Examples with TrustedSources dev.jbang.net.TrustedSources used on opensource projects

Search in sources :

Example 1 with TrustedSources

use of dev.jbang.net.TrustedSources in project jbang by jbangdev.

the class RemoteResourceResolver method fetchScriptFromUntrustedURL.

public static ResourceRef fetchScriptFromUntrustedURL(String scriptURL) {
    try {
        java.net.URI uri = new java.net.URI(scriptURL);
        if (!TrustedSources.instance().isURLTrusted(uri)) {
            String question = scriptURL + " is not from a trusted source thus not running it automatically.\n" + "\n" + "If you trust the url to be safe to run you can do one of the following";
            String trustUrl = goodTrustURL(scriptURL);
            String trustOrgUrl = orgURL(trustUrl);
            List<String> options = new ArrayList<>();
            options.add("Trust once: Add no trust, just run this time");
            options.add("Trust limited url in future: " + trustUrl);
            if (trustOrgUrl != null) {
                options.add("Trust organization url in future: " + trustOrgUrl);
            }
            int result = Util.askInput(question, 30, 0, options.toArray(new String[] {}));
            TrustedSources ts = TrustedSources.instance();
            if (result == 2) {
                ts.add(trustUrl, Settings.getTrustedSourcesFile().toFile());
            } else if (result == 3) {
                ts.add(trustOrgUrl, Settings.getTrustedSourcesFile().toFile());
            } else if (result <= 0) {
                String exmsg = scriptURL + " is not from a trusted source and user did not confirm trust thus aborting.\n" + "If you trust the url to be safe to run are here a few suggestions:\n" + "Limited trust:\n     jbang trust add " + trustUrl + "\n";
                if (trustOrgUrl != null) {
                    exmsg += "Organization trust:\n     jbang trust add " + trustOrgUrl + "\n";
                }
                exmsg += "Trust all subdomains:\n    jbang trust add *." + uri.getAuthority() + "\n" + "Trust all sources (WARNING! disables url protection):\n    jbang trust add *" + "\n" + "\nFor more control edit ~/.jbang/trusted-sources.json" + "\n";
                throw new ExitException(10, exmsg);
            }
        }
        scriptURL = swizzleURL(scriptURL);
        Path path = Util.swizzleContent(scriptURL, Util.downloadAndCacheFile(scriptURL));
        return ResourceRef.forCachedResource(scriptURL, path.toFile());
    } catch (IOException | URISyntaxException e) {
        throw new ExitException(BaseCommand.EXIT_INVALID_INPUT, "Could not download " + scriptURL, e);
    }
}
Also used : Path(java.nio.file.Path) ArrayList(java.util.ArrayList) IOException(java.io.IOException) URISyntaxException(java.net.URISyntaxException) TrustedSources(dev.jbang.net.TrustedSources) ExitException(dev.jbang.cli.ExitException)

Aggregations

ExitException (dev.jbang.cli.ExitException)1 TrustedSources (dev.jbang.net.TrustedSources)1 IOException (java.io.IOException)1 URISyntaxException (java.net.URISyntaxException)1 Path (java.nio.file.Path)1 ArrayList (java.util.ArrayList)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial