From fb5fff03620dce3004416e83a664c5fe80c9d136 Mon Sep 17 00:00:00 2001 From: thc202 Date: Tue, 29 Aug 2023 18:08:19 +0100 Subject: [PATCH] graaljs: update Graal JavaScript engine Update to latest version (for Java 11) and set the add-on class loader directly to the context. Related to zaproxy/zaproxy#7960. Signed-off-by: thc202 --- addOns/graaljs/CHANGELOG.md | 3 ++- addOns/graaljs/graaljs.gradle.kts | 2 +- .../graaljs/GraalJsEngineWrapper.java | 26 ++++++++----------- 3 files changed, 14 insertions(+), 17 deletions(-) diff --git a/addOns/graaljs/CHANGELOG.md b/addOns/graaljs/CHANGELOG.md index f813d903076..697fe840402 100644 --- a/addOns/graaljs/CHANGELOG.md +++ b/addOns/graaljs/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update Graal JavaScript engine. ## [0.4.0] - 2023-07-11 ### Added diff --git a/addOns/graaljs/graaljs.gradle.kts b/addOns/graaljs/graaljs.gradle.kts index 1248d2dc4cc..58880c203f1 100644 --- a/addOns/graaljs/graaljs.gradle.kts +++ b/addOns/graaljs/graaljs.gradle.kts @@ -28,7 +28,7 @@ crowdin { } dependencies { - val graalJsVersion = "20.2.0" + val graalJsVersion = "22.3.3" implementation("org.graalvm.js:js:$graalJsVersion") implementation("org.graalvm.js:js-scriptengine:$graalJsVersion") implementation("org.javadelight:delight-graaljs-sandbox:0.1.2") diff --git a/addOns/graaljs/src/main/java/org/zaproxy/zap/extension/graaljs/GraalJsEngineWrapper.java b/addOns/graaljs/src/main/java/org/zaproxy/zap/extension/graaljs/GraalJsEngineWrapper.java index 8d3a2f135a3..f181a74dfa8 100644 --- a/addOns/graaljs/src/main/java/org/zaproxy/zap/extension/graaljs/GraalJsEngineWrapper.java +++ b/addOns/graaljs/src/main/java/org/zaproxy/zap/extension/graaljs/GraalJsEngineWrapper.java @@ -25,10 +25,11 @@ import java.util.List; import java.util.Objects; import javax.script.ScriptEngine; -import javax.script.ScriptException; import javax.swing.ImageIcon; import org.fife.ui.rsyntaxtextarea.SyntaxConstants; import org.graalvm.polyglot.Context; +import org.graalvm.polyglot.Engine; +import org.zaproxy.zap.control.ExtensionFactory; import org.zaproxy.zap.extension.script.DefaultEngineWrapper; import org.zaproxy.zap.extension.script.ScriptWrapper; @@ -61,6 +62,12 @@ public String getSyntaxStyle() { @Override public ScriptEngine getEngine() { + Engine engine = + Engine.newBuilder() + .allowExperimentalOptions(true) + .option("engine.WarnInterpreterOnly", "false") + .build(); + Context.Builder contextBuilder = Context.newBuilder("js") .allowExperimentalOptions(true) @@ -68,21 +75,10 @@ public ScriptEngine getEngine() { .option("js.load", "true") .option("js.print", "true") .option("js.nashorn-compat", "true") - .allowAllAccess(true); + .allowAllAccess(true) + .hostClassLoader(ExtensionFactory.getAddOnLoader()); - ScriptEngine se = GraalJSScriptEngine.create(null, contextBuilder); - - // Force use of own (add-on) class loader - // https://github.com/graalvm/graaljs/issues/182 - ClassLoader previousContextClassLoader = Thread.currentThread().getContextClassLoader(); - Thread.currentThread().setContextClassLoader(getClass().getClassLoader()); - try { - se.eval(""); - } catch (ScriptException ignore) { - } finally { - Thread.currentThread().setContextClassLoader(previousContextClassLoader); - } - return se; + return GraalJSScriptEngine.create(engine, contextBuilder); } @Override