[Improvement] change js engine (#15747)

* change js engine * add dependent jar
apache · Mar 22, 2024 · 99a2461 · 99a2461
1 parent f7358c3
commit 99a2461
Show file tree

Hide file tree

Showing 7 changed files with 936 additions and 34 deletions.
diff --git a/dolphinscheduler-bom/pom.xml b/dolphinscheduler-bom/pom.xml
@@ -123,6 +123,7 @@
         <checker-qual.version>3.19.0</checker-qual.version>
         <zeppelin-client.version>0.10.1</zeppelin-client.version>
         <aliyun-voice.version>2.1.4</aliyun-voice.version>
+        <nashorn-sandbox.version>0.3.2</nashorn-sandbox.version>
     </properties>
 
     <dependencyManagement>
@@ -966,6 +967,12 @@
                 <artifactId>dyvmsapi20170525</artifactId>
                 <version>${aliyun-voice.version}</version>
             </dependency>
+
+            <dependency>
+                <groupId>org.javadelight</groupId>
+                <artifactId>delight-nashorn-sandbox</artifactId>
+                <version>${nashorn-sandbox.version}</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>
 

diff --git a/dolphinscheduler-common/pom.xml b/dolphinscheduler-common/pom.xml
@@ -177,5 +177,10 @@
                 </exclusion>
             </exclusions>
         </dependency>
+
+        <dependency>
+            <groupId>org.javadelight</groupId>
+            <artifactId>delight-nashorn-sandbox</artifactId>
+        </dependency>
     </dependencies>
 </project>
diff --git a/dolphinscheduler-dist/release-docs/LICENSE b/dolphinscheduler-dist/release-docs/LICENSE
@@ -572,6 +572,7 @@ The text of each license is also included at licenses/LICENSE-[project].txt.
     tea-rpc 0.0.11.jar https://github.com/aliyun/aliyun-openapi-java-sdk/blob/master/README.md#license Apache 2.0
     tea-rpc-util 0.1.3.jar https://github.com/aliyun/aliyun-openapi-java-sdk/blob/master/README.md#license Apache 2.0
     tea-util 0.2.13.jar https://github.com/aliyun/aliyun-openapi-java-sdk/blob/master/README.md#license Apache 2.0
+    delight-nashorn-sandbox 0.3.2 https://github.com/javadelight/delight-nashorn-sandbox/blob/master/README.md#license Apache 2.0
 
 
 

diff --git a/dolphinscheduler-dist/release-docs/licenses/LICENSE-delight-nashorn-sandbox.TXT b/dolphinscheduler-dist/release-docs/licenses/LICENSE-delight-nashorn-sandbox.TXT
diff --git a/...master/src/main/java/org/apache/dolphinscheduler/server/master/utils/SwitchTaskUtils.java b/...master/src/main/java/org/apache/dolphinscheduler/server/master/utils/SwitchTaskUtils.java
@@ -23,46 +23,30 @@
 import org.apache.commons.collections4.MapUtils;
 
 import java.util.Map;
-import java.util.Set;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
-import javax.script.ScriptEngine;
-import javax.script.ScriptEngineManager;
 import javax.script.ScriptException;
 
 import lombok.extern.slf4j.Slf4j;
 
 import com.google.common.collect.Maps;
-import com.google.common.collect.Sets;
+
+import delight.nashornsandbox.NashornSandbox;
+import delight.nashornsandbox.NashornSandboxes;
 
 @Slf4j
 public class SwitchTaskUtils {
 
-    private static final ScriptEngineManager manager;
-    private static final ScriptEngine engine;
+    private static final NashornSandbox sandbox;
     private static final String rgex = "['\"]*\\$\\{(.*?)\\}['\"]*";
 
-    private static final Set<String> blackKeySet = Sets.newHashSet(
-            "java",
-            "invoke",
-            "new",
-            "eval",
-            "function",
-            "import",
-            ".",
-            "()",
-            "[",
-            "]",
-            "\\\\");
-
     static {
-        manager = new ScriptEngineManager();
-        engine = manager.getEngineByName("js");
+        sandbox = NashornSandboxes.create();
     }
 
     public static boolean evaluate(String expression) throws ScriptException {
-        Object result = engine.eval(expression);
+        Object result = sandbox.eval(expression);
         return Boolean.TRUE.equals(result);
     }
 
@@ -98,12 +82,6 @@ public static String generateContentWithTaskParams(String condition, Map<String,
             content = content.replace("${" + paramName + "}", value);
         }
 
-        for (String blackKey : blackKeySet) {
-            if (content.contains(blackKey)) {
-                throw new IllegalArgumentException("condition is not valid, please check it. condition: " + condition);
-            }
-        }
-
         // if not replace any params, throw exception to avoid illegal condition
         if (originContent.equals(content)) {
             throw new IllegalArgumentException("condition is not valid, please check it. condition: " + condition);

diff --git a/...er/src/test/java/org/apache/dolphinscheduler/server/master/utils/SwitchTaskUtilsTest.java b/...er/src/test/java/org/apache/dolphinscheduler/server/master/utils/SwitchTaskUtilsTest.java
@@ -24,6 +24,8 @@
 import java.util.HashMap;
 import java.util.Map;
 
+import javax.script.ScriptException;
+
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
 
@@ -53,16 +55,19 @@ public void testIllegalCondition() {
         });
 
         String cmd = "bash /tmp/shell";
-        String cmdContent = "java.lang.Runtime.getRuntime().exec(\"${cmd}\")";
+        String cmdContent = "java.lang.Runtime.getRuntime().exec(${cmd})";
         globalParams.put("cmd", new Property("cmd", Direct.IN, DataType.VARCHAR, cmd));
-        Assertions.assertThrowsExactly(IllegalArgumentException.class, () -> {
-            SwitchTaskUtils.generateContentWithTaskParams(cmdContent, globalParams, varParams);
+
+        Assertions.assertThrowsExactly(RuntimeException.class, () -> {
+            String script = SwitchTaskUtils.generateContentWithTaskParams(cmdContent, globalParams, varParams);
+            SwitchTaskUtils.evaluate(script);
         });
 
         String contentWithUnicode =
-                "\\\\u006a\\\\u0061\\\\u0076\\\\u0061\\\\u002e\\\\u006c\\\\u0061\\\\u006e\\\\u0067\\\\u002e\\\\u0052\\\\u0075\\\\u006e\\\\u0074\\\\u0069\\\\u006d\\\\u0065.getRuntime().exec(\\\"open -a Calculator.app\\";
-        Assertions.assertThrowsExactly(IllegalArgumentException.class, () -> {
-            SwitchTaskUtils.generateContentWithTaskParams(contentWithUnicode, globalParams, varParams);
+                "\\\\u006a\\\\u0061\\\\u0076\\\\u0061\\\\u002e\\\\u006c\\\\u0061\\\\u006e\\\\u0067\\\\u002e\\\\u0052\\\\u0075\\\\u006e\\\\u0074\\\\u0069\\\\u006d\\\\u0065.getRuntime().exec(${cmd})";
+        Assertions.assertThrowsExactly(ScriptException.class, () -> {
+            String script = SwitchTaskUtils.generateContentWithTaskParams(contentWithUnicode, globalParams, varParams);
+            SwitchTaskUtils.evaluate(script);
         });
 
         String contentWithSpecify1 = "cmd.abc";

diff --git a/tools/dependencies/known-dependencies.txt b/tools/dependencies/known-dependencies.txt
@@ -499,4 +499,27 @@ tea-util-0.2.13.jar
 dom4j-2.1.3.jar
 jaxb-core-2.3.0.jar
 jaxb-impl-2.3.0.jar
+delight-nashorn-sandbox-0.3.2.jar
+abbrev-1.1.1.jar
+balanced-match-1.0.2.jar
+brace-expansion-2.0.1.jar
+commander-2.20.3.jar
+config-chain-1.1.13.jar
+editorconfig-0.15.3.jar
+fs.realpath-1.0.0.jar
+glob-8.1.0.jar
+inflight-1.0.6.jar
+inherits-2.0.4.jar
+ini-1.3.8.jar
+js-beautify-1.14.7.jar
+lru-cache-4.1.5.jar
+minimatch-5.1.6.jar
+nopt-6.0.0.jar
+once-1.4.0.jar
+proto-list-1.2.4.jar
+pseudomap-1.0.2.jar
+semver-5.7.2.jar
+sigmund-1.0.1.jar
+wrappy-1.0.2.jar
+yallist-2.1.2.jar