Scripting: Add OSS whitelist to execute API (#67038)

* Scripting: Add OSS whitelist to execute API

* Ingest
* Score
* MovFn
* Json

Fixes: #67035

modules/lang-painless/src/main/java/org/elasticsearch/painless/PainlessPlugin.java

@@ -83,19 +83,30 @@ public final class PainlessPlugin extends Plugin implements ScriptPlugin, Extens
 
         // Moving Function Pipeline Agg
         List<Whitelist> movFn = new ArrayList<>(Whitelist.BASE_WHITELISTS);
-        movFn.add(WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.elasticsearch.aggs.movfn.txt"));
+        Whitelist movFnWhitelist = WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.elasticsearch.aggs.movfn.txt");
+        movFn.add(movFnWhitelist);
         map.put(MovingFunctionScript.CONTEXT, movFn);
 
         // Functions used for scoring docs
         List<Whitelist> scoreFn = new ArrayList<>(Whitelist.BASE_WHITELISTS);
-        scoreFn.add(WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.elasticsearch.score.txt"));
+        Whitelist scoreFnWhitelist = WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.elasticsearch.score.txt");
+        scoreFn.add(scoreFnWhitelist);
         map.put(ScoreScript.CONTEXT, scoreFn);
 
         // Functions available to ingest pipelines
         List<Whitelist> ingest = new ArrayList<>(Whitelist.BASE_WHITELISTS);
-        ingest.add(WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.elasticsearch.ingest.txt"));
+        Whitelist ingestWhitelist = WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.elasticsearch.ingest.txt");
+        ingest.add(ingestWhitelist);
         map.put(IngestScript.CONTEXT, ingest);
 
+        // Execute context gets everything
+        List<Whitelist> test = new ArrayList<>(Whitelist.BASE_WHITELISTS);
+        test.add(movFnWhitelist);
+        test.add(scoreFnWhitelist);
+        test.add(ingestWhitelist);
+        test.add(WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.elasticsearch.json.txt"));
+        map.put(PainlessExecuteAction.PainlessTestScript.CONTEXT, test);
+
         whitelists = map;
     }
 

modules/lang-painless/src/main/resources/org/elasticsearch/painless/spi/org.elasticsearch.json.txt

@@ -0,0 +1,24 @@
+#
+# Licensed to Elasticsearch under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+class org.elasticsearch.painless.api.Json {
+  def load(String)
+  String dump(def)
+  String dump(def, boolean)
+}

modules/lang-painless/src/test/java/org/elasticsearch/painless/action/PainlessExecuteApiTests.java

@@ -111,4 +111,28 @@ public class PainlessExecuteApiTests extends ESSingleNodeTestCase {
         assertThat(response.getResult(), equalTo(0.93D));
     }
 
+    public void testContextWhitelists() throws IOException {
+        ScriptService scriptService = getInstanceFromNode(ScriptService.class);
+        // score
+        Request request = new Request(new Script("sigmoid(1.0, 2.0, 3.0)"), null, null);
+        Response response = innerShardOperation(request, scriptService, null);
+        double result = Double.parseDouble((String)response.getResult());
+        assertEquals(0.111, result, 0.001);
+
+        // ingest
+        request = new Request(new Script("'foo'.sha1()"), null, null);
+        response = innerShardOperation(request, scriptService, null);
+        assertEquals("0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33", response.getResult());
+
+        // movfn
+        request = new Request(new Script("MovingFunctions.max(new double[]{1, 3, 2})"), null, null);
+        response = innerShardOperation(request, scriptService, null);
+        assertEquals(3.0, Double.parseDouble((String)response.getResult()), .1);
+
+        // json
+        request = new Request(new Script("Json.load('{\"a\": 1, \"b\": 2}')['b']"), null, null);
+        response = innerShardOperation(request, scriptService, null);
+        assertEquals(2, Integer.parseInt((String)response.getResult()));
+    }
+
 }