fix: restrict expression side effects (#72)

Frnd-me · web-flow · commit e29a399226dc · 2025-12-17T14:21:39.000+01:00
diff --git a/src/main/java/at/ac/uibk/dps/cirrina/execution/object/expression/JexlExpression.java b/src/main/java/at/ac/uibk/dps/cirrina/execution/object/expression/JexlExpression.java
@@ -1,7 +1,6 @@
 package at.ac.uibk.dps.cirrina.execution.object.expression;
 
 import at.ac.uibk.dps.cirrina.execution.object.context.Extent;
-import java.io.IOException;
 import java.lang.reflect.Array;
 import java.util.Collection;
 import java.util.HashMap;
@@ -62,7 +61,7 @@ private static JexlEngine getJexlEngine() {
     namespaces.put("math", Math.class); // Enable math methods, e.g. math:sin(x), math:min(x, y), math:random()
     namespaces.put("std", Stdlib.class);
 
-    var features = new JexlFeatures().sideEffectGlobal(true).sideEffect(true);
+    var features = new JexlFeatures().sideEffectGlobal(false).sideEffect(false);
 
     return new JexlBuilder()
       .arithmetic(new CsmlArithmetic(true))
@@ -110,13 +109,7 @@ public Object get(String key) {
     }
 
     @Override
-    public void set(String key, Object value) {
-      try {
-        extent.trySet(key, value);
-      } catch (IOException e) {
-        throw new NoSuchElementException(String.format("Variable not found: %s", key));
-      }
-    }
+    public void set(String key, Object value) {}
 
     @Override
     public boolean has(String key) {
diff --git a/src/test/java/at/ac/uibk/dps/cirrina/execution/object/expression/ExpressionTest.java b/src/test/java/at/ac/uibk/dps/cirrina/execution/object/expression/ExpressionTest.java
@@ -64,57 +64,29 @@ void testArrayArithmetic() {
         // Array with 1, 2, 3
         context.create("someArray", ExpressionBuilder.from("[1, 2, 3]").build().execute(extent));
 
-        // Add 4, 5, 6
-        ExpressionBuilder.from("someArray = someArray + [4]").build().execute(extent);
-        ExpressionBuilder.from("someArray = someArray + {5}").build().execute(extent);
-        ExpressionBuilder.from("someArray = someArray + [6, ...]").build().execute(extent);
+        final var ex = "someArray + [4] + {5} + [6, ...]";
 
         assertArrayEquals(
           new Object[] { 1, 2, 3, 4, 5, 6 },
-          (Object[]) extent.resolve("someArray").get()
+          (Object[]) ExpressionBuilder.from(ex).build().execute(extent)
         );
 
-        // Assert presence
-        assertEquals(true, ExpressionBuilder.from("someArray.contains(1)").build().execute(extent));
-        assertEquals(true, ExpressionBuilder.from("someArray.contains(2)").build().execute(extent));
-        assertEquals(true, ExpressionBuilder.from("someArray.contains(3)").build().execute(extent));
-        assertEquals(true, ExpressionBuilder.from("someArray.contains(4)").build().execute(extent));
-        assertEquals(true, ExpressionBuilder.from("someArray.contains(5)").build().execute(extent));
-        assertEquals(true, ExpressionBuilder.from("someArray.contains(6)").build().execute(extent));
-
         // Remove 4
-        ExpressionBuilder.from("someArray = someArray - [4]").build().execute(extent);
-
         assertArrayEquals(
           new Object[] { 1, 2, 3, 5, 6 },
-          (Object[]) extent.resolve("someArray").get()
+          (Object[]) ExpressionBuilder.from(ex + " - [4]").build().execute(extent)
         );
 
         // Remove 5
-        ExpressionBuilder.from("someArray = someArray - {5}").build().execute(extent);
-
         assertArrayEquals(
           new Object[] { 1, 2, 3, 6 },
-          (Object[]) extent.resolve("someArray").get()
+          (Object[]) ExpressionBuilder.from(ex + " - [4] - {5}").build().execute(extent)
         );
 
         // Remove 6
-        ExpressionBuilder.from("someArray = someArray - [6, ...]").build().execute(extent);
-
-        assertArrayEquals(new Object[] { 1, 2, 3 }, (Object[]) extent.resolve("someArray").get());
-
-        // Assert absence
-        assertEquals(
-          false,
-          ExpressionBuilder.from("someArray.contains(4)").build().execute(extent)
-        );
-        assertEquals(
-          false,
-          ExpressionBuilder.from("someArray.contains(5)").build().execute(extent)
-        );
-        assertEquals(
-          false,
-          ExpressionBuilder.from("someArray.contains(6)").build().execute(extent)
+        assertArrayEquals(
+          new Object[] { 1, 2, 3 },
+          (Object[]) ExpressionBuilder.from(ex + " - [4] - {5} - [6, ...]").build().execute(extent)
         );
       });
     }
@@ -132,40 +104,30 @@ void testListArithmetic() {
           ExpressionBuilder.from("[1, 2, 3, ...]").build().execute(extent)
         );
 
-        // Add 4, 5, 6
-        ExpressionBuilder.from("someList = someList + [4]").build().execute(extent);
-        ExpressionBuilder.from("someList = someList + {5}").build().execute(extent);
-        ExpressionBuilder.from("someList = someList + [6, ...]").build().execute(extent);
-
-        assertIterableEquals(List.of(1, 2, 3, 4, 5, 6), (List<?>) extent.resolve("someList").get());
+        final var ex = "someList + [4] + {5} + [6, ...]";
 
-        // Assert presence
-        assertEquals(true, ExpressionBuilder.from("someList.contains(1)").build().execute(extent));
-        assertEquals(true, ExpressionBuilder.from("someList.contains(2)").build().execute(extent));
-        assertEquals(true, ExpressionBuilder.from("someList.contains(3)").build().execute(extent));
-        assertEquals(true, ExpressionBuilder.from("someList.contains(4)").build().execute(extent));
-        assertEquals(true, ExpressionBuilder.from("someList.contains(5)").build().execute(extent));
-        assertEquals(true, ExpressionBuilder.from("someList.contains(6)").build().execute(extent));
+        assertIterableEquals(
+          List.of(1, 2, 3, 4, 5, 6),
+          (List<?>) ExpressionBuilder.from(ex).build().execute(extent)
+        );
 
         // Remove 4
-        ExpressionBuilder.from("someList = someList - [4]").build().execute(extent);
-
-        assertIterableEquals(List.of(1, 2, 3, 5, 6), (List<?>) extent.resolve("someList").get());
+        assertIterableEquals(
+          List.of(1, 2, 3, 5, 6),
+          (List<?>) ExpressionBuilder.from(ex + " - [4]").build().execute(extent)
+        );
 
         // Remove 5
-        ExpressionBuilder.from("someList = someList - {5}").build().execute(extent);
-
-        assertIterableEquals(List.of(1, 2, 3, 6), (List<?>) extent.resolve("someList").get());
+        assertIterableEquals(
+          List.of(1, 2, 3, 6),
+          (List<?>) ExpressionBuilder.from(ex + " - [4] - {5}").build().execute(extent)
+        );
 
         // Remove 6
-        ExpressionBuilder.from("someList = someList - [6, ...]").build().execute(extent);
-
-        assertIterableEquals(List.of(1, 2, 3), (List<?>) extent.resolve("someList").get());
-
-        // Assert absence
-        assertEquals(false, ExpressionBuilder.from("someList.contains(4)").build().execute(extent));
-        assertEquals(false, ExpressionBuilder.from("someList.contains(5)").build().execute(extent));
-        assertEquals(false, ExpressionBuilder.from("someList.contains(6)").build().execute(extent));
+        assertIterableEquals(
+          List.of(1, 2, 3),
+          (List<?>) ExpressionBuilder.from(ex + " - [4] - {5} - [6, ...]").build().execute(extent)
+        );
       });
     }
   }
@@ -177,54 +139,32 @@ void testSetArithmetic() {
         var extent = new Extent(context);
 
         // Set with 1, 2, 3
-        context.create("someList", ExpressionBuilder.from("{1, 2, 3}").build().execute(extent));
+        context.create("someSet", ExpressionBuilder.from("{1, 2, 3}").build().execute(extent));
 
-        // Add 4, 5, 6
-        ExpressionBuilder.from("someList = someList + [4]").build().execute(extent);
-        ExpressionBuilder.from("someList = someList + {5}").build().execute(extent);
-        ExpressionBuilder.from("someList = someList + [6, ...]").build().execute(extent);
+        final var ex = "someSet + [4] + {5} + [6, ...]";
 
         assertIterableEquals(
           new LinkedHashSet<>(List.of(1, 2, 3, 4, 5, 6)),
-          (Set<?>) extent.resolve("someList").get()
+          (Set<?>) ExpressionBuilder.from(ex).build().execute(extent)
         );
 
-        // Assert presence
-        assertEquals(true, ExpressionBuilder.from("someList.contains(1)").build().execute(extent));
-        assertEquals(true, ExpressionBuilder.from("someList.contains(2)").build().execute(extent));
-        assertEquals(true, ExpressionBuilder.from("someList.contains(3)").build().execute(extent));
-        assertEquals(true, ExpressionBuilder.from("someList.contains(4)").build().execute(extent));
-        assertEquals(true, ExpressionBuilder.from("someList.contains(5)").build().execute(extent));
-        assertEquals(true, ExpressionBuilder.from("someList.contains(6)").build().execute(extent));
-
         // Remove 4
-        ExpressionBuilder.from("someList = someList - [4]").build().execute(extent);
-
         assertIterableEquals(
           new LinkedHashSet<>(List.of(1, 2, 3, 5, 6)),
-          (Set<?>) extent.resolve("someList").get()
+          (Set<?>) ExpressionBuilder.from(ex + " - [4]").build().execute(extent)
         );
 
         // Remove 5
-        ExpressionBuilder.from("someList = someList - {5}").build().execute(extent);
-
         assertIterableEquals(
           new LinkedHashSet<>(List.of(1, 2, 3, 6)),
-          (Set<?>) extent.resolve("someList").get()
+          (Set<?>) ExpressionBuilder.from(ex + " - [4] - {5}").build().execute(extent)
         );
 
         // Remove 6
-        ExpressionBuilder.from("someList = someList - [6, ...]").build().execute(extent);
-
         assertIterableEquals(
           new LinkedHashSet<>(List.of(1, 2, 3)),
-          (Set<?>) extent.resolve("someList").get()
+          (Set<?>) ExpressionBuilder.from(ex + " - [4] - {5} - [6, ...]").build().execute(extent)
         );
-
-        // Assert absence
-        assertEquals(false, ExpressionBuilder.from("someList.contains(4)").build().execute(extent));
-        assertEquals(false, ExpressionBuilder.from("someList.contains(5)").build().execute(extent));
-        assertEquals(false, ExpressionBuilder.from("someList.contains(6)").build().execute(extent));
       });
     }
   }
@@ -238,57 +178,52 @@ void testMapArithmetic() {
         // Map with 1:2
         context.create("someMap", ExpressionBuilder.from("{1:2}").build().execute(extent));
 
-        // Add 3:4, 5:6, 7:8, 9:10, 11:12
-        ExpressionBuilder.from("someMap = someMap + {3:4}").build().execute(extent);
-        ExpressionBuilder.from("someMap = someMap + {5:6}").build().execute(extent);
-        ExpressionBuilder.from("someMap = someMap + {7:8}").build().execute(extent);
-        ExpressionBuilder.from("someMap = someMap + {9:10}").build().execute(extent);
-        ExpressionBuilder.from("someMap = someMap + {11:12}").build().execute(extent);
+        final var ex = "(someMap + {3:4} + {5:6} + {7:8} + {9:10} + {11:12})";
 
         assertEquals(
           Map.of(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12),
-          extent.resolve("someMap").get()
+          ExpressionBuilder.from(ex).build().execute(extent)
         );
 
         // Assert presence
-        assertEquals(true, ExpressionBuilder.from("someMap.contains(1)").build().execute(extent));
-        assertEquals(true, ExpressionBuilder.from("someMap.contains(3)").build().execute(extent));
-        assertEquals(true, ExpressionBuilder.from("someMap.contains(5)").build().execute(extent));
-        assertEquals(true, ExpressionBuilder.from("someMap.contains(7)").build().execute(extent));
-        assertEquals(true, ExpressionBuilder.from("someMap.contains(9)").build().execute(extent));
-        assertEquals(true, ExpressionBuilder.from("someMap.contains(11)").build().execute(extent));
+        assertEquals(true, ExpressionBuilder.from(ex + ".contains(1)").build().execute(extent));
+        assertEquals(true, ExpressionBuilder.from(ex + ".contains(3)").build().execute(extent));
+        assertEquals(true, ExpressionBuilder.from(ex + ".contains(5)").build().execute(extent));
+        assertEquals(true, ExpressionBuilder.from(ex + ".contains(7)").build().execute(extent));
+        assertEquals(true, ExpressionBuilder.from(ex + ".contains(9)").build().execute(extent));
+        assertEquals(true, ExpressionBuilder.from(ex + ".contains(11)").build().execute(extent));
 
         // Remove 3:4
-        ExpressionBuilder.from("someMap = someMap - {3:4}").build().execute(extent);
-
-        assertEquals(Map.of(1, 2, 5, 6, 7, 8, 9, 10, 11, 12), extent.resolve("someMap").get());
+        assertEquals(
+          Map.of(1, 2, 5, 6, 7, 8, 9, 10, 11, 12),
+          ExpressionBuilder.from(ex + " - {3:4}").build().execute(extent)
+        );
 
         // Remove 5:6
-        ExpressionBuilder.from("someMap = someMap - [5]").build().execute(extent);
-
-        assertEquals(Map.of(1, 2, 7, 8, 9, 10, 11, 12), extent.resolve("someMap").get());
+        assertEquals(
+          Map.of(1, 2, 7, 8, 9, 10, 11, 12),
+          ExpressionBuilder.from(ex + " - {3:4} - [5]").build().execute(extent)
+        );
 
         // Remove 7:8
-        ExpressionBuilder.from("someMap = someMap - [7, ...]").build().execute(extent);
-
-        assertEquals(Map.of(1, 2, 9, 10, 11, 12), extent.resolve("someMap").get());
+        assertEquals(
+          Map.of(1, 2, 9, 10, 11, 12),
+          ExpressionBuilder.from(ex + " - {3:4} - [5] - [7, ...]").build().execute(extent)
+        );
 
         // Remove 9:10
-        ExpressionBuilder.from("someMap = someMap - {9}").build().execute(extent);
-
-        assertEquals(Map.of(1, 2, 11, 12), extent.resolve("someMap").get());
+        assertEquals(
+          Map.of(1, 2, 11, 12),
+          ExpressionBuilder.from(ex + " - {3:4} - [5] - [7, ...] - {9}").build().execute(extent)
+        );
 
         // Remove 11:12
-        ExpressionBuilder.from("someMap = someMap - 11").build().execute(extent);
-
-        assertEquals(Map.of(1, 2), extent.resolve("someMap").get());
-
-        // Assert absence
-        assertEquals(false, ExpressionBuilder.from("someMap.contains(3)").build().execute(extent));
-        assertEquals(false, ExpressionBuilder.from("someMap.contains(5)").build().execute(extent));
-        assertEquals(false, ExpressionBuilder.from("someMap.contains(7)").build().execute(extent));
-        assertEquals(false, ExpressionBuilder.from("someMap.contains(9)").build().execute(extent));
-        assertEquals(false, ExpressionBuilder.from("someMap.contains(11)").build().execute(extent));
+        assertEquals(
+          Map.of(1, 2),
+          ExpressionBuilder.from(ex + " - {3:4} - {3:4} - [5] - [7, ...] - {9} - 11")
+            .build()
+            .execute(extent)
+        );
       });
     }
   }
@@ -315,21 +250,6 @@ void testUtility() throws Exception {
     }
   }
 
-  @Test
-  void testMultiLineExpression() throws Exception {
-    try (var context = new InMemoryContext(true)) {
-      assertDoesNotThrow(() -> {
-        var extent = new Extent(context);
-
-        context.create("varOneInt", 1);
-
-        var multiLineExpression =
-          "let varExpressionLocal = 1; varExpressionLocal += varOneInt; varExpressionLocal";
-        assertEquals(2, ExpressionBuilder.from(multiLineExpression).build().execute(extent));
-      });
-    }
-  }
-
   @Test
   void testExpressionUsingNamespace() throws Exception {
     try (var context = new InMemoryContext(true)) {
@@ -348,6 +268,12 @@ void testExpressionNegative() throws Exception {
       assertThrows(UnsupportedOperationException.class, () ->
         ExpressionBuilder.from("1 + ").build().execute(extent)
       );
+      assertThrows(UnsupportedOperationException.class, () ->
+        ExpressionBuilder.from("varOneInt = 2").build().execute(extent)
+      );
+      assertThrows(UnsupportedOperationException.class, () ->
+        ExpressionBuilder.from("let varOneInt = 2").build().execute(extent)
+      );
 
       // Throws at runtime
       assertThrows(UnsupportedOperationException.class, () ->
@@ -362,9 +288,6 @@ void testExpressionNegative() throws Exception {
       assertThrows(UnsupportedOperationException.class, () ->
         ExpressionBuilder.from("varInvalid + 1").build().execute(extent)
       );
-      assertThrows(UnsupportedOperationException.class, () ->
-        ExpressionBuilder.from("let varTemp = varInvalid; varTemp").build().execute(extent)
-      );
     }
   }
 }
