Example 1 with GroovyValueFilter
use of org.kohsuke.groovy.sandbox.GroovyValueFilter in project ontrack by nemerosa.
the class ExpressionEngineImpl method resolve.
public String resolve(final String expression, Map<String, ?> parameters) {
SandboxTransformer sandboxTransformer = new SandboxTransformer();
SecureASTCustomizer secure = new SecureASTCustomizer();
secure.setClosuresAllowed(false);
secure.setMethodDefinitionAllowed(false);
CompilerConfiguration compilerConfiguration = new CompilerConfiguration();
compilerConfiguration.addCompilationCustomizers(sandboxTransformer, secure);
Binding binding = new Binding(parameters);
GroovyShell shell = new GroovyShell(binding, compilerConfiguration);
// Sandbox registration (thread level)
GroovyValueFilter sandboxFilter = new GroovyValueFilter() {
@Override
public Object filter(Object o) {
if (o == null || o instanceof String || o instanceof GString || o.getClass().getName().equals("Script1")) {
return o;
} else if (o instanceof Class) {
throw new ExpressionCompilationException(expression, String.format("%n- %s class cannot be accessed.", ((Class) o).getName()));
} else {
throw new ExpressionCompilationException(expression, String.format("%n- %s class cannot be accessed.", o.getClass().getName()));
}
}
};
try {
sandboxFilter.register();
Object result = shell.evaluate(expression);
if (result == null) {
return null;
} else if (!(result instanceof String)) {
throw new ExpressionNotStringException(expression);
} else {
return (String) result;
}
} catch (MissingPropertyException e) {
throw new ExpressionCompilationException(expression, "No such property: " + e.getProperty());
} catch (MultipleCompilationErrorsException e) {
StringWriter s = new StringWriter();
PrintWriter p = new PrintWriter(s);
@SuppressWarnings("unchecked") List<Message> errors = e.getErrorCollector().getErrors();
errors.forEach((Message message) -> writeErrorMessage(p, message));
throw new ExpressionCompilationException(expression, s.toString());
} finally {
sandboxFilter.unregister();
}
}
Also used :
Binding(groovy.lang.Binding)
ExpressionNotStringException(net.nemerosa.ontrack.model.exceptions.ExpressionNotStringException)
SecureASTCustomizer(org.codehaus.groovy.control.customizers.SecureASTCustomizer)
Message(org.codehaus.groovy.control.messages.Message)
ExceptionMessage(org.codehaus.groovy.control.messages.ExceptionMessage)
MissingPropertyException(groovy.lang.MissingPropertyException)
GString(groovy.lang.GString)
GString(groovy.lang.GString)
ExpressionCompilationException(net.nemerosa.ontrack.model.exceptions.ExpressionCompilationException)
GroovyShell(groovy.lang.GroovyShell)
SandboxTransformer(org.kohsuke.groovy.sandbox.SandboxTransformer)
StringWriter(java.io.StringWriter)
GroovyValueFilter(org.kohsuke.groovy.sandbox.GroovyValueFilter)
CompilerConfiguration(org.codehaus.groovy.control.CompilerConfiguration)
List(java.util.List)
MultipleCompilationErrorsException(org.codehaus.groovy.control.MultipleCompilationErrorsException)
PrintWriter(java.io.PrintWriter)
Aggregations
Binding (groovy.lang.Binding)1
GString (groovy.lang.GString)1
GroovyShell (groovy.lang.GroovyShell)1
MissingPropertyException (groovy.lang.MissingPropertyException)1
PrintWriter (java.io.PrintWriter)1
StringWriter (java.io.StringWriter)1
List (java.util.List)1
ExpressionCompilationException (net.nemerosa.ontrack.model.exceptions.ExpressionCompilationException)1
ExpressionNotStringException (net.nemerosa.ontrack.model.exceptions.ExpressionNotStringException)1
CompilerConfiguration (org.codehaus.groovy.control.CompilerConfiguration)1
MultipleCompilationErrorsException (org.codehaus.groovy.control.MultipleCompilationErrorsException)1
SecureASTCustomizer (org.codehaus.groovy.control.customizers.SecureASTCustomizer)1
ExceptionMessage (org.codehaus.groovy.control.messages.ExceptionMessage)1
Message (org.codehaus.groovy.control.messages.Message)1
GroovyValueFilter (org.kohsuke.groovy.sandbox.GroovyValueFilter)1
SandboxTransformer (org.kohsuke.groovy.sandbox.SandboxTransformer)1
