Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
3.2.1
-
None
Description
WHAT:
JEXL's default builder allows accessing and calling any public method, field or constructor of any public class. This might not be desirable since a quick exploration of JEXL will quickly conclude the library allows arbitrary execution through commands (ProcessBuilder) or getting to the file-system through URL or File. This improvement goal is to change JEXL's permeability as an explicit option and user decision, not a default behaviour.
HOW:
By changing the current JexlBuilder to use a restricted set of permissions whilst instantiating the Uberspect, we can ensure a minimal useful set of classes can be accessed and only those by default. By removing access to almost all classes that interact with the JVM host and file-system, we ensure a default isolation that would significantly reduce the ability to use JEXL as an attack vector.
CAVEAT:
This change will likely break many scripts that were dependant upon the default permeability.
ggregory, dmitri_blinov your opinions are welcome
https://lists.apache.org/thread/kgh0kfkcvllp5mj7kwnpdqrbrfcyyopd