[GROOVY-9318] SecureASTCustomizer: add support for allowing or blocking entire package trees - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.0.0-alpha-1
Component/s: None
Labels:
None

Description

Consider the following:

CompilerConfiguration configuration = new CompilerConfiguration()
SecureASTCustomizer customizer = new SecureASTCustomizer()
configuration.addCompilationCustomizers(customizer)
customizer.starImportsBlacklist = ['javax.**']
def shell = new GroovyShell(configuration)
shell.evaluate('''
  import javax.swing.Action
  Action act
''')

This should throw SecurityException since all of "javax" packages have been blocked.

Attachments

Activity

People

Assignee:: Eric Milles

Reporter:: Eric Milles

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 24/Nov/19 23:24

Updated:: 11/Nov/20 02:00

Resolved:: 25/Nov/19 19:02