Uploaded image for project: 'Commons JEXL'
  1. Commons JEXL
  2. JEXL-357

Configure accessible packages/classes/methods/fields

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 3.2.1
    • 3.3
    • None

    Description

      The @NoJexl annotation allows 'hiding' functional elements from scripts; this features will allow Jexl introspection to completely ignore existing packages/classes/methods/fields ensuring they can not be called.
      Acting (more or less) as a security manager, this will allow fine configuration of what scripts are allowed to access on a platform. Used in conjunction with Sandboxing, how much is exposed can be limited to explicit permission.

      Attachments

        Issue Links

          fixes

          Bug - A problem which impairs or prevents the functions of the product. JEXL-223 Apache Commons JEXL Expression Execute Command Vulnerabilitity

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          relates to

          Improvement - An improvement or enhancement to an existing feature or task. JEXL-381 Change default JEXL configuration to a more security-friendly behaviour

          • Major - Major loss of function.
          • Closed

          Activity

            People

              henrib Henri Biestro
              henrib Henri Biestro
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: