You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@groovy.apache.org by pa...@apache.org on 2022/05/01 13:29:08 UTC
[groovy] branch master updated: GROOVY-10610: Provide a better fallback for running without a security manager for groovysh on JDK18
This is an automated email from the ASF dual-hosted git repository.
paulk pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/groovy.git
The following commit(s) were added to refs/heads/master by this push:
new 229add8af0 GROOVY-10610: Provide a better fallback for running without a security manager for groovysh on JDK18
229add8af0 is described below
commit 229add8af04da349d4d7b74fb89052a48f495e1b
Author: Paul King <pa...@asert.com.au>
AuthorDate: Fri Apr 29 20:47:17 2022 +1000
GROOVY-10610: Provide a better fallback for running without a security manager for groovysh on JDK18
---
.../groovy/org/apache/groovy/groovysh/Main.groovy | 8 ++--
.../groovysh/util/SecurityManagerUtil.groovy | 45 ++++++++++++++++++++++
2 files changed, 48 insertions(+), 5 deletions(-)
diff --git a/subprojects/groovy-groovysh/src/main/groovy/org/apache/groovy/groovysh/Main.groovy b/subprojects/groovy-groovysh/src/main/groovy/org/apache/groovy/groovysh/Main.groovy
index 4558a523e8..c4ddcae030 100644
--- a/subprojects/groovy-groovysh/src/main/groovy/org/apache/groovy/groovysh/Main.groovy
+++ b/subprojects/groovy-groovysh/src/main/groovy/org/apache/groovy/groovysh/Main.groovy
@@ -26,7 +26,7 @@ import jline.TerminalFactory
import jline.UnixTerminal
import jline.UnsupportedTerminal
import jline.WindowsTerminal
-import org.apache.groovy.groovysh.util.NoExitSecurityManager
+import org.apache.groovy.groovysh.util.SecurityManagerUtil
import org.codehaus.groovy.control.CompilerConfiguration
import org.codehaus.groovy.tools.shell.IO
import org.codehaus.groovy.tools.shell.util.Logger
@@ -186,15 +186,13 @@ class Main {
}
}
-
- SecurityManager psm = System.getSecurityManager()
- System.setSecurityManager(new NoExitSecurityManager())
+ SecurityManagerUtil sm = new SecurityManagerUtil()
try {
code = shell.run(evalString, filenames)
}
finally {
- System.setSecurityManager(psm)
+ sm.close()
}
// Force the JVM to exit at this point, since shell could have created threads or
diff --git a/subprojects/groovy-groovysh/src/main/groovy/org/apache/groovy/groovysh/util/SecurityManagerUtil.groovy b/subprojects/groovy-groovysh/src/main/groovy/org/apache/groovy/groovysh/util/SecurityManagerUtil.groovy
new file mode 100644
index 0000000000..e37da797d4
--- /dev/null
+++ b/subprojects/groovy-groovysh/src/main/groovy/org/apache/groovy/groovysh/util/SecurityManagerUtil.groovy
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.groovy.groovysh.util
+
+import org.codehaus.groovy.control.CompilerConfiguration
+import org.codehaus.groovy.vmplugin.VMPlugin
+
+class SecurityManagerUtil {
+ private final SecurityManager saved
+
+ SecurityManagerUtil() {
+ if (explicitlyEnabled() || autoEnabledUntilJDK17()) {
+ saved = System.getSecurityManager()
+ System.setSecurityManager(new NoExitSecurityManager())
+ }
+ }
+
+ private boolean autoEnabledUntilJDK17() {
+ !CompilerConfiguration.isPostJDK18(VMPlugin.javaVersion)
+ }
+
+ private boolean explicitlyEnabled() {
+ System.getProperty('java.security.manager', 'disallow') == 'allow'
+ }
+
+ void close() {
+ System.setSecurityManager(saved)
+ }
+}