Skip to content
(Deprecated) Compile-time transformer to run Groovy code in a restrictive sandbox
Java Groovy Shell
Branch: master
Clone or download

Latest commit

dwnusbaum Merge pull request #63 from dwnusbaum/update-readme
Update README to explicitly discourage use of this library from outside of Jenkins
Latest commit b14b55d May 28, 2020

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.mvn [SECURITY-1658] Transform initial expressions for parameters in closu… Nov 15, 2019
src Remove Maven site May 26, 2020
.gitignore Ignore files Apr 28, 2012
Jenkinsfile mvn not in $PATH. Fine, wait for an available Docker agent. Nov 27, 2017
LICENSE.md Adding the license explicitly by request Oct 28, 2014
README.md Update README to explicitly discourage use of this library from outsi… Apr 21, 2020
ast.sh doc improvement Aug 9, 2013
pom.xml Remove Maven site May 26, 2020

README.md

groovy-sandbox

WARNING This library is only maintained in the context of Jenkins, and should only be used as a dependency of Jenkins plugins such as Script Security Plugin and Pipeline: Groovy Plugin. It should be considered deprecated and unsafe for all other purposes.

This library provides a compile-time transformer to run Groovy code in an environment in which most operations, such as method calls, are intercepted before being executed. Consumers of the library can hook into the interception to allow or deny specific operations.

This library is not secure when used by itself. In particular, you must at least use an additional CompilationCustomizer along the lines of RejectASTTransformsCustomizer to reject AST transformations that can bypass the sandbox, and you need to take special care to ensure untrusted scripts are both parsed and executed inside of the sandbox.

You can’t perform that action at this time.