Made changes to restrict access to encrypted odaPassword from java script

data/org.eclipse.birt.report.engine.script.javascript/src/org/eclipse/birt/report/engine/javascript/JavascriptEngine.java

@@ -31,6 +31,7 @@
 import org.eclipse.birt.core.script.ScriptContext;
 import org.eclipse.birt.core.script.functionservice.IScriptFunctionContext;
 import org.eclipse.birt.data.engine.api.IDataScriptEngine;
+import org.eclipse.birt.report.model.core.JavaScriptExecutionStatus;
 import org.mozilla.javascript.Context;
 import org.mozilla.javascript.ImporterTopLevel;
 import org.mozilla.javascript.LazilyLoadedCtor;
@@ -286,6 +287,7 @@ public Object evaluate( ScriptContext scriptContext,
 		// .getScriptText( );
 		try
 		{
+			JavaScriptExecutionStatus.setExeucting(true);
 			Script script = ( (CompiledJavascript) compiledScript )
 					.getCompiledScript( );
 			Object value = script.exec( context, getJSScope( scriptContext ) );
@@ -300,6 +302,8 @@ public Object evaluate( ScriptContext scriptContext,
 			throw new CoreException( ResourceConstants.INVALID_EXPRESSION,
 					e.getMessage( ),
 					e );
+		}finally {
+			JavaScriptExecutionStatus.remove();
 		}
 	}
 

model/org.eclipse.birt.report.model/src/org/eclipse/birt/report/model/core/DesignElement.java

@@ -21,6 +21,7 @@
 import java.util.ListIterator;
 import java.util.Map;
 
+
 import org.eclipse.birt.report.model.api.DesignElementHandle;
 import org.eclipse.birt.report.model.api.ReportDesignHandle;
 import org.eclipse.birt.report.model.api.activity.NotificationEvent;
@@ -528,6 +529,8 @@ public abstract class DesignElement
 	 * this limit, the exceeding part will be shown as "...".
 	 */
 	private static final int MAX_DISPLAY_LABEL_LEN = 30;
+
+	private static final String ODA_PASSWORD = "odaPassword";
 
 	/**
 	 * Elements have an optional name. The name may be required by some element
@@ -965,12 +968,23 @@ public DesignElement getDynamicExtendsElement( Module module )
 
 	public Object getProperty( Module module, String propName )
 	{
+
+
+
 		ElementPropertyDefn prop = getPropertyDefn( propName );
 
 		// If the property is not found, then the value is null.
 
 		if ( prop == null )
 			return null;
+
+		if ( ODA_PASSWORD.contentEquals( propName )
+				&& prop.isEncryptable( ) && getEncryptionID( prop ) != null
+				&& JavaScriptExecutionStatus.isExecuting( ) )
+		{
+			throw new RuntimeException(
+					"Invalid operation: Can not access encrypted password from script" );
+		}
 
 		return getProperty( module, prop );
 	}

model/org.eclipse.birt.report.model/src/org/eclipse/birt/report/model/core/JavaScriptExecutionStatus.java

@@ -0,0 +1,38 @@
+
+package org.eclipse.birt.report.model.core;
+
+/**
+ * Represents whether the current thread is running a java script.
+ * 
+ * Restricting access to encrypted password from java script event handlers needs the
+ * context from where the encrypted password is accessed. This class provides the required
+ * context for differentiating encrypted password access from java script event handlers.
+ */
+
+public class JavaScriptExecutionStatus
+{
+
+	private static final ThreadLocal<Boolean> CURRENT = new ThreadLocal<Boolean>( ) {
+
+		protected Boolean initialValue( )
+		{
+			return false;
+		}
+	};
+
+	public static void setExeucting( boolean executionOnGoing )
+	{
+		CURRENT.set( executionOnGoing );
+	}
+
+	public static boolean isExecuting( )
+	{
+		return CURRENT.get( );
+	}
+
+	public static void remove( )
+	{
+		CURRENT.remove( );
+	}
+
+}