public class SecureASTCustomizer extends CompilationCustomizer
SecureASTCustomizer.StatementChecker interface or SecureASTCustomizer.ExpressionChecker interface then register your
handlers thanks to the addExpressionCheckers(org.codehaus.groovy.control.customizers.SecureASTCustomizer.ExpressionChecker...)
and addStatementCheckers(org.codehaus.groovy.control.customizers.SecureASTCustomizer.StatementChecker...)
methods.
Here is an example of usage. We will create a groovy classloader which only supports arithmetic operations and imports
the java.lang.Math classes by default.
final ImportCustomizer imports = new ImportCustomizer().addStaticStars('java.lang.Math') // add static import of java.lang.Math
final SecureASTCustomizer secure = new SecureASTCustomizer()
secure.with {
closuresAllowed = false
methodDefinitionAllowed = false
importsWhitelist = []
staticImportsWhitelist = []
staticStarImportsWhitelist = ['java.lang.Math'] // only java.lang.Math is allowed
tokensWhitelist = [
PLUS,
MINUS,
MULTIPLY,
DIVIDE,
MOD,
POWER,
PLUS_PLUS,
MINUS_MINUS,
COMPARE_EQUAL,
COMPARE_NOT_EQUAL,
COMPARE_LESS_THAN,
COMPARE_LESS_THAN_EQUAL,
COMPARE_GREATER_THAN,
COMPARE_GREATER_THAN_EQUAL,
].asImmutable()
constantTypesClassesWhiteList = [
Integer,
Float,
Long,
Double,
BigDecimal,
Integer.TYPE,
Long.TYPE,
Float.TYPE,
Double.TYPE
].asImmutable()
receiversClassesWhiteList = [
Math,
Integer,
Float,
Double,
Long,
BigDecimal
].asImmutable()
}
CompilerConfiguration config = new CompilerConfiguration()
config.addCompilationCustomizers(imports, secure)
GroovyClassLoader loader = new GroovyClassLoader(this.class.classLoader, config)
| Modifier and Type | Class and Description |
|---|---|
static interface |
SecureASTCustomizer.ExpressionChecker
This interface allows the user to plugin custom expression checkers if expression blacklist or whitelist are not
sufficient
|
static interface |
SecureASTCustomizer.StatementChecker
This interface allows the user to plugin custom statement checkers if statement blacklist or whitelist are not
sufficient
|
| Constructor and Description |
|---|
SecureASTCustomizer() |
| Modifier and Type | Method and Description |
|---|---|
void |
addExpressionCheckers(SecureASTCustomizer.ExpressionChecker... checkers) |
void |
addStatementCheckers(SecureASTCustomizer.StatementChecker... checkers) |
void |
call(SourceUnit source,
GeneratorContext context,
ClassNode classNode) |
java.util.List<java.lang.String> |
getConstantTypesBlackList() |
java.util.List<java.lang.String> |
getConstantTypesWhiteList() |
java.util.List<java.lang.Class<? extends Expression>> |
getExpressionsBlacklist() |
java.util.List<java.lang.Class<? extends Expression>> |
getExpressionsWhitelist() |
java.util.List<java.lang.String> |
getImportsBlacklist() |
java.util.List<java.lang.String> |
getImportsWhitelist() |
java.util.List<java.lang.String> |
getReceiversBlackList() |
java.util.List<java.lang.String> |
getReceiversWhiteList() |
java.util.List<java.lang.String> |
getStarImportsBlacklist() |
java.util.List<java.lang.String> |
getStarImportsWhitelist() |
java.util.List<java.lang.Class<? extends Statement>> |
getStatementsBlacklist() |
java.util.List<java.lang.Class<? extends Statement>> |
getStatementsWhitelist() |
java.util.List<java.lang.String> |
getStaticImportsBlacklist() |
java.util.List<java.lang.String> |
getStaticImportsWhitelist() |
java.util.List<java.lang.String> |
getStaticStarImportsBlacklist() |
java.util.List<java.lang.String> |
getStaticStarImportsWhitelist() |
java.util.List<java.lang.Integer> |
getTokensBlacklist() |
java.util.List<java.lang.Integer> |
getTokensWhitelist() |
boolean |
isClosuresAllowed() |
boolean |
isIndirectImportCheckEnabled() |
boolean |
isMethodDefinitionAllowed() |
boolean |
isPackageAllowed() |
void |
setClosuresAllowed(boolean closuresAllowed) |
void |
setConstantTypesBlackList(java.util.List<java.lang.String> constantTypesBlackList) |
void |
setConstantTypesClassesBlackList(java.util.List<java.lang.Class> constantTypesBlackList)
An alternative way of setting constant types.
|
void |
setConstantTypesClassesWhiteList(java.util.List<java.lang.Class> constantTypesWhiteList)
An alternative way of setting constant types.
|
void |
setConstantTypesWhiteList(java.util.List<java.lang.String> constantTypesWhiteList) |
void |
setExpressionsBlacklist(java.util.List<java.lang.Class<? extends Expression>> expressionsBlacklist) |
void |
setExpressionsWhitelist(java.util.List<java.lang.Class<? extends Expression>> expressionsWhitelist) |
void |
setImportsBlacklist(java.util.List<java.lang.String> importsBlacklist) |
void |
setImportsWhitelist(java.util.List<java.lang.String> importsWhitelist) |
void |
setIndirectImportCheckEnabled(boolean indirectImportCheckEnabled)
Set this option to true if you want your import rules to be checked against every class node.
|
void |
setMethodDefinitionAllowed(boolean methodDefinitionAllowed) |
void |
setPackageAllowed(boolean packageAllowed) |
void |
setReceiversBlackList(java.util.List<java.lang.String> receiversBlackList)
Sets the list of classes which deny method calls.
|
void |
setReceiversClassesBlackList(java.util.List<java.lang.Class> receiversBlacklist)
An alternative way of setting
receiver classes. |
void |
setReceiversClassesWhiteList(java.util.List<java.lang.Class> receiversWhitelist)
An alternative way of setting
receiver classes. |
void |
setReceiversWhiteList(java.util.List<java.lang.String> receiversWhiteList)
Sets the list of classes which may accept method calls.
|
void |
setStarImportsBlacklist(java.util.List<java.lang.String> starImportsBlacklist) |
void |
setStarImportsWhitelist(java.util.List<java.lang.String> starImportsWhitelist) |
void |
setStatementsBlacklist(java.util.List<java.lang.Class<? extends Statement>> statementsBlacklist) |
void |
setStatementsWhitelist(java.util.List<java.lang.Class<? extends Statement>> statementsWhitelist) |
void |
setStaticImportsBlacklist(java.util.List<java.lang.String> staticImportsBlacklist) |
void |
setStaticImportsWhitelist(java.util.List<java.lang.String> staticImportsWhitelist) |
void |
setStaticStarImportsBlacklist(java.util.List<java.lang.String> staticStarImportsBlacklist) |
void |
setStaticStarImportsWhitelist(java.util.List<java.lang.String> staticStarImportsWhitelist) |
void |
setTokensBlacklist(java.util.List<java.lang.Integer> tokensBlacklist)
Sets the list of tokens which are blacklisted.
|
void |
setTokensWhitelist(java.util.List<java.lang.Integer> tokensWhitelist)
Sets the list of tokens which are whitelisted.
|
getPhaseneedSortedInputpublic boolean isMethodDefinitionAllowed()
public void setMethodDefinitionAllowed(boolean methodDefinitionAllowed)
public boolean isPackageAllowed()
public boolean isClosuresAllowed()
public void setClosuresAllowed(boolean closuresAllowed)
public void setPackageAllowed(boolean packageAllowed)
public java.util.List<java.lang.String> getImportsBlacklist()
public void setImportsBlacklist(java.util.List<java.lang.String> importsBlacklist)
public java.util.List<java.lang.String> getImportsWhitelist()
public void setImportsWhitelist(java.util.List<java.lang.String> importsWhitelist)
public java.util.List<java.lang.String> getStarImportsBlacklist()
public void setStarImportsBlacklist(java.util.List<java.lang.String> starImportsBlacklist)
public java.util.List<java.lang.String> getStarImportsWhitelist()
public void setStarImportsWhitelist(java.util.List<java.lang.String> starImportsWhitelist)
public java.util.List<java.lang.String> getStaticImportsBlacklist()
public void setStaticImportsBlacklist(java.util.List<java.lang.String> staticImportsBlacklist)
public java.util.List<java.lang.String> getStaticImportsWhitelist()
public void setStaticImportsWhitelist(java.util.List<java.lang.String> staticImportsWhitelist)
public java.util.List<java.lang.String> getStaticStarImportsBlacklist()
public void setStaticStarImportsBlacklist(java.util.List<java.lang.String> staticStarImportsBlacklist)
public java.util.List<java.lang.String> getStaticStarImportsWhitelist()
public void setStaticStarImportsWhitelist(java.util.List<java.lang.String> staticStarImportsWhitelist)
public java.util.List<java.lang.Class<? extends Expression>> getExpressionsBlacklist()
public void setExpressionsBlacklist(java.util.List<java.lang.Class<? extends Expression>> expressionsBlacklist)
public java.util.List<java.lang.Class<? extends Expression>> getExpressionsWhitelist()
public void setExpressionsWhitelist(java.util.List<java.lang.Class<? extends Expression>> expressionsWhitelist)
public java.util.List<java.lang.Class<? extends Statement>> getStatementsBlacklist()
public void setStatementsBlacklist(java.util.List<java.lang.Class<? extends Statement>> statementsBlacklist)
public java.util.List<java.lang.Class<? extends Statement>> getStatementsWhitelist()
public void setStatementsWhitelist(java.util.List<java.lang.Class<? extends Statement>> statementsWhitelist)
public java.util.List<java.lang.Integer> getTokensBlacklist()
public boolean isIndirectImportCheckEnabled()
public void setIndirectImportCheckEnabled(boolean indirectImportCheckEnabled)
indirectImportCheckEnabled - set to true to enable indirect checkspublic void setTokensBlacklist(java.util.List<java.lang.Integer> tokensBlacklist)
tokensBlacklist - the tokens. The values of the tokens must be those of Typespublic java.util.List<java.lang.Integer> getTokensWhitelist()
public void setTokensWhitelist(java.util.List<java.lang.Integer> tokensWhitelist)
tokensWhitelist - the tokens. The values of the tokens must be those of Typespublic void addStatementCheckers(SecureASTCustomizer.StatementChecker... checkers)
public void addExpressionCheckers(SecureASTCustomizer.ExpressionChecker... checkers)
public java.util.List<java.lang.String> getConstantTypesBlackList()
public void setConstantTypesBlackList(java.util.List<java.lang.String> constantTypesBlackList)
public java.util.List<java.lang.String> getConstantTypesWhiteList()
public void setConstantTypesWhiteList(java.util.List<java.lang.String> constantTypesWhiteList)
public void setConstantTypesClassesWhiteList(java.util.List<java.lang.Class> constantTypesWhiteList)
constantTypesWhiteList - a list of classes.public void setConstantTypesClassesBlackList(java.util.List<java.lang.Class> constantTypesBlackList)
constantTypesBlackList - a list of classes.public java.util.List<java.lang.String> getReceiversBlackList()
public void setReceiversBlackList(java.util.List<java.lang.String> receiversBlackList)
receiversBlackList - the list of refused classes, as fully qualified namespublic void setReceiversClassesBlackList(java.util.List<java.lang.Class> receiversBlacklist)
receiver classes.receiversBlacklist - a list of classes.public java.util.List<java.lang.String> getReceiversWhiteList()
public void setReceiversWhiteList(java.util.List<java.lang.String> receiversWhiteList)
receiversWhiteList - the list of accepted classes, as fully qualified namespublic void setReceiversClassesWhiteList(java.util.List<java.lang.Class> receiversWhitelist)
receiver classes.receiversWhitelist - a list of classes.public void call(SourceUnit source, GeneratorContext context, ClassNode classNode) throws CompilationFailedException
call in class CompilationUnit.PrimaryClassNodeOperationCompilationFailedException