Generate closures as public classes #248
Conversation
|
How does the situation with CachedMethod change if the generated closure is public? |
|
I went ahead and created a JIRA issue for it: GROOVY-7735.
@blackdrag As the change increases the access level of the generated |
It also means code running under securitymanager can invoke it without granting Basically, groovy should respect java's access modifiers here. |
|
The choice was not really arbitrary. Anonymous inner classes will also not be public in Java. But well... I think there will be no real ill side effects we have to fear here. So +1 from my side... Only a minor improvement could be done and that is either to comment in code or at least in the commit message as of why we use public. Otherwise it might be changed again in the future... And of course something like a test would be nice too, but the comment is more important to me |
ywelsch
force-pushed
the
fix/package-private-closures
branch
from
ec1c710
to
f622198
Compare
Access to closures is currently cached by the Groovy runtime in org.codehaus.groovy.reflection.CachedMethod. If closures are generated as package-private classes, invoking the cached method from CachedMethod only works if the suppressAccessChecks permission is granted to the security manager, a permission which is dangerous as it completely disables standard language access checks.
ywelsch
force-pushed
the
fix/package-private-closures
branch
from
f622198
to
fae9590
Compare
|
@blackdrag I've added a comment to the code and an explanation for the code change in the commit message. Please let me know if anything else is needed to get this in. |
|
To add to it being public, I looked for other usage of
Perhaps a future PR should deprecate the method and remove the second argument, but I'm happy to see the +1 here. (PS: Jenkins failed to actually start Gradle, which is why the build failed) |
|
those other two findings are for Closures in annotations. They actually do need to be public. Anyway... +1 for the change |
|
+1 from my side |
|
Merged: 7ced8a2 Thanks! |
|
@ywelsch Could you please close the pull request? I can not because this is a read only-repo (and I forgot to add the right comment to the commit message :(). Thanks! |
|
@PascalSchumacher thanks for merging this! |
Groovy is the default scripting language in Elasticsearch, used to evaluate custom expressions. In Elasticsearch 2.0 we introduced the Java security manager as a key component to secure our software. We spent a lot of effort on getting Groovy to run under the security manager with a conservative set of permissions. We have currently hit a road block with the
suppressAccessCheckwhich allows suppressing the standard language access checks and expose information that would normally be unavailable to malicious code. Unfortunately, not providing this permission to Groovy breaks the use of Groovy closures in our scripts.The reason is that in the Groovy framework:
CachedMethod.Invoking a closure thus fails without the
suppressAccessCheckpermission as the class of the closure is package private but accessed from the Groovy runtime classCachedMethodin theorg.codehaus.groovy.reflectionpackage.This one-line PR changes the access modifier of the classes generated for Groovy closures from package-private to public.