You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@groovy.apache.org by "Eric Milles (Jira)" <ji...@apache.org> on 2019/11/24 23:25:00 UTC

[jira] [Assigned] (GROOVY-9318) SecureASTCustomizer: add support for allowing or blocking entire package trees

     [ https://issues.apache.org/jira/browse/GROOVY-9318?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Eric Milles reassigned GROOVY-9318:
-----------------------------------

    Assignee: Eric Milles

> SecureASTCustomizer: add support for allowing or blocking entire package trees
> ------------------------------------------------------------------------------
>
>                 Key: GROOVY-9318
>                 URL: https://issues.apache.org/jira/browse/GROOVY-9318
>             Project: Groovy
>          Issue Type: New Feature
>            Reporter: Eric Milles
>            Assignee: Eric Milles
>            Priority: Minor
>
> Consider the following:
> {code:groovy}
> CompilerConfiguration configuration = new CompilerConfiguration()
> SecureASTCustomizer customizer = new SecureASTCustomizer()
> configuration.addCompilationCustomizers(customizer)
> customizer.starImportsBlacklist = ['javax.**']
> def shell = new GroovyShell(configuration)
> shell.evaluate('''
>   import javax.swing.Action
>   Action act
> ''')
> {code}
> This should throw SecurityException since all of "javax" packages have been blocked.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)