Example 1 with RhinoSecurityDomain
use of org.jaggeryjs.scriptengine.security.RhinoSecurityDomain in project jaggery by wso2.
the class ModuleManager method initScripts.
@SuppressFBWarnings("PATH_TRAVERSAL_IN")
private void initScripts(Module moduleObject, Context cx, JavaScriptModule module, boolean isCustom) throws ScriptException {
String name = null;
String path = null;
JavaScriptScript script;
List scriptList = moduleObject.getScripts();
Iterator itr = scriptList.iterator();
while (itr.hasNext()) {
try {
//process methods
org.jaggeryjs.jaggery.core.Script scriptObject = (org.jaggeryjs.jaggery.core.Script) itr.next();
name = scriptObject.getName();
path = scriptObject.getPath();
script = new JavaScriptScript(name);
Reader reader;
final String fileName;
ScriptCachingContext sctx;
if (isCustom) {
String filteredPath = filterPath(path);
fileName = modulesDir + File.separator + module.getName() + File.separator + filterPath(path);
reader = new FileReader(fileName);
int endIndex = filteredPath.lastIndexOf(File.separator);
sctx = new ScriptCachingContext(String.valueOf(MultitenantConstants.SUPER_TENANT_ID), '<' + module.getName() + '>', filteredPath.substring(0, endIndex), filteredPath.substring(endIndex));
} else {
reader = new InputStreamReader(ModuleManager.class.getClassLoader().getResourceAsStream(path));
fileName = modulesDir + File.separator + name;
int endIndex = path.lastIndexOf('/');
sctx = new ScriptCachingContext(String.valueOf(MultitenantConstants.SUPER_TENANT_ID), "<<" + name + ">>", '/' + path.substring(0, endIndex), path.substring(endIndex));
}
CacheManager cacheManager = new CacheManager(null);
sctx.setSecurityDomain(new RhinoSecurityDomain() {
@SuppressFBWarnings("PATH_TRAVERSAL_IN")
@Override
public CodeSource getCodeSource() throws ScriptException {
try {
URL url = new File(fileName).getCanonicalFile().toURI().toURL();
return new CodeSource(url, (Certificate[]) null);
} catch (MalformedURLException e) {
throw new ScriptException(e);
} catch (IOException e) {
throw new ScriptException(e);
}
}
});
sctx.setSourceModifiedTime(1);
Script cachedScript = cacheManager.getScriptObject(reader, sctx);
if (cachedScript == null) {
cacheManager.cacheScript(reader, sctx);
cachedScript = cacheManager.getScriptObject(reader, sctx);
}
script.setScript(cachedScript);
module.addScript(script);
} catch (FileNotFoundException e) {
String msg = "Error executing script. Script cannot be found, name : " + name + ", path : " + path;
log.error(msg, e);
throw new ScriptException(msg, e);
}
}
}
Also used :
MalformedURLException(java.net.MalformedURLException)
RhinoSecurityDomain(org.jaggeryjs.scriptengine.security.RhinoSecurityDomain)
SuppressFBWarnings(edu.umd.cs.findbugs.annotations.SuppressFBWarnings)
URL(java.net.URL)
ScriptException(org.jaggeryjs.scriptengine.exceptions.ScriptException)
Iterator(java.util.Iterator)
CacheManager(org.jaggeryjs.scriptengine.cache.CacheManager)
List(java.util.List)
Script(org.mozilla.javascript.Script)
ScriptCachingContext(org.jaggeryjs.scriptengine.cache.ScriptCachingContext)
CodeSource(java.security.CodeSource)
SuppressFBWarnings(edu.umd.cs.findbugs.annotations.SuppressFBWarnings)
Aggregations
SuppressFBWarnings (edu.umd.cs.findbugs.annotations.SuppressFBWarnings)1
MalformedURLException (java.net.MalformedURLException)1
URL (java.net.URL)1
CodeSource (java.security.CodeSource)1
Iterator (java.util.Iterator)1
List (java.util.List)1
CacheManager (org.jaggeryjs.scriptengine.cache.CacheManager)1
ScriptCachingContext (org.jaggeryjs.scriptengine.cache.ScriptCachingContext)1
ScriptException (org.jaggeryjs.scriptengine.exceptions.ScriptException)1
RhinoSecurityDomain (org.jaggeryjs.scriptengine.security.RhinoSecurityDomain)1
Script (org.mozilla.javascript.Script)1
