Add Groovy as a scripting language, add sandboxing for Groovy

Sandboxes the groovy scripting language with multiple configurable
whitelists:

`script.groovy.sandbox.receiver_whitelist`: comma-separated list of string
classes for objects that may have methods invoked.
`script.groovy.sandbox.package_whitelist`: comma-separated list of
packages under which new objects may be constructed.
`script.groovy.sandbox.class_whitelist` comma-separated list of classes
that are allowed to be constructed.

As well as a method blacklist:

`script.groovy.sandbox.method_blacklist`: comma-separated list of
methods that are never allowed to be invoked, regardless of target
object.

The sandbox can be entirely disabled by setting:

`script.groovy.sandbox.enabled: false`

dev-tools/tests.policy

@@ -27,10 +27,11 @@ grant {
   permission java.io.FilePermission "${junit4.childvm.cwd}", "read,execute,write";
   permission java.io.FilePermission "${junit4.childvm.cwd}${/}-", "read,execute,write,delete";
   permission java.io.FilePermission "${junit4.tempDir}${/}*", "read,execute,write,delete";
-
+  permission groovy.security.GroovyCodeSourcePermission "/groovy/script";
+
   // Allow connecting to the internet anywhere
   permission java.net.SocketPermission "*", "accept,listen,connect,resolve";
-  
+
   // Basic permissions needed for Lucene / Elasticsearch to work:
   permission java.util.PropertyPermission "*", "read,write";
   permission java.lang.reflect.ReflectPermission "*";

pom.xml

@@ -208,13 +208,6 @@
             <scope>compile</scope>
         </dependency>
 
-        <dependency>
-            <groupId>org.mvel</groupId>
-            <artifactId>mvel2</artifactId>
-            <version>2.2.0.Final</version>
-            <scope>compile</scope>
-        </dependency>
-
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-core</artifactId>
@@ -265,6 +258,22 @@
         </dependency>
         <!-- END: dependencies that are shaded -->
 
+        <dependency>
+            <groupId>org.mvel</groupId>
+            <artifactId>mvel2</artifactId>
+            <version>2.2.0.Final</version>
+            <scope>compile</scope>
+            <optional>true</optional>
+        </dependency>
+
+        <dependency>
+            <groupId>org.codehaus.groovy</groupId>
+            <artifactId>groovy-all</artifactId>
+            <version>2.3.2</version>
+            <scope>compile</scope>
+            <optional>true</optional>
+        </dependency>
+
         <dependency>
             <groupId>log4j</groupId>
             <artifactId>log4j</artifactId>
@@ -648,7 +657,6 @@
                         <includes>
                             <include>com.google.guava:guava</include>
                             <include>com.carrotsearch:hppc</include>
-                            <include>org.mvel:mvel2</include>
                             <include>com.fasterxml.jackson.core:jackson-core</include>
                             <include>com.fasterxml.jackson.dataformat:jackson-dataformat-smile</include>
                             <include>com.fasterxml.jackson.dataformat:jackson-dataformat-yaml</include>
@@ -674,10 +682,6 @@
                             <pattern>jsr166e</pattern>
                             <shadedPattern>org.elasticsearch.common.util.concurrent.jsr166e</shadedPattern>
                         </relocation>
-                        <relocation>
-                            <pattern>org.mvel2</pattern>
-                            <shadedPattern>org.elasticsearch.common.mvel2</shadedPattern>
-                        </relocation>
                         <relocation>
                             <pattern>com.fasterxml.jackson</pattern>
                             <shadedPattern>org.elasticsearch.common.jackson</shadedPattern>
@@ -870,7 +874,7 @@
                                 </data>
                                 <data>
                                     <src>${project.build.directory}/lib</src>
-                                    <includes>lucene*, log4j*, jna*, spatial4j*, jts*</includes>
+                                    <includes>lucene*, log4j*, jna*, spatial4j*, jts*, groovy*, mvel*</includes>
                                     <type>directory</type>
                                     <mapper>
                                         <type>perm</type>
@@ -1070,6 +1074,8 @@
                                         <include>jna*</include>
                                         <include>spatial4j*</include>
                                         <include>jts*</include>
+                                        <include>groovy*</include>
+                                        <include>mvel*</include>
                                     </includes>
                                 </source>
                                 <source>
@@ -1393,7 +1399,7 @@
             <version>0.6.4.201312101107</version>
             <scope>test</scope>
           </dependency>
-        </dependencies>        
+        </dependencies>
         <build>
           <plugins>
             <plugin>
@@ -1418,7 +1424,7 @@
                   <id>default-check</id>
                   <goals>
                     <goal>check</goal>
-                  </goals>                  
+                  </goals>
                 </execution>
               </executions>
               <configuration>

src/main/assemblies/common-bin.xml

@@ -9,6 +9,8 @@
                 <include>net.java.dev.jna:jna</include>
                 <include>com.spatial4j:spatial4j</include>
                 <include>com.vividsolutions:jts</include>
+                <include>org.codehaus.groovy:groovy-all</include>
+                <include>org.mvel:mvel2</include>
             </includes>
         </dependencySet>
         <dependencySet>

src/main/java/org/elasticsearch/script/ScriptModule.java

@@ -27,6 +27,7 @@
 import org.elasticsearch.common.inject.multibindings.Multibinder;
 import org.elasticsearch.common.logging.Loggers;
 import org.elasticsearch.common.settings.Settings;
+import org.elasticsearch.script.groovy.GroovyScriptEngineService;
 import org.elasticsearch.script.mustache.MustacheScriptEngineService;
 import org.elasticsearch.script.mvel.MvelScriptEngineService;
 
@@ -77,16 +78,23 @@ protected void configure() {
 
         Multibinder<ScriptEngineService> multibinder = Multibinder.newSetBinder(binder(), ScriptEngineService.class);
         multibinder.addBinding().to(NativeScriptEngineService.class);
+
+        try {
+            multibinder.addBinding().to(GroovyScriptEngineService.class);
+        } catch (Throwable t) {
+            Loggers.getLogger(GroovyScriptEngineService.class).debug("failed to load groovy", t);
+        }
+
         try {
             multibinder.addBinding().to(MvelScriptEngineService.class);
         } catch (Throwable t) {
-            // no MVEL
+            Loggers.getLogger(MvelScriptEngineService.class).debug("failed to load mvel", t);
         }
 
         try {
             multibinder.addBinding().to(MustacheScriptEngineService.class);
         } catch (Throwable t) {
-            Loggers.getLogger(MustacheScriptEngineService.class).trace("failed to load mustache", t);
+            Loggers.getLogger(MustacheScriptEngineService.class).debug("failed to load mustache", t);
         }
 
         for (Class<? extends ScriptEngineService> scriptEngine : scriptEngines) {

src/main/java/org/elasticsearch/script/ScriptService.java

@@ -44,6 +44,7 @@
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStreamReader;
+import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.ConcurrentMap;
@@ -54,6 +55,10 @@
  */
 public class ScriptService extends AbstractComponent {
 
+    public static final String DEFAULT_SCRIPTING_LANGUAGE_SETTING = "script.default_lang";
+    public static final String DISABLE_DYNAMIC_SCRIPTING_SETTING = "script.disable_dynamic";
+    public static final String DISABLE_DYNAMIC_SCRIPTING_DEFAULT = "sandbox";
+
     private final String defaultLang;
 
     private final ImmutableMap<String, ScriptEngineService> scriptEngines;
@@ -63,7 +68,38 @@ public class ScriptService extends AbstractComponent {
     private final Cache<CacheKey, CompiledScript> cache;
     private final File scriptsDirectory;
 
-    private final boolean disableDynamic;
+    private final DynamicScriptDisabling dynamicScriptingDisabled;
+
+    /**
+     * Enum defining the different dynamic settings for scripting, either
+     * ONLY_DISK_ALLOWED (scripts must be placed on disk), EVERYTHING_ALLOWED
+     * (all dynamic scripting is enabled), or SANDBOXED_ONLY (only sandboxed
+     * scripting languages are allowed)
+     */
+    enum DynamicScriptDisabling {
+        EVERYTHING_ALLOWED,
+        ONLY_DISK_ALLOWED,
+        SANDBOXED_ONLY;
+
+        public static final DynamicScriptDisabling parse(String s) {
+            switch (s.toLowerCase(Locale.ROOT)) {
+                // true for "disable_dynamic" means only on-disk scripts are enabled
+                case "true":
+                case "all":
+                    return ONLY_DISK_ALLOWED;
+                // false for "disable_dynamic" means all scripts are enabled
+                case "false":
+                case "none":
+                    return EVERYTHING_ALLOWED;
+                // only sandboxed scripting is enabled
+                case "sandbox":
+                case "sandboxed":
+                    return SANDBOXED_ONLY;
+                default:
+                    throw new ElasticsearchIllegalArgumentException("Unrecognized script allowance setting: [" + s + "]");
+            }
+        }
+    }
 
     @Inject
     public ScriptService(Settings settings, Environment env, Set<ScriptEngineService> scriptEngines,
@@ -74,8 +110,8 @@ public ScriptService(Settings settings, Environment env, Set<ScriptEngineService
         TimeValue cacheExpire = componentSettings.getAsTime("cache.expire", null);
         logger.debug("using script cache with max_size [{}], expire [{}]", cacheMaxSize, cacheExpire);
 
-        this.defaultLang = componentSettings.get("default_lang", "mvel");
-        this.disableDynamic = componentSettings.getAsBoolean("disable_dynamic", true);
+        this.defaultLang = settings.get(DEFAULT_SCRIPTING_LANGUAGE_SETTING, "mvel");
+        this.dynamicScriptingDisabled = DynamicScriptDisabling.parse(settings.get(DISABLE_DYNAMIC_SCRIPTING_SETTING, DISABLE_DYNAMIC_SCRIPTING_DEFAULT));
 
         CacheBuilder cacheBuilder = CacheBuilder.newBuilder();
         if (cacheMaxSize >= 0) {
@@ -130,7 +166,7 @@ public CompiledScript compile(String lang, String script) {
             lang = defaultLang;
         }
         if (!dynamicScriptEnabled(lang)) {
-            throw new ScriptException("dynamic scripting disabled");
+            throw new ScriptException("dynamic scripting for [" + lang + "] disabled");
         }
         CacheKey cacheKey = new CacheKey(lang, script);
         compiled = cache.getIfPresent(cacheKey);
@@ -180,12 +216,16 @@ private boolean dynamicScriptEnabled(String lang) {
         if (service == null) {
             throw new ElasticsearchIllegalArgumentException("script_lang not supported [" + lang + "]");
         }
-        // Templating languages and native scripts are always allowed
-        // "native" executions are registered through plugins
-        if (service.sandboxed() || "native".equals(lang)) {
+
+        // Templating languages (mustache) and native scripts are always
+        // allowed, "native" executions are registered through plugins
+        if (this.dynamicScriptingDisabled == DynamicScriptDisabling.EVERYTHING_ALLOWED || "native".equals(lang) || "mustache".equals(lang)) {
             return true;
+        } else if (this.dynamicScriptingDisabled == DynamicScriptDisabling.ONLY_DISK_ALLOWED) {
+            return false;
+        } else {
+            return service.sandboxed();
         }
-        return !disableDynamic;
     }
 
     private class ScriptChangesListener extends FileChangesListener {