Reputation: 18266
SecurityManager like facility in Groovy to deny usage of certain classes during parsing phase
I am wondering how one can attack the problem of denying *.groovy files the ability to reference and make use of certain classes that i pick. One approach is of course to install a security manager and classloader to block attempts toload or execute certain methods on certain classes eg java.io.File. This however of course from what i can imagine not affect interpretted mode as no class is ever generatd or loaded by the classloader.
Ideally i would like the equivalent of class verifying but for groovy files during the parsing phase and similar evaluations are executed.
Any pointers would be appreciated.
Upvotes: 2
Views: 1046
Answers (2)
Reputation: 171074
Not sure, but I believe the SecureASTCustomizer might help you (Groovy 1.8)
There is a blog post by Cedric Champeau which shows how it is used. Basically, you can set up a blacklist or whitelist of classes, imports, operators, etc that a script is allowed to use. Or indeed you can set more complex rules (see the examples on the blog post about debying variable names that start with a caps char, or denying the use of System.exit)
Upvotes: 4
Reputation: 962
Also have a look at the java-sandbox library: http://blog.datenwerke.net/2013/06/sandboxing-groovy-with-java-sandbox.html
Upvotes: 0
Related Questions
- How do you forbid users from doing evil things in Groovy Scripts?
- How to make a Groovy method truly protected
- How to block access to some classes, when executing groovy scripts from java?
- Bullet-proof groovy script embedding
- How to disallow dependencies via @Grab in Groovy script
- Can i deny access to a jvm class by configuring java.policy file?
- Sandboxing Java / Groovy / Freemarker Code - Preventing execution of specific methods
- Java security policy: granting access depending on classloader
- Restrict some API in Embedded Groovy
- How do I disable generation of Groovy accessors?