What is the purpose of allowImplementations HostAccess.Builder.allowImplementations ?

[tporeba]

I don't understand how does HostAccess.Builder#allowImplementations (and similar allowAllImplementations) work.

I have following context configuration:

Context.newBuilder("js")
.allowHostAccess(
   HostAccess.newBuilder()
      .allowAllImplementations(false)
      .allowArrayAccess(true)
      .allowListAccess(true)
      .allowPublicAccess(true)
      .build())
.build()

and still I can do this:

var R = Java.extend(Java.type("java.lang.Runnable"));
var r = new R(function(){print("hello");});
r.run();

This prints "hello".

I thought implementing java.lang.Runnable interface would be prohibited because of allowAllImplementations(false), shouldn't it?

[tporeba]

This permission doesn't seem to have any effect on passing JS function as an argument to a Java method:

Packages.com.example.Util.runIt(function(){
    print("hello runnable");
});

with

public class Util {
    public static void runIt(java.lang.Runnable x){
        x.run();
    }

This also works despite allowAllImplementations(false).

[woess]

Thanks for the report. Java.extend currently does not respect allowImplementations. This is a known issue that we want to address in the future. The second example looks like a bug. We'll investigate.

[wirthi]

This was implemented in 60cb438 and will be shipped as part of GraalVM 20.3.