You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@groovy.apache.org by "Paul King (Jira)" <ji...@apache.org> on 2020/11/11 02:01:04 UTC

[jira] [Closed] (GROOVY-9318) SecureASTCustomizer: add support for allowing or blocking entire package trees

     [ https://issues.apache.org/jira/browse/GROOVY-9318?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Paul King closed GROOVY-9318.
-----------------------------

> SecureASTCustomizer: add support for allowing or blocking entire package trees
> ------------------------------------------------------------------------------
>
>                 Key: GROOVY-9318
>                 URL: https://issues.apache.org/jira/browse/GROOVY-9318
>             Project: Groovy
>          Issue Type: New Feature
>            Reporter: Eric Milles
>            Assignee: Eric Milles
>            Priority: Minor
>             Fix For: 4.0.0-alpha-1
>
>
> Consider the following:
> {code:groovy}
> CompilerConfiguration configuration = new CompilerConfiguration()
> SecureASTCustomizer customizer = new SecureASTCustomizer()
> configuration.addCompilationCustomizers(customizer)
> customizer.starImportsBlacklist = ['javax.**']
> def shell = new GroovyShell(configuration)
> shell.evaluate('''
>   import javax.swing.Action
>   Action act
> ''')
> {code}
> This should throw SecurityException since all of "javax" packages have been blocked.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)