|
Groovy example source code file (JSR223SecurityTest.java)
The Groovy JSR223SecurityTest.java source codepackage org.codehaus.groovy.jsr223; import groovy.lang.GroovyClassLoader; import org.codehaus.groovy.ast.ClassNode; import org.codehaus.groovy.ast.CodeVisitorSupport; import org.codehaus.groovy.ast.expr.MethodCallExpression; import org.codehaus.groovy.ast.stmt.ExpressionStatement; import org.codehaus.groovy.classgen.GeneratorContext; import org.codehaus.groovy.control.CompilationUnit; import org.codehaus.groovy.control.CompilationUnit.PrimaryClassNodeOperation; import org.codehaus.groovy.control.CompilerConfiguration; import org.codehaus.groovy.control.Phases; import org.codehaus.groovy.control.SourceUnit; import org.junit.Test; import javax.script.ScriptEngine; import javax.script.ScriptEngineManager; import javax.script.ScriptException; import java.lang.reflect.Field; import java.security.CodeSource; import java.util.HashSet; import java.util.Set; /** * Test contributed by Tiago Fernandez, for GROOVY-3946 */ public class JSR223SecurityTest { @Test(expected = ScriptException.class) public void should_forbid_an_instruction_when_overriding_GroovyClassLoader_using_reflection() throws Exception { secureEval("System.exit 2", "java.lang.System", true); } @Test(expected = ScriptException.class) public void should_forbid_an_instruction_when_overriding_GroovyClassLoader_using_injection() throws Exception { secureEval("System.exit 2", "java.lang.System", false); } private void secureEval(final String script, final String forbiddenInstruction, final boolean useReflection) throws Exception { final ScriptEngine groovyEngine = new ScriptEngineManager().getEngineByName("groovy"); final GroovySecurityManager groovySecurityManager = GroovySecurityManager.instance(); groovySecurityManager.overrideGroovyClassLoader(groovyEngine, useReflection); groovySecurityManager.forbid(forbiddenInstruction); groovyEngine.eval(script); } } class GroovySecurityManager { private final static GroovySecurityManager instance = new GroovySecurityManager(); private final Set<String> blacklist = new HashSet Other Groovy examples (source code examples)Here is a short list of links related to this Groovy JSR223SecurityTest.java source code file: |
... this post is sponsored by my books ... | |
#1 New Release! |
FP Best Seller |
Copyright 1998-2021 Alvin Alexander, alvinalexander.com
All Rights Reserved.
A percentage of advertising revenue from
pages under the /java/jwarehouse
URI on this website is
paid back to open source projects.