From be9b424d1237fb368be81da764bdd065481007c1 Mon Sep 17 00:00:00 2001
From: Stefan Bodewig <bodewig@apache.org>
Date: Wed, 27 May 2020 18:08:19 +0200
Subject: [PATCH] relax some Graal.js Security rules for <script*>

---
 .../tools/ant/util/optional/JavaxScriptRunner.java    | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/main/org/apache/tools/ant/util/optional/JavaxScriptRunner.java b/src/main/org/apache/tools/ant/util/optional/JavaxScriptRunner.java
index d55a5b3c7..761e5c8cf 100644
--- a/src/main/org/apache/tools/ant/util/optional/JavaxScriptRunner.java
+++ b/src/main/org/apache/tools/ant/util/optional/JavaxScriptRunner.java
@@ -26,6 +26,7 @@ import java.util.stream.Collectors;
 import javax.script.Bindings;
 import javax.script.Compilable;
 import javax.script.CompiledScript;
+import javax.script.ScriptContext;
 import javax.script.ScriptEngine;
 import javax.script.ScriptEngineManager;
 import javax.script.SimpleBindings;
@@ -191,12 +192,22 @@ public class JavaxScriptRunner extends ScriptRunnerBase {
         }
         ScriptEngine result =
             new ScriptEngineManager().getEngineByName(getLanguage());
+        maybeApplyGraalJsProperties(result);
         if (result != null && getKeepEngine()) {
             this.keptEngine = result;
         }
         return result;
     }
 
+    private static final String DROP_GRAAL_SECURITY_RESTRICTIONS = "polyglot.js.allowAllAccess";
+
+    private void maybeApplyGraalJsProperties(final ScriptEngine engine) {
+        if (engine != null && engine.getClass().getName().contains("Graal")) {
+            engine.getBindings(ScriptContext.ENGINE_SCOPE)
+                .put(DROP_GRAAL_SECURITY_RESTRICTIONS, true);
+        }
+    }
+
     /**
      * Traverse a Throwable's cause(s) and return the BuildException
      * most deeply nested into it - if any.