From 48dfac24691396ccd3d030d620570dedd29cc3d2 Mon Sep 17 00:00:00 2001 From: Henrib Date: Mon, 16 Dec 2024 17:50:57 +0100 Subject: [PATCH] JEXL-435: do not coerce empty() operator overload to boolean; --- RELEASE-NOTES.txt | 190 ++++++------------ src/changes/changes.xml | 9 +- .../commons/jexl3/internal/Operator.java | 2 +- .../apache/commons/jexl3/Issues400Test.java | 24 +++ 4 files changed, 92 insertions(+), 133 deletions(-) diff --git a/RELEASE-NOTES.txt b/RELEASE-NOTES.txt index 1cb2e927e..90cde960b 100644 --- a/RELEASE-NOTES.txt +++ b/RELEASE-NOTES.txt @@ -1,126 +1,21 @@ -Apache Commons JEXL 3.4.0 Release Notes - -Introduction ------------- - -Apache Commons JEXL is a library facilitates the implementation of scripting features in - applications and frameworks written in Java. - -Java 8 is required. - -New features ------------- - -o JEXL-423: Add support for instanceof / !instanceof -o JEXL-422: Add strict equality (===) and inequality (!==) operators -o JEXL-421: ArrayBuilder: array type should reflect common class of its entries -o JEXL-419: Add permission syntax to allow class/method/field -o JEXL-418: Add try-catch support Thanks to Xu Pengcheng. -o JEXL-408: Using JexlFeatures is tedious Thanks to sebb. -o JEXL-404: Support array-access safe navigation (x?[y]) Thanks to Xu Pengcheng. -o JEXL-401: Captured variables should be read-only -o JEXL-398: Allow 'trailing commas' or ellipsis while defining array, map and set literals Thanks to Xu Pengcheng. -o Add Maven property project.build.outputTimestamp for build reproducibility. Thanks to Gary Gregory. - -Fixed Bugs ----------- - -o JEXL-420: Error while comparing float and string value Thanks to Xu Pengcheng. -o JEXL-417: JexlArithmetic looses precision during arithmetic operator execution Thanks to Robert Lucas. -o JEXL-416: Null-valued pragma throws NPE in 3.3 Thanks to William Price. -o JEXL-415: Incorrect template eval result. Thanks to Xu Pengcheng. -o JEXL-414: SoftCache may suffer from race conditions. Thanks to Holger Sunke. -o JEXL-412: Ambiguous syntax between namespace function call and map object definition. Thanks to Xu Pengcheng. -o JEXL-410: JexlFeatures: ctor does not enable all features. Thanks to sebb. -o JEXL-409: Disable LEXICAL should disable LEXICAL_SHADE. Thanks to sebb. -o JEXL-405: Recursive functions corrupt evaluation frame if reassigned. -o JEXL-403: Exception while evaluating template literal used in array assignment in loop. Thanks to Xu Pengcheng. -o JEXL-402: Parse failed with empty return value. Thanks to Xu Pengcheng. -o [StepSecurity] ci: Harden GitHub Actions #180. Thanks to step-security-bot, Gary Gregory. -o Guard logging calls. Thanks to PMD, Gary Gregory. -o Deprecate SimpleNode.SimpleNode(Parser, int) in favor of SimpleNode.SimpleNode(int). Thanks to PMD, Gary Gregory. -o Deprecate JexlNode.JexlNode(Parser, int) in favor of JexlNode.JexlNode(int). Thanks to PMD, Gary Gregory. - -Changes -------- - -o Bump commons-parent from 67 to 69. Thanks to dependabot. -o Bump github actions. Thanks to dependabot. -o Bump commons-parent from 57 to 70. Thanks to Gary Gregory, Dependabot. -o Bump org.ow2.asm:asm from 9.5 to 9.7 #200, #242. Thanks to dependabot. -o Bump commons-logging from 1.2 to 1.3.2 #241, #255. Thanks to Gary Gregory, Dependabot. -o Bump com.google.code.gson:gson from 2.10.1 to 2.11.0 #258. Thanks to Gary Gregory, Dependabot. - - -Historical list of changes: https://commons.apache.org/proper/commons-jexl/changes-report.html - -For complete information on Apache Commons JEXL, including instructions on how to submit bug reports, -patches, or suggestions for improvement, see the Apache Commons JEXL website: - -https://commons.apache.org/proper/commons-jexl/ - -Download page: https://commons.apache.org/proper/commons-jexl/download_jexl.cgi - -Have fun! --Apache Commons Team - ------------------------------------------------------------------------------- - + Apache Commons JEXL + Version 3.4.1 + Release Notes -Apache Commons JEXL 3.4.0 Release Notes -Introduction ------------- +INTRODUCTION: +============= -Apache Commons JEXL is a library facilitates the implementation of scripting features in +JEXL is a library intended to facilitate the implementation of dynamic and scripting features in applications and frameworks written in Java. -Java 8 is required. +JEXL implements an Expression Language based on some extensions to the JSTL Expression Language supporting most of the +constructs seen in shell-script or ECMAScript. -New features ------------- - -o JEXL-423: Add support for instanceof / !instanceof -o JEXL-422: Add strict equality (===) and inequality (!==) operators -o JEXL-421: ArrayBuilder: array type should reflect common class of its entries -o JEXL-419: Add permission syntax to allow class/method/field -o JEXL-418: Add try-catch support Thanks to Xu Pengcheng. -o JEXL-408: Using JexlFeatures is tedious Thanks to sebb. -o JEXL-404: Support array-access safe navigation (x?[y]) Thanks to Xu Pengcheng. -o JEXL-401: Captured variables should be read-only -o JEXL-398: Allow 'trailing commas' or ellipsis while defining array, map and set literals Thanks to Xu Pengcheng. -o Add Maven property project.build.outputTimestamp for build reproducibility. Thanks to Gary Gregory. - -Fixed Bugs ----------- - -o JEXL-420: Error while comparing float and string value Thanks to Xu Pengcheng. -o JEXL-417: JexlArithmetic looses precision during arithmetic operator execution Thanks to Robert Lucas. -o JEXL-416: Null-valued pragma throws NPE in 3.3 Thanks to William Price. -o JEXL-415: Incorrect template eval result. Thanks to Xu Pengcheng. -o JEXL-414: SoftCache may suffer from race conditions. Thanks to Holger Sunke. -o JEXL-412: Ambiguous syntax between namespace function call and map object definition. Thanks to Xu Pengcheng. -o JEXL-410: JexlFeatures: ctor does not enable all features. Thanks to sebb. -o JEXL-409: Disable LEXICAL should disable LEXICAL_SHADE. Thanks to sebb. -o JEXL-405: Recursive functions corrupt evaluation frame if reassigned. -o JEXL-403: Exception while evaluating template literal used in array assignment in loop. Thanks to Xu Pengcheng. -o JEXL-402: Parse failed with empty return value. Thanks to Xu Pengcheng. -o [StepSecurity] ci: Harden GitHub Actions #180. Thanks to step-security-bot, Gary Gregory. -o Guard logging calls. Thanks to PMD, Gary Gregory. -o Deprecate SimpleNode.SimpleNode(Parser, int) in favor of SimpleNode.SimpleNode(int). Thanks to PMD, Gary Gregory. -o Deprecate JexlNode.JexlNode(Parser, int) in favor of JexlNode.JexlNode(int). Thanks to PMD, Gary Gregory. - -Changes -------- - -o Bump commons-parent from 67 to 69. Thanks to dependabot. -o Bump github actions. Thanks to dependabot. -o Bump commons-parent from 57 to 70. Thanks to Gary Gregory, Dependabot. -o Bump org.ow2.asm:asm from 9.5 to 9.7 #200, #242. Thanks to dependabot. -o Bump commons-logging from 1.2 to 1.3.2 #241, #255. Thanks to Gary Gregory, Dependabot. -o Bump com.google.code.gson:gson from 2.10.1 to 2.11.0 #258. Thanks to Gary Gregory, Dependabot. +Its goal is to expose scripting features usable by technical operatives or consultants working with enterprise platforms. +Java 8 is required. Historical list of changes: https://commons.apache.org/proper/commons-jexl/changes-report.html @@ -134,27 +29,48 @@ Download page: https://commons.apache.org/proper/commons-jexl/download_io.cgi Have fun! -Apache Commons Team ------------------------------------------------------------------------------- - - - Apache Commons JEXL - Version 3.4 - Release Notes - +======================================================================================================================== +Release 3.4.1 +======================================================================================================================== -INTRODUCTION: -============= +Version 3.4.1 is a minor release. -JEXL is a library intended to facilitate the implementation of dynamic and scripting features in -applications and frameworks written in Java. +Compatibility with previous releases +==================================== +Version 3.4.1 is source and binary compatible with 3.4. -JEXL implements an Expression Language based on some extensions to the JSTL Expression Language supporting most of the -constructs seen in shell-script or ECMAScript. -Its goal is to expose scripting features usable by technical operatives or consultants working with enterprise platforms. +What's new in 3.4.1: +==================== +Operator overloading has been enhanced so that overloading compare() will benefit all comparison operators. +A feature flag has been introduced to allow pass-by-reference of captured variables closely mimicking +EcmaScript behavior. +New Features in 3.4.1: +====================== +* JEXL-428: Make Comparable object high priority while comparing +* JEXL-427: Avoid coercing logical expressions to boolean +* JEXL-426: Enable pass-by-reference for Captured Variables - https://commons.apache.org/jexl/ +Bugs Fixed in 3.4.1: +==================== +* JEXL-435: Changed behavior of empty operator overloading +* JEXL-434: The safe-access array operator is not safe +* JEXL-433: Debugger does not accept empty return statement +* JEXL-432: Namespace functors are not cleared when the classloader is updated +* JEXL-431: Parse error with variables declared in a catch clause +* JEXL-429: Ternary expression regression +* JEXL-425: Multiline format literals does not always return string + +Changes in 3.4.1: +================= +o Replace NumberParser use of Locale.ENGLISH with Locale.ROOT +o Bump org.apache.commons:commons-parent from 71 to 78 +o Bump commons-logging:commons-logging from 1.3.2 to 1.3.4 +o Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.23 to 1.24 +o Bump org.apache.commons:commons-lang3 from 3.14.0 to 3.17.0 +o Bump org.hamcrest:hamcrest from 2.2 to 3.0 +o Bump org.ow2.asm:asm from 9.7 to 9.7.1 ======================================================================================================================== Release 3.4 @@ -185,6 +101,7 @@ New Features in 3.4: * JEXL-404: Support array-access safe navigation (x?[y]) * JEXL-401: Captured variables should be read-only * JEXL-398: Allow 'trailing commas' or ellipsis while defining array, map and set literals +o Add Maven property project.build.outputTimestamp for build reproducibility. Thanks to Gary Gregory. Bugs Fixed in 3.4: ================== @@ -199,6 +116,19 @@ Bugs Fixed in 3.4: * JEXL-405: Recursive functions corrupt evaluation frame if reassigned * JEXL-403: Exception while evaluating template literal used in array assignment in loop. * JEXL-402: parse failed with empty return value. +o [StepSecurity] ci: Harden GitHub Actions #180. Thanks to step-security-bot, Gary Gregory. +o Guard logging calls. Thanks to PMD, Gary Gregory. +o Deprecate SimpleNode.SimpleNode(Parser, int) in favor of SimpleNode.SimpleNode(int). Thanks to PMD, Gary Gregory. +o Deprecate JexlNode.JexlNode(Parser, int) in favor of JexlNode.JexlNode(int). Thanks to PMD, Gary Gregory. + +Changes in 3.4: +=============== +o Bump commons-parent from 67 to 69. Thanks to dependabot. +o Bump github actions. Thanks to dependabot. +o Bump commons-parent from 57 to 70. Thanks to Gary Gregory, Dependabot. +o Bump org.ow2.asm:asm from 9.5 to 9.7 #200, #242. Thanks to dependabot. +o Bump commons-logging from 1.2 to 1.3.2 #241, #255. Thanks to Gary Gregory, Dependabot. +o Bump com.google.code.gson:gson from 2.10.1 to 2.11.0 #258. Thanks to Gary Gregory, Dependabot. ======================================================================================================================== Release 3.3 diff --git a/src/changes/changes.xml b/src/changes/changes.xml index 953a3115d..263347a82 100644 --- a/src/changes/changes.xml +++ b/src/changes/changes.xml @@ -29,6 +29,9 @@ + + Changed behavior of empty operator overloading + Action> The safe-access array operator is not safe @@ -36,7 +39,7 @@ Debugger does not accept empty return statement - PNamespace functors are not cleared when the classloader is updated + Namespace functors are not cleared when the classloader is updated Parse error with variables declared in a catch clause @@ -47,7 +50,9 @@ Multiline format literals does not always return string - Replace NumberParser use of Locale.ENGLISH with Locale.ROOT. + + Replace NumberParser use of Locale.ENGLISH with Locale.ROOT. + Make Comparable object high priority while comparing diff --git a/src/main/java/org/apache/commons/jexl3/internal/Operator.java b/src/main/java/org/apache/commons/jexl3/internal/Operator.java index c31ccd1b6..967db1646 100644 --- a/src/main/java/org/apache/commons/jexl3/internal/Operator.java +++ b/src/main/java/org/apache/commons/jexl3/internal/Operator.java @@ -291,7 +291,7 @@ public Object empty(final JexlCache.Reference node, final Object object) { } } } - return !(result instanceof Boolean) || (Boolean) result; + return result; } @Override diff --git a/src/test/java/org/apache/commons/jexl3/Issues400Test.java b/src/test/java/org/apache/commons/jexl3/Issues400Test.java index 1d9880129..b86fc6e91 100644 --- a/src/test/java/org/apache/commons/jexl3/Issues400Test.java +++ b/src/test/java/org/apache/commons/jexl3/Issues400Test.java @@ -555,5 +555,29 @@ void test434() { assertNotNull(script); final Object result = script.execute(null); assertNull(result); + + } + + public static class Arithmetic435 extends JexlArithmetic { + public Arithmetic435(boolean strict) { + super(strict); + } + public Object empty(String type) { + if ("list".equals(type)) { + return Collections.emptyList(); + } + return null; + } + } + + @Test + void test() { + JexlArithmetic arithmetic = new Arithmetic435(true); + JexlEngine jexl = new JexlBuilder().arithmetic(arithmetic).create(); + final String src = "empty('list')"; + final JexlScript script = jexl.createScript(src); + assertNotNull(script); + final Object result = script.execute(null); + assertInstanceOf(List.class, result); } }