util.Map;
 import java.util.Objects;
+import java.util.Set;
 import javax.el.ArrayELResolver;
 import javax.el.CompositeELResolver;
 import javax.el.ELContext;
@@ -54,27 +58,36 @@ public class JinjavaInterpreterResolver extends SimpleResolver {
 
   public static ELResolver createDefaultResolver(
     boolean readOnly,
-    MethodValidator methodValidator
+    AllowlistMethodValidator allowlistMethodValidator,
+    AllowlistReturnTypeValidator allowlistReturnTypeValidator
   ) {
     return new CompositeELResolver() {
       {
         add(new ArrayELResolver(readOnly));
         add(new JinjavaListELResolver(readOnly));
         add(new TypeConvertingMapELResolver(readOnly));
         add(new ResourceBundleELResolver());
-        add(new JinjavaBeanELResolver(readOnly, methodValidator));
+        add(
+          new JinjavaBeanELResolver(
+            readOnly,
+            allowlistMethodValidator,
+            allowlistReturnTypeValidator
+          )
+        );
       }
     };
   }
 
   public static final ELResolver DEFAULT_RESOLVER_READ_ONLY = createDefaultResolver(
     true,
-    MethodValidator.create(MethodValidatorConfig.of())
+    AllowlistMethodValidator.create(MethodValidatorConfig.of()),
+    AllowlistReturnTypeValidator.create(ReturnTypeValidatorConfig.of())
   );
 
   public static final ELResolver DEFAULT_RESOLVER_READ_WRITE = createDefaultResolver(
     false,
-    MethodValidator.create(MethodValidatorConfig.of())
+    AllowlistMethodValidator.create(MethodValidatorConfig.of()),
+    AllowlistReturnTypeValidator.create(ReturnTypeValidatorConfig.of())
   );
 
   private final JinjavaInterpreter interpreter;
@@ -315,6 +328,12 @@ Object wrap(Object value) {
         interpreter.getConfig().getMaxListSize()
       );
     }
+    if (Set.class.isAssignableFrom(value.getClass())) {
+      return new SizeLimitingPySet(
+        (Set<Object>) value,
+        interpreter.getConfig().getMaxListSize()
+      );
+    }
     if (Map.class.isAssignableFrom(value.getClass())) {
       // FIXME: ensure keys are actually strings, if not, convert them
       return new SizeLimitingPyMap(

src/main/java/com/hubspot/jinjava/el/ext/AllowlistGroup.java

@@ -0,0 +1,162 @@
+package com.hubspot.jinjava.el.ext;
+
+import com.google.common.collect.ForwardingCollection;
+import com.google.common.collect.ForwardingList;
+import com.google.common.collect.ForwardingMap;
+import com.google.common.collect.ForwardingSet;
+import com.hubspot.jinjava.lib.exptest.ExpTest;
+import com.hubspot.jinjava.lib.filter.Filter;
+import com.hubspot.jinjava.objects.DummyObject;
+import com.hubspot.jinjava.objects.Namespace;
+import com.hubspot.jinjava.objects.SafeString;
+import com.hubspot.jinjava.objects.collections.PyList;
+import com.hubspot.jinjava.objects.collections.PyMap;
+import com.hubspot.jinjava.objects.collections.PySet;
+import com.hubspot.jinjava.objects.collections.SizeLimitingPyList;
+import com.hubspot.jinjava.objects.collections.SizeLimitingPyMap;
+import com.hubspot.jinjava.objects.collections.SizeLimitingPySet;
+import com.hubspot.jinjava.objects.collections.SnakeCaseAccessibleMap;
+import com.hubspot.jinjava.objects.date.FormattedDate;
+import com.hubspot.jinjava.objects.date.PyishDate;
+import com.hubspot.jinjava.util.ForLoop;
+import java.lang.reflect.Method;
+import java.math.BigDecimal;
+import java.util.AbstractCollection;
+import java.util.ArrayList;
+import java.util.Map;
+
+public enum AllowlistGroup {
+  JavaPrimitives {
+    private static final Class<?>[] ARRAY = {
+      String.class,
+      Long.class,
+      Integer.class,
+      Double.class,
+      Byte.class,
+      Character.class,
+      Float.class,
+      Boolean.class,
+      Short.class,
+      long.class,
+      int.class,
+      double.class,
+      byte.class,
+      char.class,
+      float.class,
+      boolean.class,
+      short.class,
+      BigDecimal.class,
+    };
+
+    @Override
+    Class<?>[] allowedReturnTypeClasses() {
+      return ARRAY;
+    }
+
+    @Override
+    Class<?>[] allowedDeclaredMethodsFromClasses() {
+      return ARRAY;
+    }
+  },
+  JinjavaObjects {
+    private static final Class<?>[] ARRAY = {
+      PyList.class,
+      PyMap.class,
+      SizeLimitingPyMap.class,
+      SizeLimitingPyList.class,
+      SnakeCaseAccessibleMap.class,
+      FormattedDate.class,
+      PyishDate.class,
+      DummyObject.class,
+      Namespace.class,
+      SafeString.class,
+    };
+
+    @Override
+    Class<?>[] allowedReturnTypeClasses() {
+      return ARRAY;
+    }
+
+    @Override
+    Class<?>[] allowedDeclaredMethodsFromClasses() {
+      return ARRAY;
+    }
+  },
+  Collections {
+    private static final Class<?>[] ARRAY = {
+      Map.Entry.class,
+      PyList.class,
+      PyMap.class,
+      PySet.class,
+      SizeLimitingPyMap.class,
+      SizeLimitingPyList.class,
+      SizeLimitingPySet.class,
+      ArrayList.class,
+      ForwardingList.class,
+      ForwardingMap.class,
+      ForwardingSet.class,
+      ForwardingCollection.class,
+      AbstractCollection.class,
+    };
+
+    @Override
+    Class<?>[] allowedReturnTypeClasses() {
+      return ARRAY;
+    }
+
+    @Override
+    Class<?>[] allowedDeclaredMethodsFromClasses() {
+      return ARRAY;
+    }
+  },
+  JinjavaTagConstructs {
+    private static final Class<?>[] ARRAY = { ForLoop.class };
+
+    @Override
+    Class<?>[] allowedReturnTypeClasses() {
+      return ARRAY;
+    }
+
+    @Override
+    Class<?>[] allowedDeclaredMethodsFromClasses() {
+      return ARRAY;
+    }
+  },
+  JinjavaFilters {
+    private static final String[] ARRAY = { Filter.class.getPackageName() };
+
+    @Override
+    String[] allowedDeclaredMethodsFromCanonicalClassPrefixes() {
+      return ARRAY;
+    }
+  },
+  JinjavaFunctions,
+  JinjavaExpTests {
+    private static final String[] ARRAY = { ExpTest.class.getPackageName() };
+
+    @Override
+    String[] allowedDeclaredMethodsFromCanonicalClassPrefixes() {
+      return ARRAY;
+    }
+  };
+
+  Method[] allowMethods() {
+    return new Method[0];
+  }
+
+  String[] allowedDeclaredMethodsFromCanonicalClassPrefixes() {
+    return new String[0];
+  }
+
+  Class<?>[] allowedDeclaredMethodsFromClasses() {
+    return new Class[0];
+  }
+
+  String[] allowedReturnTypeCanonicalClassPrefixes() {
+    return new String[0];
+  }
+
+  Class<?>[] allowedReturnTypeClasses() {
+    return new Class[0];
+  }
+}

src/main/java/com/hubspot/jinjava/el/ext/AllowlistMethodValidator.java

@@ -0,0 +1,59 @@
+package com.hubspot.jinjava.el.ext;
+
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableSet;
+import java.lang.reflect.Method;
+
+public final class AllowlistMethodValidator {
+
+  private final ImmutableSet<Method> allowedMethods;
+  private final ImmutableSet<String> allowedDeclaredMethodsFromCanonicalClassPrefixes;
+  private final ImmutableSet<String> allowedDeclaredMethodsFromCanonicalClassNames;
+  private final ImmutableList<MethodValidator> additionalValidators;
+
+  public static AllowlistMethodValidator create(
+    MethodValidatorConfig methodValidatorConfig,
+    MethodValidator... additionalValidators
+  ) {
+    return new AllowlistMethodValidator(
+      methodValidatorConfig,
+      ImmutableList.copyOf(additionalValidators)
+    );
+  }
+
+  private AllowlistMethodValidator(
+    MethodValidatorConfig methodValidatorConfig,
+    ImmutableList<MethodValidator> additionalValidators
+  ) {
+    this.allowedMethods = methodValidatorConfig.allowedMethods();
+    this.allowedDeclaredMethodsFromCanonicalClassPrefixes =
+      methodValidatorConfig.allowedDeclaredMethodsFromCanonicalClassPrefixes();
+    this.allowedDeclaredMethodsFromCanonicalClassNames =
+      methodValidatorConfig.allowedDeclaredMethodsFromCanonicalClassNames();
+    this.additionalValidators = additionalValidators;
+  }
+
+  public Method validateMethod(Method m) {
+    if (m == null) {
+      return null;
+    }
+    Class<?> clazz = m.getDeclaringClass();
+    String canonicalClassName = clazz.getCanonicalName();
+    if (
+      allowedMethods.contains(m) ||
+      allowedDeclaredMethodsFromCanonicalClassNames.contains(canonicalClassName) ||
+      allowedDeclaredMethodsFromCanonicalClassPrefixes
+        .stream()
+        .anyMatch(canonicalClassName::startsWith)
+    ) {
+      for (MethodValidator v : additionalValidators) {
+        m = v.validateMethod(m);
+        if (m == null) {
+          return null;
+        }
+      }
+      return m;
+    }
+    return null;
+  }
+}