You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@groovy.apache.org by "Eric Milles (Jira)" <ji...@apache.org> on 2019/11/24 23:25:00 UTC
[jira] [Assigned] (GROOVY-9318) SecureASTCustomizer: add support
for allowing or blocking entire package trees
[ https://issues.apache.org/jira/browse/GROOVY-9318?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eric Milles reassigned GROOVY-9318:
-----------------------------------
Assignee: Eric Milles
> SecureASTCustomizer: add support for allowing or blocking entire package trees
> ------------------------------------------------------------------------------
>
> Key: GROOVY-9318
> URL: https://issues.apache.org/jira/browse/GROOVY-9318
> Project: Groovy
> Issue Type: New Feature
> Reporter: Eric Milles
> Assignee: Eric Milles
> Priority: Minor
>
> Consider the following:
> {code:groovy}
> CompilerConfiguration configuration = new CompilerConfiguration()
> SecureASTCustomizer customizer = new SecureASTCustomizer()
> configuration.addCompilationCustomizers(customizer)
> customizer.starImportsBlacklist = ['javax.**']
> def shell = new GroovyShell(configuration)
> shell.evaluate('''
> import javax.swing.Action
> Action act
> ''')
> {code}
> This should throw SecurityException since all of "javax" packages have been blocked.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)