You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@groovy.apache.org by pa...@apache.org on 2020/06/19 01:12:54 UTC
[groovy] branch GROOVY_3_0_X updated (d8d04e6 -> 919d449)
This is an automated email from the ASF dual-hosted git repository.
paulk pushed a change to branch GROOVY_3_0_X
in repository https://gitbox.apache.org/repos/asf/groovy.git.
from d8d04e6 minor refactor: rename local var
new 70b3b7e GROOVY-9594: Rename whitelist/blacklist in SecureASTCustomizer to more meaningful names
new 919d449 GROOVY-9594: Update src/main/java/org/codehaus/groovy/control/customizers/SecureASTCustomizer.java (closes #1282)
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../control/customizers/SecureASTCustomizer.java | 764 ++++++++++++++-------
src/spec/doc/core-domain-specific-languages.adoc | 19 +-
src/spec/test/CustomizersTest.groovy | 12 +-
.../customizers/SecureASTCustomizerTest.groovy | 126 ++--
.../CompilerCustomizationBuilderTest.groovy | 4 +-
5 files changed, 603 insertions(+), 322 deletions(-)
[groovy] 01/02: GROOVY-9594: Rename whitelist/blacklist in
SecureASTCustomizer to more meaningful names
Posted by pa...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
paulk pushed a commit to branch GROOVY_3_0_X
in repository https://gitbox.apache.org/repos/asf/groovy.git
commit 70b3b7e868d286fceec98e7d379705f8c15e6e04
Author: Paul King <pa...@asert.com.au>
AuthorDate: Tue Jun 16 17:06:29 2020 +1000
GROOVY-9594: Rename whitelist/blacklist in SecureASTCustomizer to more meaningful names
---
.../control/customizers/SecureASTCustomizer.java | 764 ++++++++++++++-------
src/spec/doc/core-domain-specific-languages.adoc | 19 +-
src/spec/test/CustomizersTest.groovy | 12 +-
.../customizers/SecureASTCustomizerTest.groovy | 126 ++--
.../CompilerCustomizationBuilderTest.groovy | 4 +-
5 files changed, 603 insertions(+), 322 deletions(-)
diff --git a/src/main/java/org/codehaus/groovy/control/customizers/SecureASTCustomizer.java b/src/main/java/org/codehaus/groovy/control/customizers/SecureASTCustomizer.java
index 37ffb70..7ea48e1 100644
--- a/src/main/java/org/codehaus/groovy/control/customizers/SecureASTCustomizer.java
+++ b/src/main/java/org/codehaus/groovy/control/customizers/SecureASTCustomizer.java
@@ -94,24 +94,28 @@ import java.util.List;
import java.util.Map;
/**
- * This customizer allows securing source code by controlling what code constructs are allowed. For example, if you only
- * want to allow arithmetic operations in a groovy shell, you can configure this customizer to restrict package imports,
- * method calls and so on.
+ * This customizer allows securing source code by controlling what code constructs are permitted.
+ * This is typically done when using Groovy for its scripting or domain specific language (DSL) features.
+ * For example, if you only want to allow arithmetic operations in a groovy shell,
+ * you can configure this customizer to restrict package imports, method calls and so on.
* <p>
- * Most of the security customization options found in this class work with either blacklist or whitelist. This means that, for a
- * single option, you can set a whitelist OR a blacklist, but not both. You can mix whitelist/blacklist strategies for
- * different options. For example, you can have import whitelist and tokens blacklist.
+ * Most of the security customization options found in this class work with either <i>allowed</i> or <i>disallowed</i> lists.
+ * This means that, for a single option, you can set an allowed list OR a disallowed list, but not both.
+ * You can mix allowed/disallowed strategies for different options.
+ * For example, you can have an allowed import list and a disallowed tokens list.
* <p>
- * The recommended way of securing shells is to use whitelists because it is guaranteed that future features of the
- * Groovy language won't be allowed by defaut. Using blacklists, you can limit the features of the languages by opting
- * out, but new language features would require you to update your configuration.
+ * The recommended way of securing shells is to use allowed lists because it is guaranteed that future features of the
+ * Groovy language won't be accidentally allowed unless explicitly added to the allowed list.
+ * Using disallowed lists, you can limit the features of the language constructs supported by your shell by opting
+ * out, but new language features are then implicitly also available and this may not be desirable.
+ * The implication is that you might need to update your configuration with each new release.
* <p>
- * If you set neither a whitelist nor a blacklist, then everything is authorized.
+ * If you set neither an allowed list nor a disallowed list, then everything is permitted.
* <p>
- * Combinations of import and star imports constraints are authorized as long as you use the same type of list for both.
- * For example, you may use an import whitelist and a star import whitelist together, but you cannot use an import white
- * list with a star import blacklist. static imports are handled separately, meaning that blacklisting an import <b>
- * does not</b> prevent from using a static import.
+ * Combinations of import and star import constraints are authorized as long as you use the same type of list for both.
+ * For example, you may use an import allowed list and a star import allowed list together, but you cannot use an import
+ * allowed list with a star import disallowed list. Static imports are handled separately, meaning that disallowing an
+ * import <b>does not</b> prevent from allowing a static import.
* <p>
* Eventually, if the features provided here are not sufficient, you may implement custom AST filtering handlers, either
* implementing the {@link StatementChecker} interface or {@link ExpressionChecker} interface then register your
@@ -120,60 +124,60 @@ import java.util.Map;
* methods.
* <p>
* Here is an example of usage. We will create a groovy classloader which only supports arithmetic operations and imports
- * the java.lang.Math classes by default.
+ * the {@code java.lang.Math} classes by default.
*
* <pre>
* final ImportCustomizer imports = new ImportCustomizer().addStaticStars('java.lang.Math') // add static import of java.lang.Math
- * final SecureASTCustomizer secure = new SecureASTCustomizer()
- * secure.with {
- * closuresAllowed = false
- * methodDefinitionAllowed = false
+ * final SecureASTCustomizer secure = new SecureASTCustomizer()
+ * secure.with {
+ * closuresAllowed = false
+ * methodDefinitionAllowed = false
*
- * importsWhitelist = []
- * staticImportsWhitelist = []
- * staticStarImportsWhitelist = ['java.lang.Math'] // only java.lang.Math is allowed
+ * allowedImports = []
+ * allowedStaticImports = []
+ * allowedStaticStarImports = ['java.lang.Math'] // only java.lang.Math is allowed
*
- * tokensWhitelist = [
- * PLUS,
- * MINUS,
- * MULTIPLY,
- * DIVIDE,
- * MOD,
- * POWER,
- * PLUS_PLUS,
- * MINUS_MINUS,
- * COMPARE_EQUAL,
- * COMPARE_NOT_EQUAL,
- * COMPARE_LESS_THAN,
- * COMPARE_LESS_THAN_EQUAL,
- * COMPARE_GREATER_THAN,
- * COMPARE_GREATER_THAN_EQUAL,
- * ].asImmutable()
+ * allowedTokens = [
+ * PLUS,
+ * MINUS,
+ * MULTIPLY,
+ * DIVIDE,
+ * MOD,
+ * POWER,
+ * PLUS_PLUS,
+ * MINUS_MINUS,
+ * COMPARE_EQUAL,
+ * COMPARE_NOT_EQUAL,
+ * COMPARE_LESS_THAN,
+ * COMPARE_LESS_THAN_EQUAL,
+ * COMPARE_GREATER_THAN,
+ * COMPARE_GREATER_THAN_EQUAL,
+ * ].asImmutable()
*
- * constantTypesClassesWhiteList = [
- * Integer,
- * Float,
- * Long,
- * Double,
- * BigDecimal,
- * Integer.TYPE,
- * Long.TYPE,
- * Float.TYPE,
- * Double.TYPE
- * ].asImmutable()
+ * allowedConstantTypesClasses = [
+ * Integer,
+ * Float,
+ * Long,
+ * Double,
+ * BigDecimal,
+ * Integer.TYPE,
+ * Long.TYPE,
+ * Float.TYPE,
+ * Double.TYPE
+ * ].asImmutable()
*
- * receiversClassesWhiteList = [
- * Math,
- * Integer,
- * Float,
- * Double,
- * Long,
- * BigDecimal
- * ].asImmutable()
- * }
- * CompilerConfiguration config = new CompilerConfiguration()
- * config.addCompilationCustomizers(imports, secure)
- * GroovyClassLoader loader = new GroovyClassLoader(this.class.classLoader, config)
+ * allowedReceiversClasses = [
+ * Math,
+ * Integer,
+ * Float,
+ * Double,
+ * Long,
+ * BigDecimal
+ * ].asImmutable()
+ * }
+ * CompilerConfiguration config = new CompilerConfiguration()
+ * config.addCompilationCustomizers(imports, secure)
+ * GroovyClassLoader loader = new GroovyClassLoader(this.class.classLoader, config)
* </pre>
*
* @since 1.8.0
@@ -185,20 +189,20 @@ public class SecureASTCustomizer extends CompilationCustomizer {
private boolean isMethodDefinitionAllowed = true;
// imports
- private List<String> importsWhitelist;
- private List<String> importsBlacklist;
+ private List<String> allowedImports;
+ private List<String> disallowedImports;
// static imports
- private List<String> staticImportsWhitelist;
- private List<String> staticImportsBlacklist;
+ private List<String> allowedStaticImports;
+ private List<String> disallowedStaticImports;
// star imports
- private List<String> starImportsWhitelist;
- private List<String> starImportsBlacklist;
+ private List<String> allowedStarImports;
+ private List<String> disallowedStarImports;
// static star imports
- private List<String> staticStarImportsWhitelist;
- private List<String> staticStarImportsBlacklist;
+ private List<String> allowedStaticStarImports;
+ private List<String> disallowedStaticStarImports;
// indirect import checks
// if set to true, then security rules on imports will also be applied on classnodes.
@@ -206,26 +210,26 @@ public class SecureASTCustomizer extends CompilationCustomizer {
private boolean isIndirectImportCheckEnabled;
// statements
- private List<Class<? extends Statement>> statementsWhitelist;
- private List<Class<? extends Statement>> statementsBlacklist;
+ private List<Class<? extends Statement>> allowedStatements;
+ private List<Class<? extends Statement>> disallowedStatements;
private final List<StatementChecker> statementCheckers = new LinkedList<>();
// expressions
- private List<Class<? extends Expression>> expressionsWhitelist;
- private List<Class<? extends Expression>> expressionsBlacklist;
+ private List<Class<? extends Expression>> allowedExpressions;
+ private List<Class<? extends Expression>> disallowedExpressions;
private final List<ExpressionChecker> expressionCheckers = new LinkedList<>();
// tokens from Types
- private List<Integer> tokensWhitelist;
- private List<Integer> tokensBlacklist;
+ private List<Integer> allowedTokens;
+ private List<Integer> disallowedTokens;
// constant types
- private List<String> constantTypesWhiteList;
- private List<String> constantTypesBlackList;
+ private List<String> allowedConstantTypes;
+ private List<String> disallowedConstantTypes;
// receivers
- private List<String> receiversWhiteList;
- private List<String> receiversBlackList;
+ private List<String> allowedReceivers;
+ private List<String> disallowedReceivers;
public SecureASTCustomizer() {
super(CompilePhase.CANONICALIZATION);
@@ -255,50 +259,106 @@ public class SecureASTCustomizer extends CompilationCustomizer {
isPackageAllowed = packageAllowed;
}
+ public List<String> getDisallowedImports() {
+ return disallowedImports;
+ }
+
+ /**
+ * Legacy alias for {@link #getDisallowedImports()}
+ */
public List<String> getImportsBlacklist() {
- return importsBlacklist;
+ return getDisallowedImports();
}
- public void setImportsBlacklist(final List<String> importsBlacklist) {
- if (importsWhitelist != null || starImportsWhitelist != null) {
- throw new IllegalArgumentException("You are not allowed to set both whitelist and blacklist");
+ public void setDisallowedImports(final List<String> disallowedImports) {
+ if (allowedImports != null || allowedStarImports != null) {
+ throw new IllegalArgumentException("You are not allowed to set both an allowed list and a disallowed list");
}
- this.importsBlacklist = importsBlacklist;
+ this.disallowedImports = disallowedImports;
+ }
+
+ /**
+ * Legacy alias for {@link #setDisallowedImports(List)}
+ */
+ public void setImportsBlacklist(final List<String> disallowedImports) {
+ setDisallowedImports(disallowedImports);
+ }
+
+ public List<String> getAllowedImports() {
+ return allowedImports;
}
+ /**
+ * Legacy alias for {@link #getAllowedImports()}
+ */
public List<String> getImportsWhitelist() {
- return importsWhitelist;
+ return getAllowedImports();
}
- public void setImportsWhitelist(final List<String> importsWhitelist) {
- if (importsBlacklist != null || starImportsBlacklist != null) {
- throw new IllegalArgumentException("You are not allowed to set both whitelist and blacklist");
+ public void setAllowedImports(final List<String> allowedImports) {
+ if (disallowedImports != null || disallowedStarImports != null) {
+ throw new IllegalArgumentException("You are not allowed to set both an allowed list and a disallowed list");
}
- this.importsWhitelist = importsWhitelist;
+ this.allowedImports = allowedImports;
+ }
+
+ /**
+ * Legacy alias for {@link #setAllowedImports(List)}
+ */
+ public void setImportsWhitelist(final List<String> allowedImports) {
+ setAllowedImports(allowedImports);
+ }
+
+ public List<String> getDisallowedStarImports() {
+ return disallowedStarImports;
}
+ /**
+ * Legacy alias for {@link #getDisallowedStarImports()}
+ */
public List<String> getStarImportsBlacklist() {
- return starImportsBlacklist;
+ return getDisallowedStarImports();
}
- public void setStarImportsBlacklist(final List<String> starImportsBlacklist) {
- if (importsWhitelist != null || starImportsWhitelist != null) {
- throw new IllegalArgumentException("You are not allowed to set both whitelist and blacklist");
+ public void setDisallowedStarImports(final List<String> disallowedStarImports) {
+ if (allowedImports != null || allowedStarImports != null) {
+ throw new IllegalArgumentException("You are not allowed to set both an allowed list and a disallowed list");
}
- this.starImportsBlacklist = normalizeStarImports(starImportsBlacklist);
- if (this.importsBlacklist == null) importsBlacklist = Collections.emptyList();
+ this.disallowedStarImports = normalizeStarImports(disallowedStarImports);
+ if (this.disallowedImports == null) disallowedImports = Collections.emptyList();
}
+ /**
+ * Legacy alias for {@link #setDisallowedStarImports(List)}
+ */
+ public void setStarImportsBlacklist(final List<String> disallowedStarImports) {
+ setDisallowedStarImports(disallowedStarImports);
+ }
+
+ public List<String> getAllowedStarImports() {
+ return allowedStarImports;
+ }
+
+ /**
+ * Legacy alias for {@link #getAllowedStarImports()}
+ */
public List<String> getStarImportsWhitelist() {
- return starImportsWhitelist;
+ return getAllowedStarImports();
}
- public void setStarImportsWhitelist(final List<String> starImportsWhitelist) {
- if (importsBlacklist != null || starImportsBlacklist != null) {
- throw new IllegalArgumentException("You are not allowed to set both whitelist and blacklist");
+ public void setAllowedStarImports(final List<String> allowedStarImports) {
+ if (disallowedImports != null || disallowedStarImports != null) {
+ throw new IllegalArgumentException("You are not allowed to set both an allowed list and a disallowed list");
}
- this.starImportsWhitelist = normalizeStarImports(starImportsWhitelist);
- if (this.importsWhitelist == null) importsWhitelist = Collections.emptyList();
+ this.allowedStarImports = normalizeStarImports(allowedStarImports);
+ if (this.allowedImports == null) allowedImports = Collections.emptyList();
+ }
+
+ /**
+ * Legacy alias for {@link #setAllowedStarImports(List)}
+ */
+ public void setStarImportsWhitelist(final List<String> allowedStarImports) {
+ setAllowedStarImports(allowedStarImports);
}
private static List<String> normalizeStarImports(List<String> starImports) {
@@ -317,98 +377,206 @@ public class SecureASTCustomizer extends CompilationCustomizer {
return Collections.unmodifiableList(result);
}
+ public List<String> getDisallowedStaticImports() {
+ return disallowedStaticImports;
+ }
+
+ /**
+ * Legacy alias for {@link #getDisallowedStaticImports()}
+ */
public List<String> getStaticImportsBlacklist() {
- return staticImportsBlacklist;
+ return getDisallowedStaticImports();
}
- public void setStaticImportsBlacklist(final List<String> staticImportsBlacklist) {
- if (staticImportsWhitelist != null || staticStarImportsWhitelist != null) {
- throw new IllegalArgumentException("You are not allowed to set both whitelist and blacklist");
+ public void setDisallowedStaticImports(final List<String> disallowedStaticImports) {
+ if (allowedStaticImports != null || allowedStaticStarImports != null) {
+ throw new IllegalArgumentException("You are not allowed to set both an allowed list and a disallowed list");
}
- this.staticImportsBlacklist = staticImportsBlacklist;
+ this.disallowedStaticImports = disallowedStaticImports;
+ }
+
+ /**
+ * Legacy alias for {@link #setDisallowedStaticImports(List)}
+ */
+ public void setStaticImportsBlacklist(final List<String> disallowedStaticImports) {
+ setDisallowedStaticImports(disallowedStaticImports);
}
+ public List<String> getAllowedStaticImports() {
+ return allowedStaticImports;
+ }
+
+ /**
+ * Legacy alias for {@link #getAllowedStaticImports()}
+ */
public List<String> getStaticImportsWhitelist() {
- return staticImportsWhitelist;
+ return getAllowedStaticImports();
}
- public void setStaticImportsWhitelist(final List<String> staticImportsWhitelist) {
- if (staticImportsBlacklist != null || staticStarImportsBlacklist != null) {
- throw new IllegalArgumentException("You are not allowed to set both whitelist and blacklist");
+ public void setAllowedStaticImports(final List<String> allowedStaticImports) {
+ if (disallowedStaticImports != null || disallowedStaticStarImports != null) {
+ throw new IllegalArgumentException("You are not allowed to set both an allowed list and a disallowed list");
}
- this.staticImportsWhitelist = staticImportsWhitelist;
+ this.allowedStaticImports = allowedStaticImports;
+ }
+
+ /**
+ * Legacy alias for {@link #setAllowedStaticImports(List)}
+ */
+ public void setStaticImportsWhitelist(final List<String> allowedStaticImports) {
+ setAllowedStaticImports(allowedStaticImports);
+ }
+
+ public List<String> getDisallowedStaticStarImports() {
+ return disallowedStaticStarImports;
}
+ /**
+ * Legacy alias for {@link #getDisallowedStaticStarImports()}
+ */
public List<String> getStaticStarImportsBlacklist() {
- return staticStarImportsBlacklist;
+ return getDisallowedStaticStarImports();
}
- public void setStaticStarImportsBlacklist(final List<String> staticStarImportsBlacklist) {
- if (staticImportsWhitelist != null || staticStarImportsWhitelist != null) {
- throw new IllegalArgumentException("You are not allowed to set both whitelist and blacklist");
+ public void setDisallowedStaticStarImports(final List<String> disallowedStaticStarImports) {
+ if (allowedStaticImports != null || allowedStaticStarImports != null) {
+ throw new IllegalArgumentException("You are not allowed to set both an allowed list and a disallowed list");
}
- this.staticStarImportsBlacklist = normalizeStarImports(staticStarImportsBlacklist);
- if (this.staticImportsBlacklist == null) this.staticImportsBlacklist = Collections.emptyList();
+ this.disallowedStaticStarImports = normalizeStarImports(disallowedStaticStarImports);
+ if (this.disallowedStaticImports == null) this.disallowedStaticImports = Collections.emptyList();
+ }
+
+ /**
+ * Legacy alias for {@link #setDisallowedStaticStarImports(List)}
+ */
+ public void setStaticStarImportsBlacklist(final List<String> disallowedStaticStarImports) {
+ setDisallowedStaticStarImports(disallowedStaticStarImports);
+ }
+
+ public List<String> getAllowedStaticStarImports() {
+ return allowedStaticStarImports;
}
+ /**
+ * Legacy alias for {@link #getAllowedStaticStarImports()}
+ */
public List<String> getStaticStarImportsWhitelist() {
- return staticStarImportsWhitelist;
+ return getAllowedStaticStarImports();
}
- public void setStaticStarImportsWhitelist(final List<String> staticStarImportsWhitelist) {
- if (staticImportsBlacklist != null || staticStarImportsBlacklist != null) {
- throw new IllegalArgumentException("You are not allowed to set both whitelist and blacklist");
+ public void setAllowedStaticStarImports(final List<String> allowedStaticStarImports) {
+ if (disallowedStaticImports != null || disallowedStaticStarImports != null) {
+ throw new IllegalArgumentException("You are not allowed to set both an allowed list and a disallowed list");
}
- this.staticStarImportsWhitelist = normalizeStarImports(staticStarImportsWhitelist);
- if (this.staticImportsWhitelist == null) this.staticImportsWhitelist = Collections.emptyList();
+ this.allowedStaticStarImports = normalizeStarImports(allowedStaticStarImports);
+ if (this.allowedStaticImports == null) this.allowedStaticImports = Collections.emptyList();
}
+ /**
+ * Legacy alias for {@link #setAllowedStaticStarImports(List)}
+ */
+ public void setStaticStarImportsWhitelist(final List<String> allowedStaticStarImports) {
+ setAllowedStaticStarImports(allowedStaticStarImports);
+ }
+
+ public List<Class<? extends Expression>> getDisallowedExpressions() {
+ return disallowedExpressions;
+ }
+
+ /**
+ * Legacy alias for {@link #getDisallowedExpressions()}
+ */
public List<Class<? extends Expression>> getExpressionsBlacklist() {
- return expressionsBlacklist;
+ return getDisallowedExpressions();
}
- public void setExpressionsBlacklist(final List<Class<? extends Expression>> expressionsBlacklist) {
- if (expressionsWhitelist != null) {
- throw new IllegalArgumentException("You are not allowed to set both whitelist and blacklist");
+ public void setDisallowedExpressions(final List<Class<? extends Expression>> disallowedExpressions) {
+ if (allowedExpressions != null) {
+ throw new IllegalArgumentException("You are not allowed to set both an allowed list and a disallowed list");
}
- this.expressionsBlacklist = expressionsBlacklist;
+ this.disallowedExpressions = disallowedExpressions;
+ }
+
+ /**
+ * Legacy alias for {@link #setDisallowedExpressions(List)}
+ */
+ public void setExpressionsBlacklist(final List<Class<? extends Expression>> disallowedExpressions) {
+ setDisallowedExpressions(disallowedExpressions);
}
+ public List<Class<? extends Expression>> getAllowedExpressions() {
+ return allowedExpressions;
+ }
+
+ /**
+ * Legacy alias for {@link #getAllowedExpressions()}
+ */
public List<Class<? extends Expression>> getExpressionsWhitelist() {
- return expressionsWhitelist;
+ return getAllowedExpressions();
}
- public void setExpressionsWhitelist(final List<Class<? extends Expression>> expressionsWhitelist) {
- if (expressionsBlacklist != null) {
- throw new IllegalArgumentException("You are not allowed to set both whitelist and blacklist");
+ public void setAllowedExpressions(final List<Class<? extends Expression>> allowedExpressions) {
+ if (disallowedExpressions != null) {
+ throw new IllegalArgumentException("You are not allowed to set both an allowed list and a disallowed list");
}
- this.expressionsWhitelist = expressionsWhitelist;
+ this.allowedExpressions = allowedExpressions;
+ }
+
+ /**
+ * Legacy alias for {@link #setAllowedExpressions(List)}
+ */
+ public void setExpressionsWhitelist(final List<Class<? extends Expression>> allowedExpressions) {
+ setAllowedExpressions(allowedExpressions);
}
+ public List<Class<? extends Statement>> getDisallowedStatements() {
+ return disallowedStatements;
+ }
+
+ /**
+ * Legacy alias for {@link #getDisallowedStatements()}
+ */
public List<Class<? extends Statement>> getStatementsBlacklist() {
- return statementsBlacklist;
+ return getDisallowedStatements();
}
- public void setStatementsBlacklist(final List<Class<? extends Statement>> statementsBlacklist) {
- if (statementsWhitelist != null) {
- throw new IllegalArgumentException("You are not allowed to set both whitelist and blacklist");
+ public void setDisallowedStatements(final List<Class<? extends Statement>> disallowedStatements) {
+ if (allowedStatements != null) {
+ throw new IllegalArgumentException("You are not allowed to set both an allowed list and a disallowed list");
}
- this.statementsBlacklist = statementsBlacklist;
+ this.disallowedStatements = disallowedStatements;
+ }
+
+ /**
+ * Legacy alias for {@link #setDisallowedStatements(List)}
+ */
+ public void setStatementsBlacklist(final List<Class<? extends Statement>> disallowedStatements) {
+ setDisallowedStatements(disallowedStatements);
+ }
+
+ public List<Class<? extends Statement>> getAllowedStatements() {
+ return allowedStatements;
}
+ /**
+ * Legacy alias for {@link #getAllowedStatements()}
+ */
public List<Class<? extends Statement>> getStatementsWhitelist() {
- return statementsWhitelist;
+ return getAllowedStatements();
}
- public void setStatementsWhitelist(final List<Class<? extends Statement>> statementsWhitelist) {
- if (statementsBlacklist != null) {
- throw new IllegalArgumentException("You are not allowed to set both whitelist and blacklist");
+ public void setAllowedStatements(final List<Class<? extends Statement>> allowedStatements) {
+ if (disallowedStatements != null) {
+ throw new IllegalArgumentException("You are not allowed to set both an allowed list and a disallowed list");
}
- this.statementsWhitelist = statementsWhitelist;
+ this.allowedStatements = allowedStatements;
}
- public List<Integer> getTokensBlacklist() {
- return tokensBlacklist;
+ /**
+ * Legacy alias for {@link #setAllowedStatements(List)}
+ */
+ public void setStatementsWhitelist(final List<Class<? extends Statement>> allowedStatements) {
+ setAllowedStatements(allowedStatements);
}
public boolean isIndirectImportCheckEnabled() {
@@ -426,32 +594,64 @@ public class SecureASTCustomizer extends CompilationCustomizer {
isIndirectImportCheckEnabled = indirectImportCheckEnabled;
}
+ public List<Integer> getDisallowedTokens() {
+ return disallowedTokens;
+ }
+
+ /**
+ * Legacy alias for {@link #getDisallowedTokens()}
+ */
+ public List<Integer> getTokensBlacklist() {
+ return getDisallowedTokens();
+ }
+
/**
- * Sets the list of tokens which are blacklisted.
+ * Sets the list of tokens which are not permitted.
*
- * @param tokensBlacklist the tokens. The values of the tokens must be those of {@link org.codehaus.groovy.syntax.Types}
+ * @param disallowedTokens the tokens. The values of the tokens must be those of {@link org.codehaus.groovy.syntax.Types}
*/
- public void setTokensBlacklist(final List<Integer> tokensBlacklist) {
- if (tokensWhitelist != null) {
- throw new IllegalArgumentException("You are not allowed to set both whitelist and blacklist");
+ public void setDisallowedTokens(final List<Integer> disallowedTokens) {
+ if (allowedTokens != null) {
+ throw new IllegalArgumentException("You are not allowed to set both an allowed list and a disallowed list");
}
- this.tokensBlacklist = tokensBlacklist;
+ this.disallowedTokens = disallowedTokens;
+ }
+
+ /**
+ * Alias for {@link #setDisallowedTokens(List)}.
+ */
+ public void setTokensBlacklist(final List<Integer> disallowedTokens) {
+ setDisallowedTokens(disallowedTokens);
+ }
+
+ public List<Integer> getAllowedTokens() {
+ return allowedTokens;
}
+ /**
+ * Legacy alias for {@link #getAllowedTokens()}
+ */
public List<Integer> getTokensWhitelist() {
- return tokensWhitelist;
+ return getAllowedTokens();
}
/**
- * Sets the list of tokens which are whitelisted.
+ * Sets the list of tokens which are permitted.
*
- * @param tokensWhitelist the tokens. The values of the tokens must be those of {@link org.codehaus.groovy.syntax.Types}
+ * @param allowedTokens the tokens. The values of the tokens must be those of {@link org.codehaus.groovy.syntax.Types}
*/
- public void setTokensWhitelist(final List<Integer> tokensWhitelist) {
- if (tokensBlacklist != null) {
- throw new IllegalArgumentException("You are not allowed to set both whitelist and blacklist");
+ public void setAllowedTokens(final List<Integer> allowedTokens) {
+ if (disallowedTokens != null) {
+ throw new IllegalArgumentException("You are not allowed to set both an allowed list and a disallowed list");
}
- this.tokensWhitelist = tokensWhitelist;
+ this.allowedTokens = allowedTokens;
+ }
+
+ /**
+ * Legacy alias for {@link #setAllowedTokens(List)}
+ */
+ public void setTokensWhitelist(final List<Integer> allowedTokens) {
+ setAllowedTokens(allowedTokens);
}
public void addStatementCheckers(StatementChecker... checkers) {
@@ -462,120 +662,200 @@ public class SecureASTCustomizer extends CompilationCustomizer {
expressionCheckers.addAll(Arrays.asList(checkers));
}
+ public List<String> getDisallowedConstantTypes() {
+ return disallowedConstantTypes;
+ }
+
+ /**
+ * Legacy alias for {@link #getDisallowedConstantTypes()}
+ */
public List<String> getConstantTypesBlackList() {
- return constantTypesBlackList;
+ return getDisallowedConstantTypes();
}
public void setConstantTypesBlackList(final List<String> constantTypesBlackList) {
- if (constantTypesWhiteList != null) {
- throw new IllegalArgumentException("You are not allowed to set both whitelist and blacklist");
+ if (allowedConstantTypes != null) {
+ throw new IllegalArgumentException("You are not allowed to set both an allowed list and a disallowed list");
}
- this.constantTypesBlackList = constantTypesBlackList;
+ this.disallowedConstantTypes = constantTypesBlackList;
+ }
+
+ public List<String> getAllowedConstantTypes() {
+ return allowedConstantTypes;
}
+ /**
+ * Legacy alias for {@link #getAllowedStatements()}
+ */
public List<String> getConstantTypesWhiteList() {
- return constantTypesWhiteList;
+ return getAllowedConstantTypes();
}
- public void setConstantTypesWhiteList(final List<String> constantTypesWhiteList) {
- if (constantTypesBlackList != null) {
- throw new IllegalArgumentException("You are not allowed to set both whitelist and blacklist");
+ public void setAllowedConstantTypes(final List<String> allowedConstantTypes) {
+ if (disallowedConstantTypes != null) {
+ throw new IllegalArgumentException("You are not allowed to set both an allowed list and a disallowed list");
}
- this.constantTypesWhiteList = constantTypesWhiteList;
+ this.allowedConstantTypes = allowedConstantTypes;
+ }
+
+ /**
+ * Legacy alias for {@link #setAllowedConstantTypes(List)}
+ */
+ public void setConstantTypesWhiteList(final List<String> allowedConstantTypes) {
+ setAllowedConstantTypes(allowedConstantTypes);
}
/**
* An alternative way of setting constant types.
*
- * @param constantTypesWhiteList a list of classes.
+ * @param allowedConstantTypes a list of classes.
*/
- public void setConstantTypesClassesWhiteList(final List<Class> constantTypesWhiteList) {
+ public void setAllowedConstantTypesClasses(final List<Class> allowedConstantTypes) {
List<String> values = new LinkedList<>();
- for (Class aClass : constantTypesWhiteList) {
+ for (Class aClass : allowedConstantTypes) {
values.add(aClass.getName());
}
setConstantTypesWhiteList(values);
}
/**
+ * Legacy alias for {@link #setAllowedConstantTypesClasses(List)}
+ */
+ public void setConstantTypesClassesWhiteList(final List<Class> allowedConstantTypes) {
+ setAllowedConstantTypesClasses(allowedConstantTypes);
+ }
+
+ /**
* An alternative way of setting constant types.
*
- * @param constantTypesBlackList a list of classes.
+ * @param disallowedConstantTypes a list of classes.
*/
- public void setConstantTypesClassesBlackList(final List<Class> constantTypesBlackList) {
+ public void setDisallowedConstantTypesClasses(final List<Class> disallowedConstantTypes) {
List<String> values = new LinkedList<>();
- for (Class aClass : constantTypesBlackList) {
+ for (Class aClass : disallowedConstantTypes) {
values.add(aClass.getName());
}
setConstantTypesBlackList(values);
}
+ /**
+ * Legacy alias for {@link #setDisallowedConstantTypesClasses(List)}
+ */
+ public void setConstantTypesClassesBlackList(final List<Class> disallowedConstantTypes) {
+ setDisallowedConstantTypesClasses(disallowedConstantTypes);
+ }
+
+ public List<String> getDisallowedReceivers() {
+ return disallowedReceivers;
+ }
+
+ /**
+ * Legacy alias for {@link #getDisallowedReceivers()}
+ */
public List<String> getReceiversBlackList() {
- return receiversBlackList;
+ return getDisallowedReceivers();
}
/**
* Sets the list of classes which deny method calls.
*
* Please note that since Groovy is a dynamic language, and
- * this class performs a static type check, it will be reletively
- * simple to bypass any blacklist unless the receivers blacklist contains, at
+ * this class performs a static type check, it will be relatively
+ * simple to bypass any disallowed list unless the receivers disallowed list contains, at
* a minimum, Object, Script, GroovyShell, and Eval. Additionally,
- * it is necessary to also blacklist MethodPointerExpression in the
- * expressions blacklist for the receivers blacklist to function
+ * it is necessary to also have MethodPointerExpression in the
+ * disallowed expressions list for the receivers disallowed list to function
* as a security check.
*
- * @param receiversBlackList the list of refused classes, as fully qualified names
+ * @param disallowedReceivers the list of refused classes, as fully qualified names
*/
- public void setReceiversBlackList(final List<String> receiversBlackList) {
- if (receiversWhiteList != null) {
- throw new IllegalArgumentException("You are not allowed to set both whitelist and blacklist");
+ public void setDisallowedReceivers(final List<String> disallowedReceivers) {
+ if (allowedReceivers != null) {
+ throw new IllegalArgumentException("You are not allowed to set both an allowed list and a disallowed list");
}
- this.receiversBlackList = receiversBlackList;
+ this.disallowedReceivers = disallowedReceivers;
}
/**
- * An alternative way of setting {@link #setReceiversBlackList(java.util.List) receiver classes}.
+ * Legacy alias for {@link #setDisallowedReceivers(List)}
+ */
+ public void setReceiversBlackList(final List<String> disallowedReceivers) {
+ setDisallowedReceivers(disallowedReceivers);
+ }
+
+ /**
+ * An alternative way of setting {@link #setDisallowedReceivers(java.util.List) receiver classes}.
*
- * @param receiversBlacklist a list of classes.
+ * @param disallowedReceivers a list of classes.
*/
- public void setReceiversClassesBlackList(final List<Class> receiversBlacklist) {
+ public void setDisallowedReceiversClasses(final List<Class> disallowedReceivers) {
List<String> values = new LinkedList<>();
- for (Class aClass : receiversBlacklist) {
+ for (Class aClass : disallowedReceivers) {
values.add(aClass.getName());
}
setReceiversBlackList(values);
}
+ /**
+ * Legacy alias for {@link #setDisallowedReceiversClasses(List)}.
+ */
+ public void setReceiversClassesBlackList(final List<Class> disallowedReceivers) {
+ setDisallowedReceiversClasses(disallowedReceivers);
+ }
+
+ public List<String> getAllowedReceivers() {
+ return allowedReceivers;
+ }
+
+ /**
+ * Legacy alias for {@link #getAllowedReceivers()}
+ */
public List<String> getReceiversWhiteList() {
- return receiversWhiteList;
+ return getAllowedReceivers();
}
/**
* Sets the list of classes which may accept method calls.
*
- * @param receiversWhiteList the list of accepted classes, as fully qualified names
+ * @param allowedReceivers the list of accepted classes, as fully qualified names
*/
- public void setReceiversWhiteList(final List<String> receiversWhiteList) {
- if (receiversBlackList != null) {
- throw new IllegalArgumentException("You are not allowed to set both whitelist and blacklist");
+ public void setAllowedReceivers(final List<String> allowedReceivers) {
+ if (disallowedReceivers != null) {
+ throw new IllegalArgumentException("You are not allowed to set both an allowed list and a disallowed list");
}
- this.receiversWhiteList = receiversWhiteList;
+ this.allowedReceivers = allowedReceivers;
+ }
+
+ /**
+ * Legacy alias for {@link #setAllowedReceivers(List)}
+ */
+ public void setReceiversWhiteList(final List<String> allowedReceivers) {
+ if (disallowedReceivers != null) {
+ throw new IllegalArgumentException("You are not allowed to set both an allowed list and a disallowed list");
+ }
+ this.allowedReceivers = allowedReceivers;
}
/**
* An alternative way of setting {@link #setReceiversWhiteList(java.util.List) receiver classes}.
*
- * @param receiversWhitelist a list of classes.
+ * @param allowedReceivers a list of classes.
*/
- public void setReceiversClassesWhiteList(final List<Class> receiversWhitelist) {
+ public void setAllowedReceiversClasses(final List<Class> allowedReceivers) {
List<String> values = new LinkedList<>();
- for (Class aClass : receiversWhitelist) {
+ for (Class aClass : allowedReceivers) {
values.add(aClass.getName());
}
setReceiversWhiteList(values);
}
+ /**
+ * Legacy alias for {@link #setAllowedReceiversClasses(List)}
+ */
+ public void setReceiversClassesWhiteList(final List<Class> allowedReceivers) {
+ setAllowedReceiversClasses(allowedReceivers);
+ }
+
@Override
public void call(final SourceUnit source, final GeneratorContext context, final ClassNode classNode) throws CompilationFailedException {
ModuleNode ast = source.getAST();
@@ -585,7 +865,7 @@ public class SecureASTCustomizer extends CompilationCustomizer {
checkMethodDefinitionAllowed(classNode);
// verify imports
- if (importsBlacklist != null || importsWhitelist != null || starImportsBlacklist != null || starImportsWhitelist != null) {
+ if (disallowedImports != null || allowedImports != null || disallowedStarImports != null || allowedStarImports != null) {
for (ImportNode importNode : ast.getImports()) {
assertImportIsAllowed(importNode.getClassName());
}
@@ -595,7 +875,7 @@ public class SecureASTCustomizer extends CompilationCustomizer {
}
// verify static imports
- if (staticImportsBlacklist != null || staticImportsWhitelist != null || staticStarImportsBlacklist != null || staticStarImportsWhitelist != null) {
+ if (disallowedStaticImports != null || allowedStaticImports != null || disallowedStaticStarImports != null || allowedStaticStarImports != null) {
for (Map.Entry<String, ImportNode> entry : ast.getStaticImports().entrySet()) {
final String className = entry.getValue().getClassName();
assertStaticImportIsAllowed(entry.getKey(), className);
@@ -652,37 +932,37 @@ public class SecureASTCustomizer extends CompilationCustomizer {
}
protected void assertStarImportIsAllowed(final String packageName) {
- if (starImportsWhitelist != null && !(starImportsWhitelist.contains(packageName)
- || starImportsWhitelist.stream().filter(it -> it.endsWith(".")).anyMatch(packageName::startsWith))) {
+ if (allowedStarImports != null && !(allowedStarImports.contains(packageName)
+ || allowedStarImports.stream().filter(it -> it.endsWith(".")).anyMatch(packageName::startsWith))) {
throw new SecurityException("Importing [" + packageName + "] is not allowed");
}
- if (starImportsBlacklist != null && (starImportsBlacklist.contains(packageName)
- || starImportsBlacklist.stream().filter(it -> it.endsWith(".")).anyMatch(packageName::startsWith))) {
+ if (disallowedStarImports != null && (disallowedStarImports.contains(packageName)
+ || disallowedStarImports.stream().filter(it -> it.endsWith(".")).anyMatch(packageName::startsWith))) {
throw new SecurityException("Importing [" + packageName + "] is not allowed");
}
}
protected void assertImportIsAllowed(final String className) {
- if (importsWhitelist != null || starImportsWhitelist != null) {
- if (importsWhitelist != null && importsWhitelist.contains(className)) {
+ if (allowedImports != null || allowedStarImports != null) {
+ if (allowedImports != null && allowedImports.contains(className)) {
return;
}
- if (starImportsWhitelist != null) {
+ if (allowedStarImports != null) {
String packageName = getWildCardImport(className);
- if (starImportsWhitelist.contains(packageName)
- || starImportsWhitelist.stream().filter(it -> it.endsWith(".")).anyMatch(packageName::startsWith)) {
+ if (allowedStarImports.contains(packageName)
+ || allowedStarImports.stream().filter(it -> it.endsWith(".")).anyMatch(packageName::startsWith)) {
return;
}
}
throw new SecurityException("Importing [" + className + "] is not allowed");
} else {
- if (importsBlacklist != null && importsBlacklist.contains(className)) {
+ if (disallowedImports != null && disallowedImports.contains(className)) {
throw new SecurityException("Importing [" + className + "] is not allowed");
}
- if (starImportsBlacklist != null) {
+ if (disallowedStarImports != null) {
String packageName = getWildCardImport(className);
- if (starImportsBlacklist.contains(packageName) ||
- starImportsBlacklist.stream().filter(it -> it.endsWith(".")).anyMatch(packageName::startsWith)) {
+ if (disallowedStarImports.contains(packageName) ||
+ disallowedStarImports.stream().filter(it -> it.endsWith(".")).anyMatch(packageName::startsWith)) {
throw new SecurityException("Importing [" + className + "] is not allowed");
}
}
@@ -695,26 +975,26 @@ public class SecureASTCustomizer extends CompilationCustomizer {
protected void assertStaticImportIsAllowed(final String member, final String className) {
final String fqn = member.equals(className) ? member : className + "." + member;
- if (staticImportsWhitelist != null && !staticImportsWhitelist.contains(fqn)) {
- if (staticStarImportsWhitelist != null) {
+ if (allowedStaticImports != null && !allowedStaticImports.contains(fqn)) {
+ if (allowedStaticStarImports != null) {
// we should now check if the import is in the star imports
String packageName = getWildCardImport(className);
- if (!staticStarImportsWhitelist.contains(className + ".*")
- && staticStarImportsWhitelist.stream().filter(it -> it.endsWith(".")).noneMatch(packageName::startsWith)) {
+ if (!allowedStaticStarImports.contains(className + ".*")
+ && allowedStaticStarImports.stream().filter(it -> it.endsWith(".")).noneMatch(packageName::startsWith)) {
throw new SecurityException("Importing [" + fqn + "] is not allowed");
}
} else {
throw new SecurityException("Importing [" + fqn + "] is not allowed");
}
}
- if (staticImportsBlacklist != null && staticImportsBlacklist.contains(fqn)) {
+ if (disallowedStaticImports != null && disallowedStaticImports.contains(fqn)) {
throw new SecurityException("Importing [" + fqn + "] is not allowed");
}
// check that there's no star import blacklist
- if (staticStarImportsBlacklist != null) {
+ if (disallowedStaticStarImports != null) {
String packageName = getWildCardImport(className);
- if (staticStarImportsBlacklist.contains(className + ".*")
- || staticStarImportsBlacklist.stream().filter(it -> it.endsWith(".")).anyMatch(packageName::startsWith)) {
+ if (disallowedStaticStarImports.contains(className + ".*")
+ || disallowedStaticStarImports.stream().filter(it -> it.endsWith(".")).anyMatch(packageName::startsWith)) {
throw new SecurityException("Importing [" + fqn + "] is not allowed");
}
}
@@ -728,16 +1008,16 @@ public class SecureASTCustomizer extends CompilationCustomizer {
protected class SecuringCodeVisitor implements GroovyCodeVisitor {
/**
- * Checks that a given statement is either in the whitelist or not in the blacklist.
+ * Checks that a given statement is either in the allowed list or not in the disallowed list.
*
* @param statement the statement to be checked
* @throws SecurityException if usage of this statement class is forbidden
*/
protected void assertStatementAuthorized(final Statement statement) throws SecurityException {
final Class<? extends Statement> clazz = statement.getClass();
- if (statementsBlacklist != null && statementsBlacklist.contains(clazz)) {
+ if (disallowedStatements != null && disallowedStatements.contains(clazz)) {
throw new SecurityException(clazz.getSimpleName() + "s are not allowed");
- } else if (statementsWhitelist != null && !statementsWhitelist.contains(clazz)) {
+ } else if (allowedStatements != null && !allowedStatements.contains(clazz)) {
throw new SecurityException(clazz.getSimpleName() + "s are not allowed");
}
for (StatementChecker statementChecker : statementCheckers) {
@@ -748,16 +1028,16 @@ public class SecureASTCustomizer extends CompilationCustomizer {
}
/**
- * Checks that a given expression is either in the whitelist or not in the blacklist.
+ * Checks that a given expression is either in the allowed list or not in the disallowed list.
*
* @param expression the expression to be checked
* @throws SecurityException if usage of this expression class is forbidden
*/
protected void assertExpressionAuthorized(final Expression expression) throws SecurityException {
final Class<? extends Expression> clazz = expression.getClass();
- if (expressionsBlacklist != null && expressionsBlacklist.contains(clazz)) {
+ if (disallowedExpressions != null && disallowedExpressions.contains(clazz)) {
throw new SecurityException(clazz.getSimpleName() + "s are not allowed: " + expression.getText());
- } else if (expressionsWhitelist != null && !expressionsWhitelist.contains(clazz)) {
+ } else if (allowedExpressions != null && !allowedExpressions.contains(clazz)) {
throw new SecurityException(clazz.getSimpleName() + "s are not allowed: " + expression.getText());
}
for (ExpressionChecker expressionChecker : expressionCheckers) {
@@ -797,16 +1077,16 @@ public class SecureASTCustomizer extends CompilationCustomizer {
}
/**
- * Checks that a given token is either in the whitelist or not in the blacklist.
+ * Checks that a given token is either in the allowed list or not in the disallowed list.
*
* @param token the token to be checked
* @throws SecurityException if usage of this token is forbidden
*/
protected void assertTokenAuthorized(final Token token) throws SecurityException {
final int value = token.getType();
- if (tokensBlacklist != null && tokensBlacklist.contains(value)) {
+ if (disallowedTokens != null && disallowedTokens.contains(value)) {
throw new SecurityException("Token " + token + " is not allowed");
- } else if (tokensWhitelist != null && !tokensWhitelist.contains(value)) {
+ } else if (allowedTokens != null && !allowedTokens.contains(value)) {
throw new SecurityException("Token " + token + " is not allowed");
}
}
@@ -933,9 +1213,9 @@ public class SecureASTCustomizer extends CompilationCustomizer {
assertExpressionAuthorized(call);
Expression receiver = call.getObjectExpression();
final String typeName = receiver.getType().getName();
- if (receiversWhiteList != null && !receiversWhiteList.contains(typeName)) {
+ if (allowedReceivers != null && !allowedReceivers.contains(typeName)) {
throw new SecurityException("Method calls not allowed on [" + typeName + "]");
- } else if (receiversBlackList != null && receiversBlackList.contains(typeName)) {
+ } else if (disallowedReceivers != null && disallowedReceivers.contains(typeName)) {
throw new SecurityException("Method calls not allowed on [" + typeName + "]");
}
receiver.visit(this);
@@ -948,9 +1228,9 @@ public class SecureASTCustomizer extends CompilationCustomizer {
public void visitStaticMethodCallExpression(final StaticMethodCallExpression call) {
assertExpressionAuthorized(call);
final String typeName = call.getOwnerType().getName();
- if (receiversWhiteList != null && !receiversWhiteList.contains(typeName)) {
+ if (allowedReceivers != null && !allowedReceivers.contains(typeName)) {
throw new SecurityException("Method calls not allowed on [" + typeName + "]");
- } else if (receiversBlackList != null && receiversBlackList.contains(typeName)) {
+ } else if (disallowedReceivers != null && disallowedReceivers.contains(typeName)) {
throw new SecurityException("Method calls not allowed on [" + typeName + "]");
}
call.getArguments().visit(this);
@@ -1053,9 +1333,9 @@ public class SecureASTCustomizer extends CompilationCustomizer {
assertExpressionAuthorized(expression);
Expression receiver = expression.getObjectExpression();
final String typeName = receiver.getType().getName();
- if (receiversWhiteList != null && !receiversWhiteList.contains(typeName)) {
+ if (allowedReceivers != null && !allowedReceivers.contains(typeName)) {
throw new SecurityException("Property access not allowed on [" + typeName + "]");
- } else if (receiversBlackList != null && receiversBlackList.contains(typeName)) {
+ } else if (disallowedReceivers != null && disallowedReceivers.contains(typeName)) {
throw new SecurityException("Property access not allowed on [" + typeName + "]");
}
receiver.visit(this);
@@ -1078,9 +1358,9 @@ public class SecureASTCustomizer extends CompilationCustomizer {
assertExpressionAuthorized(expression);
Expression receiver = expression.getObjectExpression();
final String typeName = receiver.getType().getName();
- if (receiversWhiteList != null && !receiversWhiteList.contains(typeName)) {
+ if (allowedReceivers != null && !allowedReceivers.contains(typeName)) {
throw new SecurityException("Attribute access not allowed on [" + typeName + "]");
- } else if (receiversBlackList != null && receiversBlackList.contains(typeName)) {
+ } else if (disallowedReceivers != null && disallowedReceivers.contains(typeName)) {
throw new SecurityException("Attribute access not allowed on [" + typeName + "]");
}
receiver.visit(this);
@@ -1109,10 +1389,10 @@ public class SecureASTCustomizer extends CompilationCustomizer {
public void visitConstantExpression(final ConstantExpression expression) {
assertExpressionAuthorized(expression);
final String type = expression.getType().getName();
- if (constantTypesWhiteList != null && !constantTypesWhiteList.contains(type)) {
+ if (allowedConstantTypes != null && !allowedConstantTypes.contains(type)) {
throw new SecurityException("Constant expression type [" + type + "] is not allowed");
}
- if (constantTypesBlackList != null && constantTypesBlackList.contains(type)) {
+ if (disallowedConstantTypes != null && disallowedConstantTypes.contains(type)) {
throw new SecurityException("Constant expression type [" + type + "] is not allowed");
}
}
@@ -1126,10 +1406,10 @@ public class SecureASTCustomizer extends CompilationCustomizer {
public void visitVariableExpression(final VariableExpression expression) {
assertExpressionAuthorized(expression);
final String type = expression.getType().getName();
- if (constantTypesWhiteList != null && !constantTypesWhiteList.contains(type)) {
+ if (allowedConstantTypes != null && !allowedConstantTypes.contains(type)) {
throw new SecurityException("Usage of variables of type [" + type + "] is not allowed");
}
- if (constantTypesBlackList != null && constantTypesBlackList.contains(type)) {
+ if (disallowedConstantTypes != null && disallowedConstantTypes.contains(type)) {
throw new SecurityException("Usage of variables of type [" + type + "] is not allowed");
}
}
@@ -1216,7 +1496,7 @@ public class SecureASTCustomizer extends CompilationCustomizer {
}
/**
- * This interface allows the user to plugin custom expression checkers if expression blacklist or whitelist are not
+ * This interface allows the user to provide a custom expression checker if the dis/allowed expression lists are not
* sufficient
*/
@FunctionalInterface
@@ -1225,7 +1505,7 @@ public class SecureASTCustomizer extends CompilationCustomizer {
}
/**
- * This interface allows the user to plugin custom statement checkers if statement blacklist or whitelist are not
+ * This interface allows the user to provide a custom statement checker if the dis/allowed statement lists are not
* sufficient
*/
@FunctionalInterface
diff --git a/src/spec/doc/core-domain-specific-languages.adoc b/src/spec/doc/core-domain-specific-languages.adoc
index da2b67f..e2f74af 100644
--- a/src/spec/doc/core-domain-specific-languages.adoc
+++ b/src/spec/doc/core-domain-specific-languages.adoc
@@ -707,9 +707,10 @@ For a complete list of options, please refer to gapi:org.codehaus.groovy.control
=== Secure AST customizer
This customizer will allow the developer of a DSL to restrict the
-*grammar* of the language, to prevent users from using some constructs,
-for example. It is only ``secure'' in that sense only and it is very
-important to understand that it does *not* replace a security manager.
+*grammar* of the language, for example, to prevent users from using particular constructs.
+It is only ``secure'' in that one aspect, i.e. limiting the allowable constructs within a DSL.
+It does *not* replace a security manager which might additionally
+be needed as an orthogonal aspect of overall security.
The only reason for it to exist is to limit the expressiveness of the
language. This customizer only works at the AST (abstract syntax tree)
level, not at runtime! It can be strange at first glance, but it makes
@@ -727,12 +728,12 @@ allows arithmetic operations, but this customizer allows you to:
* restrict the tokens (grammar-wise) a user can use
* restrict the types of the constants that can be used in code
-For all those features, the secure AST customizer works using either a
-whitelist (list of elements that are allowed) *or* a blacklist (list of
-elements that are disallowed). For each type of feature (imports,
-tokens, …) you have the choice to use either a whitelist or a blacklist,
-but you can mix whitelists and blacklists for distinct features. In
-general, you will choose whitelists (disallow all, allow selected).
+For all those features, the secure AST customizer works using either an
+allowed list (list of elements that are permitted) *or* a disallowed list (list of
+elements that are not permitted). For each type of feature (imports,
+tokens, …) you have the choice to use either an allowed or disallowed list,
+but you can mix dis/allowed lists for distinct features. Typically,
+you will choose allowed lists (which permits only the constructs listed and disallows all others).
[source,groovy]
-------------------------------------------------------------------------------------
diff --git a/src/spec/test/CustomizersTest.groovy b/src/spec/test/CustomizersTest.groovy
index 6bf5fdf..ce355a9 100644
--- a/src/spec/test/CustomizersTest.groovy
+++ b/src/spec/test/CustomizersTest.groovy
@@ -108,12 +108,12 @@ class CustomizersTest extends GroovyTestCase {
scz.with {
closuresAllowed = false // user will not be able to write closures
methodDefinitionAllowed = false // user will not be able to define methods
- importsWhitelist = [] // empty whitelist means imports are disallowed
- staticImportsWhitelist = [] // same for static imports
- staticStarImportsWhitelist = ['java.lang.Math'] // only java.lang.Math is allowed
+ allowedImports = [] // empty allowed list means imports are disallowed
+ allowedStaticImports = [] // same for static imports
+ allowedStaticStarImports = ['java.lang.Math'] // only java.lang.Math is allowed
// the list of tokens the user can find
// constants are defined in org.codehaus.groovy.syntax.Types
- tokensWhitelist = [ // <1>
+ allowedTokens = [ // <1>
PLUS,
MINUS,
MULTIPLY,
@@ -130,7 +130,7 @@ class CustomizersTest extends GroovyTestCase {
COMPARE_GREATER_THAN_EQUAL,
].asImmutable()
// limit the types of constants that a user can define to number types only
- constantTypesClassesWhiteList = [ // <2>
+ allowedConstantTypesClasses = [ // <2>
Integer,
Float,
Long,
@@ -143,7 +143,7 @@ class CustomizersTest extends GroovyTestCase {
].asImmutable()
// method calls are only allowed if the receiver is of one of those types
// be careful, it's not a runtime type!
- receiversClassesWhiteList = [ // <2>
+ allowedReceiversClasses = [ // <2>
Math,
Integer,
Float,
diff --git a/src/test/org/codehaus/groovy/control/customizers/SecureASTCustomizerTest.groovy b/src/test/org/codehaus/groovy/control/customizers/SecureASTCustomizerTest.groovy
index 6feb2ba..973c00b 100644
--- a/src/test/org/codehaus/groovy/control/customizers/SecureASTCustomizerTest.groovy
+++ b/src/test/org/codehaus/groovy/control/customizers/SecureASTCustomizerTest.groovy
@@ -120,8 +120,8 @@ final class SecureASTCustomizerTest {
}
@Test
- void testExpressionWhiteList() {
- customizer.expressionsWhitelist = [BinaryExpression, ConstantExpression]
+ void testAllowedExpressions() {
+ customizer.allowedExpressions = [BinaryExpression, ConstantExpression]
def shell = new GroovyShell(configuration)
shell.evaluate('1+1')
assert hasSecurityException {
@@ -133,8 +133,8 @@ final class SecureASTCustomizerTest {
}
@Test
- void testExpressionBlackList() {
- customizer.expressionsBlacklist = [MethodCallExpression]
+ void testDisallowedExpressions() {
+ customizer.disallowedExpressions = [MethodCallExpression]
def shell = new GroovyShell(configuration)
shell.evaluate('1+1')
assert hasSecurityException {
@@ -148,8 +148,8 @@ final class SecureASTCustomizerTest {
}
@Test
- void testTokenWhiteList() {
- customizer.tokensWhitelist = [Types.PLUS, Types.MINUS]
+ void testAllowedTokens() {
+ customizer.allowedTokens = [Types.PLUS, Types.MINUS]
def shell = new GroovyShell(configuration)
shell.evaluate('1+1;1-1')
assert hasSecurityException {
@@ -160,8 +160,8 @@ final class SecureASTCustomizerTest {
}
@Test
- void testTokenBlackList() {
- customizer.tokensBlacklist = [Types.PLUS_PLUS]
+ void testDisallowedTokens() {
+ customizer.disallowedTokens = [Types.PLUS_PLUS]
def shell = new GroovyShell(configuration)
shell.evaluate('1+1;1-1')
assert hasSecurityException {
@@ -172,8 +172,8 @@ final class SecureASTCustomizerTest {
}
@Test
- void testImportWhiteList() {
- customizer.importsWhitelist = ['java.util.ArrayList']
+ void testAllowedImports() {
+ customizer.allowedImports = ['java.util.ArrayList']
def shell = new GroovyShell(configuration)
shell.evaluate('''
import java.util.ArrayList
@@ -188,8 +188,8 @@ final class SecureASTCustomizerTest {
}
@Test
- void testStarImportWhiteList1() {
- customizer.starImportsWhitelist = ['java.util.*']
+ void testAllowedStarImports1() {
+ customizer.allowedStarImports = ['java.util.*']
def shell = new GroovyShell(configuration)
shell.evaluate('''
import java.util.ArrayList
@@ -212,8 +212,8 @@ final class SecureASTCustomizerTest {
}
@Test
- void testStarImportWhiteList2() {
- customizer.starImportsWhitelist = ['java.**']
+ void testAllowedStarImports2() {
+ customizer.allowedStarImports = ['java.**']
def shell = new GroovyShell(configuration)
shell.evaluate('''
import java.lang.Object
@@ -236,9 +236,9 @@ final class SecureASTCustomizerTest {
}
@Test
- void testStarImportWhiteListWithImportWhiteList() {
- customizer.importsWhitelist = ['java.util.concurrent.atomic.AtomicInteger']
- customizer.starImportsWhitelist = ['java.util.*']
+ void testAllowedStarImportsWithAllowedImports() {
+ customizer.allowedImports = ['java.util.concurrent.atomic.AtomicInteger']
+ customizer.allowedStarImports = ['java.util.*']
def shell = new GroovyShell(configuration)
shell.evaluate('''
import java.util.ArrayList
@@ -257,8 +257,8 @@ final class SecureASTCustomizerTest {
}
@Test
- void testImportBlackList() {
- customizer.importsBlacklist = ['java.util.LinkedList']
+ void testDisallowedImports() {
+ customizer.disallowedImports = ['java.util.LinkedList']
def shell = new GroovyShell(configuration)
shell.evaluate('''
import java.util.ArrayList
@@ -273,8 +273,8 @@ final class SecureASTCustomizerTest {
}
@Test
- void testStarImportBlackList1() {
- customizer.starImportsBlacklist = ['java.lang.*']
+ void testDisallowedStarImports1() {
+ customizer.disallowedStarImports = ['java.lang.*']
def shell = new GroovyShell(configuration)
shell.evaluate('''
import java.util.LinkedList
@@ -291,8 +291,8 @@ final class SecureASTCustomizerTest {
}
@Test
- void testStarImportBlackList2() {
- customizer.starImportsBlacklist = ['java.**']
+ void testDisallowedStarImports2() {
+ customizer.disallowedStarImports = ['java.**']
def shell = new GroovyShell(configuration)
shell.evaluate('''
import javax.swing.Action
@@ -313,9 +313,9 @@ final class SecureASTCustomizerTest {
}
@Test
- void testStarImportBlackListWithImportBlackList() {
- customizer.importsBlacklist = ['java.util.concurrent.atomic.AtomicBoolean']
- customizer.starImportsBlacklist = ['java.util.*']
+ void testDisallowedStarImportsWithDisallowedImports() {
+ customizer.disallowedImports = ['java.util.concurrent.atomic.AtomicBoolean']
+ customizer.disallowedStarImports = ['java.util.*']
def shell = new GroovyShell(configuration)
assert hasSecurityException {
shell.evaluate('''
@@ -336,8 +336,8 @@ final class SecureASTCustomizerTest {
}
@Test
- void testIndirectImportWhiteList() {
- customizer.importsWhitelist = ['java.util.ArrayList']
+ void testAllowedIndirectImports() {
+ customizer.allowedImports = ['java.util.ArrayList']
customizer.indirectImportCheckEnabled = true
def shell = new GroovyShell(configuration)
shell.evaluate('''
@@ -357,8 +357,8 @@ final class SecureASTCustomizerTest {
}
@Test
- void testIndirectStarImportWhiteList() {
- customizer.starImportsWhitelist = ['java.util.*']
+ void testAllowedIndirectStarImports() {
+ customizer.allowedStarImports = ['java.util.*']
customizer.indirectImportCheckEnabled = true
def shell = new GroovyShell(configuration)
shell.evaluate('''
@@ -381,8 +381,8 @@ final class SecureASTCustomizerTest {
}
@Test
- void testStaticImportWhiteList() {
- customizer.staticImportsWhitelist = ['java.lang.Math.PI']
+ void testAllowedStaticImports() {
+ customizer.allowedStaticImports = ['java.lang.Math.PI']
def shell = new GroovyShell(configuration)
shell.evaluate('''
import static java.lang.Math.PI
@@ -398,8 +398,8 @@ final class SecureASTCustomizerTest {
}
@Test
- void testStaticStarImportWhiteList1() {
- customizer.staticStarImportsWhitelist = ['java.lang.Math.*']
+ void testAllowedStaticStarImports1() {
+ customizer.allowedStaticStarImports = ['java.lang.Math.*']
def shell = new GroovyShell(configuration)
shell.evaluate('''
import static java.lang.Math.PI
@@ -415,8 +415,8 @@ final class SecureASTCustomizerTest {
}
@Test
- void testStaticStarImportWhiteList2() {
- customizer.staticStarImportsWhitelist = ['java.lang.**']
+ void testAllowedStaticStarImports2() {
+ customizer.allowedStaticStarImports = ['java.lang.**']
def shell = new GroovyShell(configuration)
shell.evaluate('''
import static java.lang.Math.PI
@@ -432,8 +432,8 @@ final class SecureASTCustomizerTest {
}
@Test
- void testStaticStarImportBlackList1() {
- customizer.staticStarImportsBlacklist = ['java.lang.**']
+ void testDisallowedStaticStarImports1() {
+ customizer.disallowedStaticStarImports = ['java.lang.**']
def shell = new GroovyShell(configuration)
assert hasSecurityException {
shell.evaluate('''
@@ -450,7 +450,7 @@ final class SecureASTCustomizerTest {
@Test
void testIndirectStaticImport() {
- customizer.staticImportsWhitelist = ['java.lang.Math.PI']
+ customizer.allowedStaticImports = ['java.lang.Math.PI']
customizer.indirectImportCheckEnabled = true
def shell = new GroovyShell(configuration)
assert hasSecurityException {
@@ -460,7 +460,7 @@ final class SecureASTCustomizerTest {
@Test
void testIndirectStaticStarImport() {
- customizer.staticStarImportsWhitelist = ['java.lang.Math.*']
+ customizer.allowedStaticStarImports = ['java.lang.Math.*']
customizer.indirectImportCheckEnabled = true
def shell = new GroovyShell(configuration)
shell.evaluate('java.lang.Math.cos(1)')
@@ -470,8 +470,8 @@ final class SecureASTCustomizerTest {
}
@Test
- void testConstantTypeWhiteList() {
- customizer.constantTypesClassesWhiteList = [Integer.TYPE]
+ void testAllowedConstantTypes() {
+ customizer.allowedConstantTypesClasses = [Integer.TYPE]
def shell = new GroovyShell(configuration)
shell.evaluate('1')
assert hasSecurityException {
@@ -483,8 +483,8 @@ final class SecureASTCustomizerTest {
}
@Test
- void testConstantTypeBlackList() {
- customizer.constantTypesClassesBlackList = [String]
+ void testDisallowedConstantTypes() {
+ customizer.disallowedConstantTypesClasses = [String]
def shell = new GroovyShell(configuration)
shell.evaluate('1')
shell.evaluate('2d')
@@ -494,8 +494,8 @@ final class SecureASTCustomizerTest {
}
@Test
- void testReceiverWhiteList() {
- customizer.receiversClassesWhiteList = [Integer.TYPE]
+ void testAllowedReceivers() {
+ customizer.allowedReceiversClasses = [Integer.TYPE]
def shell = new GroovyShell(configuration)
shell.evaluate('1.plus(1)')
assert hasSecurityException {
@@ -507,8 +507,8 @@ final class SecureASTCustomizerTest {
}
@Test
- void testReceiverBlackList() {
- customizer.receiversClassesBlackList = [String]
+ void testDisallowedReceivers() {
+ customizer.disallowedReceiversClasses = [String]
def shell = new GroovyShell(configuration)
shell.evaluate('1.plus(1)')
shell.evaluate('2.0.multiply(4)')
@@ -518,8 +518,8 @@ final class SecureASTCustomizerTest {
}
@Test
- void testReceiverWhiteListWithStaticMethod() {
- customizer.receiversClassesWhiteList = [Integer.TYPE]
+ void testAllowedReceiversWithStaticMethod() {
+ customizer.allowedReceiversClasses = [Integer.TYPE]
def shell = new GroovyShell(configuration)
shell.evaluate('1.plus(1)')
assert hasSecurityException {
@@ -528,8 +528,8 @@ final class SecureASTCustomizerTest {
}
@Test
- void testReceiverBlackListWithStaticMethod() {
- customizer.receiversClassesBlackList = [Math]
+ void testDisallowedReceiversWithStaticMethod() {
+ customizer.disallowedReceiversClasses = [Math]
def shell = new GroovyShell(configuration)
shell.evaluate('1.plus(1)')
shell.evaluate('Collections.sort([])')
@@ -540,7 +540,7 @@ final class SecureASTCustomizerTest {
@Test // GROOVY-4978
void testVisitMethodBody() {
- customizer.importsBlacklist = [
+ customizer.disallowedImports = [
"java.lang.System",
"groovy.lang.GroovyShell",
"groovy.lang.GroovyClassLoader"]
@@ -565,12 +565,12 @@ final class SecureASTCustomizerTest {
}
@Test // GROOVY-6153
- void testDeterministicWhitelistBehaviour() {
- def classWhiteList = ["java.lang.Object", "test"]
+ void testDeterministicAllowedListBehaviour() {
+ def allowedClasses = ["java.lang.Object", "test"]
customizer.with {
setIndirectImportCheckEnabled(true);
- setImportsWhitelist(classWhiteList);
- setReceiversWhiteList(classWhiteList);
+ setAllowedImports(allowedClasses);
+ setAllowedReceivers(allowedClasses);
setPackageAllowed(true);
setClosuresAllowed(true);
setMethodDefinitionAllowed(true);
@@ -584,12 +584,12 @@ final class SecureASTCustomizerTest {
}
@Test // GROOVY-6153
- void testDeterministicWhitelistBehaviour2() {
- def classWhiteList = ["java.lang.Object", "test"]
+ void testDeterministicAllowedListBehaviour2() {
+ def allowedClasses = ["java.lang.Object", "test"]
customizer.with {
setIndirectImportCheckEnabled(true);
- setConstantTypesWhiteList(classWhiteList);
- setReceiversWhiteList(classWhiteList);
+ setAllowedConstantTypes(allowedClasses);
+ setAllowedReceivers(allowedClasses);
setPackageAllowed(true);
setClosuresAllowed(true);
setMethodDefinitionAllowed(true);
@@ -603,9 +603,9 @@ final class SecureASTCustomizerTest {
}
@Test // GROOVY-8135
- void testStarImportsWhiteListWithIndirectImportCheckEnabled() {
+ void testStarImportsAllowedListWithIndirectImportCheckEnabled() {
customizer.indirectImportCheckEnabled = true
- customizer.starImportsWhitelist = ['java.lang']
+ customizer.allowedStarImports = ['java.lang']
def shell = new GroovyShell(configuration)
shell.evaluate('Object object = new Object()')
shell.evaluate('Object object = new Object(); object.hashCode()')
diff --git a/src/test/org/codehaus/groovy/control/customizers/builder/CompilerCustomizationBuilderTest.groovy b/src/test/org/codehaus/groovy/control/customizers/builder/CompilerCustomizationBuilderTest.groovy
index 7c07910..de7d6aa 100644
--- a/src/test/org/codehaus/groovy/control/customizers/builder/CompilerCustomizationBuilderTest.groovy
+++ b/src/test/org/codehaus/groovy/control/customizers/builder/CompilerCustomizationBuilderTest.groovy
@@ -337,10 +337,10 @@ class CompilerCustomizationBuilderTest extends GroovyTestCase {
def config = new CompilerConfiguration()
CompilerCustomizationBuilder.withConfig(config) {
secureAst {
- importsWhitelist = []
+ allowedImports = []
}
}
- assert config.compilationCustomizers.first().importsWhitelist == []
+ assert config.compilationCustomizers.first().allowedImports == []
}
// GROOVY-9035
[groovy] 02/02: GROOVY-9594: Update
src/main/java/org/codehaus/groovy/control/customizers/SecureASTCustomizer.java
(closes #1282)
Posted by pa...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
paulk pushed a commit to branch GROOVY_3_0_X
in repository https://gitbox.apache.org/repos/asf/groovy.git
commit 919d449698c6ffdc3df2cff487b707a2fbc762eb
Author: Paul King <pa...@asert.com.au>
AuthorDate: Thu Jun 18 22:09:12 2020 +1000
GROOVY-9594: Update src/main/java/org/codehaus/groovy/control/customizers/SecureASTCustomizer.java (closes #1282)
Co-authored-by: Jenn Strater <je...@gmail.com>
---
.../codehaus/groovy/control/customizers/SecureASTCustomizer.java | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/main/java/org/codehaus/groovy/control/customizers/SecureASTCustomizer.java b/src/main/java/org/codehaus/groovy/control/customizers/SecureASTCustomizer.java
index 7ea48e1..ad8ed7a 100644
--- a/src/main/java/org/codehaus/groovy/control/customizers/SecureASTCustomizer.java
+++ b/src/main/java/org/codehaus/groovy/control/customizers/SecureASTCustomizer.java
@@ -110,7 +110,7 @@ import java.util.Map;
* out, but new language features are then implicitly also available and this may not be desirable.
* The implication is that you might need to update your configuration with each new release.
* <p>
- * If you set neither an allowed list nor a disallowed list, then everything is permitted.
+ * If neither an allowed list nor a disallowed list is set, then everything is permitted.
* <p>
* Combinations of import and star import constraints are authorized as long as you use the same type of list for both.
* For example, you may use an import allowed list and a star import allowed list together, but you cannot use an import
@@ -761,10 +761,10 @@ public class SecureASTCustomizer extends CompilationCustomizer {
*
* Please note that since Groovy is a dynamic language, and
* this class performs a static type check, it will be relatively
- * simple to bypass any disallowed list unless the receivers disallowed list contains, at
+ * simple to bypass any disallowed list unless the disallowed receivers list contains, at
* a minimum, Object, Script, GroovyShell, and Eval. Additionally,
* it is necessary to also have MethodPointerExpression in the
- * disallowed expressions list for the receivers disallowed list to function
+ * disallowed expressions list for the disallowed receivers list to function
* as a security check.
*
* @param disallowedReceivers the list of refused classes, as fully qualified names