enable security manager in tests and upgrade to final jython 2.7.0

The previous rc version would try to execute /usr/bin/id...

dev-tools/tests.policy

@@ -1,54 +0,0 @@
-/*
- * Licensed to Elasticsearch under one or more contributor
- * license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright
- * ownership. Elasticsearch licenses this file to you under
- * the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-// Policy file to prevent tests from writing outside the test sandbox directory
-// PLEASE NOTE: You may need to enable other permissions when new tests are added,
-// everything not allowed here is forbidden!
-
-grant {
-  // permissions for file access, write access only to sandbox:
-  permission java.io.FilePermission "<<ALL FILES>>", "read,execute";
-  permission java.io.FilePermission "${junit4.childvm.cwd}", "read,execute,write";
-  permission java.io.FilePermission "${junit4.childvm.cwd}${/}-", "read,execute,write,delete";
-  permission java.io.FilePermission "${junit4.tempDir}${/}*", "read,execute,write,delete";
-  permission groovy.security.GroovyCodeSourcePermission "/groovy/script";
-
-  // Allow connecting to the internet anywhere
-  permission java.net.SocketPermission "*", "accept,listen,connect,resolve";
-
-  // Basic permissions needed for Lucene / Elasticsearch to work:
-  permission java.util.PropertyPermission "*", "read,write";
-  permission java.lang.reflect.ReflectPermission "*";
-  permission java.lang.RuntimePermission "*";
-
-  // These two *have* to be spelled out a separate
-  permission java.lang.management.ManagementPermission "control";
-  permission java.lang.management.ManagementPermission "monitor";
-
-  permission java.net.NetPermission "*";
-  permission java.util.logging.LoggingPermission "control";
-  permission javax.management.MBeanPermission "*", "*";
-  permission javax.management.MBeanServerPermission "*";
-  permission javax.management.MBeanTrustPermission "*";
-
-  // Needed for some things in DNS caching in the JVM
-  permission java.security.SecurityPermission "getProperty.networkaddress.cache.ttl";
-  permission java.security.SecurityPermission "getProperty.networkaddress.cache.negative.ttl";
-
-};

pom.xml

@@ -33,6 +33,7 @@
 
     <properties>
         <!-- You can add any specific project property here -->
+        <tests.security.manager>true</tests.security.manager>
     </properties>
 
     <dependencies>
@@ -57,7 +58,7 @@
         <dependency>
             <groupId>org.python</groupId>
             <artifactId>jython-standalone</artifactId>
-            <version>2.7-b3</version>
+            <version>2.7.0</version>
         </dependency>
 
         <dependency>

src/test/java/org/elasticsearch/script/python/PythonScriptSearchTests.java

@@ -41,7 +41,6 @@ import java.util.Map;
 
 import static org.elasticsearch.client.Requests.searchRequest;
 import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder;
-import static org.elasticsearch.index.query.FilterBuilders.scriptFilter;
 import static org.elasticsearch.index.query.QueryBuilders.*;
 import static org.elasticsearch.index.query.functionscore.ScoreFunctionBuilders.scriptFunction;
 import static org.elasticsearch.search.aggregations.AggregationBuilders.terms;
@@ -83,7 +82,7 @@ public class PythonScriptSearchTests extends ElasticsearchIntegrationTest {
 
         logger.info(" --> running doc['num1'].value > 1");
         SearchResponse response = client().prepareSearch()
-                .setQuery(filteredQuery(matchAllQuery(), scriptFilter("doc['num1'].value > 1").lang("python")))
+                .setQuery(filteredQuery(matchAllQuery(), scriptQuery("doc['num1'].value > 1").lang("python")))
                 .addSort("num1", SortOrder.ASC)
                 .addScriptField("sNum1", "python", "doc['num1'].value", null)
                 .execute().actionGet();
@@ -96,7 +95,7 @@ public class PythonScriptSearchTests extends ElasticsearchIntegrationTest {
 
         logger.info(" --> running doc['num1'].value > param1");
         response = client().prepareSearch()
-                .setQuery(filteredQuery(matchAllQuery(), scriptFilter("doc['num1'].value > param1").lang("python").addParam("param1", 2)))
+                .setQuery(filteredQuery(matchAllQuery(), scriptQuery("doc['num1'].value > param1").lang("python").addParam("param1", 2)))
                 .addSort("num1", SortOrder.ASC)
                 .addScriptField("sNum1", "python", "doc['num1'].value", null)
                 .execute().actionGet();
@@ -107,7 +106,7 @@ public class PythonScriptSearchTests extends ElasticsearchIntegrationTest {
 
         logger.info(" --> running doc['num1'].value > param1");
         response = client().prepareSearch()
-                .setQuery(filteredQuery(matchAllQuery(), scriptFilter("doc['num1'].value > param1").lang("python").addParam("param1", -1)))
+                .setQuery(filteredQuery(matchAllQuery(), scriptQuery("doc['num1'].value > param1").lang("python").addParam("param1", -1)))
                 .addSort("num1", SortOrder.ASC)
                 .addScriptField("sNum1", "python", "doc['num1'].value", null)
                 .execute().actionGet();