Uploaded image for project: 'Groovy'
  1. Groovy
  2. GROOVY-7735

Closures should be generated as public classes

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.4.5
    • 2.4.6
    • None

    Description

      Closures are currently created as a package-private class thanks to a single constant zero that gets passed in, which then get accessed by the org.codehaus.groovy.reflection.CachedMethod class.

      When running Groovy within a Security Manager, this requires an extreme permission to be enabled: suppressAccessCheck. This permission enables reflection-based code to access methods that they have no "right" to access.

      The associated PR changes the constant zero to ACC_PUBLIC, which means that the class becomes public rather than package-private. By making this change, no special security manager permissions need to be applied, thus making Groovy less of a risk. For what it's worth, the value of 0 seems more arbitrary than intentional and public seems to be the more appropriate access level for a Closure.

      PR: https://github.com/apache/groovy/pull/248

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            pascalschumacher Pascal Schumacher
            pickypg Chris Earle
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment