Run groovy scripts with no permissions #10969
Conversation
|
LGTM this a great start |
|
Phantastic. I know that you know what you know that you are doing! URL#getFile() is bad, but OK for those static checks... To be sure: Is a equals enough, I would have expected that it should be startsWith("/groovy/script"), especially if one tries to define a class inside his script and maybe defines a custom package. |
| @Override | ||
| public void setUp() throws Exception { | ||
| super.setUp(); | ||
| assumeTrue("security manager is enabled", System.getSecurityManager() != null); |
There was a problem hiding this comment.
I think the message should be "security manager is disabled", because the assume would only print the message and ignore test if the security manager is disabled.
There was a problem hiding this comment.
+1, I will improve this assume.
|
@uschindler yes, groovy always sets this strange "fake" URL. I think its just intended to make it easier to configure in a policy file. That would be hard for us (even if its preferred) because everything there must really be specified as a white-list. Here a black-list (simple check) is easier to reason about. |
|
OK. Thanks for the info! |
Run groovy scripts with no permissions
clintongormley
added
>enhancement
:Core/Infra/Scripting
Scripts shouldn't really have side effects.
There are a number of simple and complicated ways we can reduce their java permissions, this is the simplest one that I see.
This is not a sandbox, it just runs groovy scripts without priviledges since they should not need them.
A sandbox would be more, and involve API changes.
I did however revive the old sandbox test just as a simple start.