Uploaded image for project: 'Groovy'
  1. Groovy
  2. GROOVY-7735

Closures should be generated as public classes

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.4.5
    • Fix Version/s: 2.4.6
    • Labels:
      None

      Description

      Closures are currently created as a package-private class thanks to a single constant zero that gets passed in, which then get accessed by the org.codehaus.groovy.reflection.CachedMethod class.

      When running Groovy within a Security Manager, this requires an extreme permission to be enabled: suppressAccessCheck. This permission enables reflection-based code to access methods that they have no "right" to access.

      The associated PR changes the constant zero to ACC_PUBLIC, which means that the class becomes public rather than package-private. By making this change, no special security manager permissions need to be applied, thus making Groovy less of a risk. For what it's worth, the value of 0 seems more arbitrary than intentional and public seems to be the more appropriate access level for a Closure.

      PR: https://github.com/apache/groovy/pull/248

        Attachments

          Activity

            People

            • Assignee:
              pascalschumacher Pascal Schumacher
              Reporter:
              pickypg Chris Earle
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: