Example 1 with SandboxTransformer
use of org.kohsuke.groovy.sandbox.SandboxTransformer in project hale by halestudio.
the class GroovySandboxTest method setUp.
/**
* Sets up the Groovy shell and interceptor.
*/
@Before
public void setUp() {
CompilerConfiguration cc = new CompilerConfiguration();
// enable invoke dynamic support (simiar to in when scripts are created)
cc.getOptimizationOptions().put(CompilerConfiguration.INVOKEDYNAMIC, true);
cc.addCompilationCustomizers(new SandboxTransformer());
shell = new GroovyShell(cc);
interceptor = new RestrictiveGroovyInterceptor(Collections.<Class<?>>emptySet(), Collections.<Class<?>>emptySet(), Collections.<AllowedPrefix>emptyList());
}
Also used :
SandboxTransformer(org.kohsuke.groovy.sandbox.SandboxTransformer)
AllowedPrefix(eu.esdihumboldt.util.groovy.sandbox.internal.RestrictiveGroovyInterceptor.AllowedPrefix)
RestrictiveGroovyInterceptor(eu.esdihumboldt.util.groovy.sandbox.internal.RestrictiveGroovyInterceptor)
CompilerConfiguration(org.codehaus.groovy.control.CompilerConfiguration)
GroovyShell(groovy.lang.GroovyShell)
Before(org.junit.Before)
Example 2 with SandboxTransformer
use of org.kohsuke.groovy.sandbox.SandboxTransformer in project hale by halestudio.
the class DefaultGroovyService method createShell.
@Override
public GroovyShell createShell(Binding binding) {
// TODO use a specific classloader?
CompilerConfiguration cc = new CompilerConfiguration();
// enable invoke dynamic support
cc.getOptimizationOptions().put(CompilerConfiguration.INVOKEDYNAMIC, true);
// add pre-defined imports
ImportCustomizer importCustomizer = new ImportCustomizer();
// add extension-defined imports
configureImportsFromExtensions(importCustomizer);
cc.addCompilationCustomizers(importCustomizer);
/*
* Disable handling Groovy Grape annotations.
*
* This mainly serves the purpose to allow external Groovy snippets to
* use Grapes, but have them disabled when imported into hale.
*
* If at some point we support Grapes within hale studio, we will want
* to change this behavior. Then we will need to think about how we can
* deal with conflicts on the classpath.
*/
if (cc.getDisabledGlobalASTTransformations() == null) {
cc.setDisabledGlobalASTTransformations(new HashSet<String>());
}
cc.getDisabledGlobalASTTransformations().add("groovy.grape.GrabAnnotationTransformation");
if (isRestrictionActive()) {
// configure restriction
cc.addCompilationCustomizers(new SandboxTransformer());
cc.setScriptBaseClass(SecureScript.class.getName());
}
if (binding != null)
return new GroovyShell(binding, cc);
else
return new GroovyShell(cc);
}
Also used :
SandboxTransformer(org.kohsuke.groovy.sandbox.SandboxTransformer)
SecureScript(eu.esdihumboldt.util.groovy.sandbox.internal.SecureScript)
CompilerConfiguration(org.codehaus.groovy.control.CompilerConfiguration)
ImportCustomizer(org.codehaus.groovy.control.customizers.ImportCustomizer)
GroovyShell(groovy.lang.GroovyShell)
Example 3 with SandboxTransformer
use of org.kohsuke.groovy.sandbox.SandboxTransformer in project CzechIdMng by bcvsolutions.
the class DefaultGroovyScriptService method buildScript.
private Script buildScript(String source) {
CompilerConfiguration compilerConfiguration = new CompilerConfiguration();
compilerConfiguration.setVerbose(false);
compilerConfiguration.setDebug(false);
compilerConfiguration.addCompilationCustomizers(new SandboxTransformer());
//
GroovyShell shell = new GroovyShell(compilerConfiguration);
return shell.parse(source);
}
Also used :
SandboxTransformer(org.kohsuke.groovy.sandbox.SandboxTransformer)
CompilerConfiguration(org.codehaus.groovy.control.CompilerConfiguration)
GroovyShell(groovy.lang.GroovyShell)
Example 4 with SandboxTransformer
use of org.kohsuke.groovy.sandbox.SandboxTransformer in project ontrack by nemerosa.
the class ExpressionEngineImpl method resolve.
public String resolve(final String expression, Map<String, ?> parameters) {
SandboxTransformer sandboxTransformer = new SandboxTransformer();
SecureASTCustomizer secure = new SecureASTCustomizer();
secure.setClosuresAllowed(false);
secure.setMethodDefinitionAllowed(false);
CompilerConfiguration compilerConfiguration = new CompilerConfiguration();
compilerConfiguration.addCompilationCustomizers(sandboxTransformer, secure);
Binding binding = new Binding(parameters);
GroovyShell shell = new GroovyShell(binding, compilerConfiguration);
// Sandbox registration (thread level)
GroovyValueFilter sandboxFilter = new GroovyValueFilter() {
@Override
public Object filter(Object o) {
if (o == null || o instanceof String || o instanceof GString || o.getClass().getName().equals("Script1")) {
return o;
} else if (o instanceof Class) {
throw new ExpressionCompilationException(expression, String.format("%n- %s class cannot be accessed.", ((Class) o).getName()));
} else {
throw new ExpressionCompilationException(expression, String.format("%n- %s class cannot be accessed.", o.getClass().getName()));
}
}
};
try {
sandboxFilter.register();
Object result = shell.evaluate(expression);
if (result == null) {
return null;
} else if (!(result instanceof String)) {
throw new ExpressionNotStringException(expression);
} else {
return (String) result;
}
} catch (MissingPropertyException e) {
throw new ExpressionCompilationException(expression, "No such property: " + e.getProperty());
} catch (MultipleCompilationErrorsException e) {
StringWriter s = new StringWriter();
PrintWriter p = new PrintWriter(s);
@SuppressWarnings("unchecked") List<Message> errors = e.getErrorCollector().getErrors();
errors.forEach((Message message) -> writeErrorMessage(p, message));
throw new ExpressionCompilationException(expression, s.toString());
} finally {
sandboxFilter.unregister();
}
}
Also used :
Binding(groovy.lang.Binding)
ExpressionNotStringException(net.nemerosa.ontrack.model.exceptions.ExpressionNotStringException)
SecureASTCustomizer(org.codehaus.groovy.control.customizers.SecureASTCustomizer)
Message(org.codehaus.groovy.control.messages.Message)
ExceptionMessage(org.codehaus.groovy.control.messages.ExceptionMessage)
MissingPropertyException(groovy.lang.MissingPropertyException)
GString(groovy.lang.GString)
GString(groovy.lang.GString)
ExpressionCompilationException(net.nemerosa.ontrack.model.exceptions.ExpressionCompilationException)
GroovyShell(groovy.lang.GroovyShell)
SandboxTransformer(org.kohsuke.groovy.sandbox.SandboxTransformer)
StringWriter(java.io.StringWriter)
GroovyValueFilter(org.kohsuke.groovy.sandbox.GroovyValueFilter)
CompilerConfiguration(org.codehaus.groovy.control.CompilerConfiguration)
List(java.util.List)
MultipleCompilationErrorsException(org.codehaus.groovy.control.MultipleCompilationErrorsException)
PrintWriter(java.io.PrintWriter)
Aggregations
GroovyShell (groovy.lang.GroovyShell)4
CompilerConfiguration (org.codehaus.groovy.control.CompilerConfiguration)4
SandboxTransformer (org.kohsuke.groovy.sandbox.SandboxTransformer)4
RestrictiveGroovyInterceptor (eu.esdihumboldt.util.groovy.sandbox.internal.RestrictiveGroovyInterceptor)1
AllowedPrefix (eu.esdihumboldt.util.groovy.sandbox.internal.RestrictiveGroovyInterceptor.AllowedPrefix)1
SecureScript (eu.esdihumboldt.util.groovy.sandbox.internal.SecureScript)1
Binding (groovy.lang.Binding)1
GString (groovy.lang.GString)1
MissingPropertyException (groovy.lang.MissingPropertyException)1
PrintWriter (java.io.PrintWriter)1
StringWriter (java.io.StringWriter)1
List (java.util.List)1
ExpressionCompilationException (net.nemerosa.ontrack.model.exceptions.ExpressionCompilationException)1
ExpressionNotStringException (net.nemerosa.ontrack.model.exceptions.ExpressionNotStringException)1
MultipleCompilationErrorsException (org.codehaus.groovy.control.MultipleCompilationErrorsException)1
ImportCustomizer (org.codehaus.groovy.control.customizers.ImportCustomizer)1
SecureASTCustomizer (org.codehaus.groovy.control.customizers.SecureASTCustomizer)1
ExceptionMessage (org.codehaus.groovy.control.messages.ExceptionMessage)1
Message (org.codehaus.groovy.control.messages.Message)1
Before (org.junit.Before)1
