You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@groovy.apache.org by pa...@apache.org on 2022/05/01 13:29:08 UTC

[groovy] branch master updated: GROOVY-10610: Provide a better fallback for running without a security manager for groovysh on JDK18

This is an automated email from the ASF dual-hosted git repository.

paulk pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/groovy.git


The following commit(s) were added to refs/heads/master by this push:
     new 229add8af0 GROOVY-10610: Provide a better fallback for running without a security manager for groovysh on JDK18
229add8af0 is described below

commit 229add8af04da349d4d7b74fb89052a48f495e1b
Author: Paul King <pa...@asert.com.au>
AuthorDate: Fri Apr 29 20:47:17 2022 +1000

    GROOVY-10610: Provide a better fallback for running without a security manager for groovysh on JDK18
---
 .../groovy/org/apache/groovy/groovysh/Main.groovy  |  8 ++--
 .../groovysh/util/SecurityManagerUtil.groovy       | 45 ++++++++++++++++++++++
 2 files changed, 48 insertions(+), 5 deletions(-)

diff --git a/subprojects/groovy-groovysh/src/main/groovy/org/apache/groovy/groovysh/Main.groovy b/subprojects/groovy-groovysh/src/main/groovy/org/apache/groovy/groovysh/Main.groovy
index 4558a523e8..c4ddcae030 100644
--- a/subprojects/groovy-groovysh/src/main/groovy/org/apache/groovy/groovysh/Main.groovy
+++ b/subprojects/groovy-groovysh/src/main/groovy/org/apache/groovy/groovysh/Main.groovy
@@ -26,7 +26,7 @@ import jline.TerminalFactory
 import jline.UnixTerminal
 import jline.UnsupportedTerminal
 import jline.WindowsTerminal
-import org.apache.groovy.groovysh.util.NoExitSecurityManager
+import org.apache.groovy.groovysh.util.SecurityManagerUtil
 import org.codehaus.groovy.control.CompilerConfiguration
 import org.codehaus.groovy.tools.shell.IO
 import org.codehaus.groovy.tools.shell.util.Logger
@@ -186,15 +186,13 @@ class Main {
             }
         }
 
-
-        SecurityManager psm = System.getSecurityManager()
-        System.setSecurityManager(new NoExitSecurityManager())
+        SecurityManagerUtil sm = new SecurityManagerUtil()
 
         try {
             code = shell.run(evalString, filenames)
         }
         finally {
-            System.setSecurityManager(psm)
+            sm.close()
         }
 
         // Force the JVM to exit at this point, since shell could have created threads or
diff --git a/subprojects/groovy-groovysh/src/main/groovy/org/apache/groovy/groovysh/util/SecurityManagerUtil.groovy b/subprojects/groovy-groovysh/src/main/groovy/org/apache/groovy/groovysh/util/SecurityManagerUtil.groovy
new file mode 100644
index 0000000000..e37da797d4
--- /dev/null
+++ b/subprojects/groovy-groovysh/src/main/groovy/org/apache/groovy/groovysh/util/SecurityManagerUtil.groovy
@@ -0,0 +1,45 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ */
+package org.apache.groovy.groovysh.util
+
+import org.codehaus.groovy.control.CompilerConfiguration
+import org.codehaus.groovy.vmplugin.VMPlugin
+
+class SecurityManagerUtil {
+    private final SecurityManager saved
+
+    SecurityManagerUtil() {
+        if (explicitlyEnabled() || autoEnabledUntilJDK17()) {
+            saved = System.getSecurityManager()
+            System.setSecurityManager(new NoExitSecurityManager())
+        }
+    }
+
+    private boolean autoEnabledUntilJDK17() {
+        !CompilerConfiguration.isPostJDK18(VMPlugin.javaVersion)
+    }
+
+    private boolean explicitlyEnabled() {
+        System.getProperty('java.security.manager', 'disallow') == 'allow'
+    }
+
+    void close() {
+        System.setSecurityManager(saved)
+    }
+}