SecureASTCustomizer (groovy 2.4.15 API)

org.codehaus.groovy.control.customizers.SecureASTCustomizer

This customizer allows securing source code by controlling what code constructs are allowed. For example, if you only want to allow arithmetic operations in a groovy shell, you can configure this customizer to restrict package imports, method calls and so on.

Most of the security customization options found in this class work with either blacklist or whitelist. This means that, for a single option, you can set a whitelist OR a blacklist, but not both. You can mix whitelist/blacklist strategies for different options. For example, you can have import whitelist and tokens blacklist.

The recommended way of securing shells is to use whitelists because it is guaranteed that future features of the Groovy language won't be allowed by defaut. Using blacklists, you can limit the features of the languages by opting out, but new language features would require you to update your configuration.

If you set neither a whitelist nor a blacklist, then everything is authorized.

Combinations of import and star imports constraints are authorized as long as you use the same type of list for both. For example, you may use an import whitelist and a star import whitelist together, but you cannot use an import white list with a star import blacklist. static imports are handled separately, meaning that blacklisting an import does not prevent from using a static import.

Eventually, if the features provided here are not sufficient, you may implement custom AST filtering handlers, either implementing the StatementChecker interface or ExpressionChecker interface then register your handlers thanks to the addExpressionCheckers(org.codehaus.groovy.control.customizers.SecureASTCustomizer.ExpressionChecker...) and addStatementCheckers(org.codehaus.groovy.control.customizers.SecureASTCustomizer.StatementChecker...) methods.

Here is an example of usage. We will create a groovy classloader which only supports arithmetic operations and imports the java.lang.Math classes by default.

 final ImportCustomizer imports = new ImportCustomizer().addStaticStars('java.lang.Math') // add static import of java.lang.Math
             final SecureASTCustomizer secure = new SecureASTCustomizer()
             secure.with {
                 closuresAllowed = false
                 methodDefinitionAllowed = false

                 importsWhitelist = []
                 staticImportsWhitelist = []
                 staticStarImportsWhitelist = ['java.lang.Math'] // only java.lang.Math is allowed

                 tokensWhitelist = [
                         PLUS,
                         MINUS,
                         MULTIPLY,
                         DIVIDE,
                         MOD,
                         POWER,
                         PLUS_PLUS,
                         MINUS_MINUS,
                         COMPARE_EQUAL,
                         COMPARE_NOT_EQUAL,
                         COMPARE_LESS_THAN,
                         COMPARE_LESS_THAN_EQUAL,
                         COMPARE_GREATER_THAN,
                         COMPARE_GREATER_THAN_EQUAL,
                 ].asImmutable()

                 constantTypesClassesWhiteList = [
                         Integer,
                         Float,
                         Long,
                         Double,
                         BigDecimal,
                         Integer.TYPE,
                         Long.TYPE,
                         Float.TYPE,
                         Double.TYPE
                 ].asImmutable()

                 receiversClassesWhiteList = [
                         Math,
                         Integer,
                         Float,
                         Double,
                         Long,
                         BigDecimal
                 ].asImmutable()
             }
             CompilerConfiguration config = new CompilerConfiguration()
             config.addCompilationCustomizers(imports, secure)
             GroovyClassLoader loader = new GroovyClassLoader(this.class.classLoader, config)

Authors:: Cedric Champeau; Guillaume Laforge; Hamlet D'Arcy

Since:: 1.8.0

Nested Class Summary

Nested classes
Modifiers	Name	Description
`interface`	`SecureASTCustomizer.ExpressionChecker`	This interface allows the user to plugin custom expression checkers if expression blacklist or whitelist are not sufficient
`interface`	`SecureASTCustomizer.StatementChecker`	This interface allows the user to plugin custom statement checkers if statement blacklist or whitelist are not sufficient

Constructor Summary

Constructors
Constructor and description
`SecureASTCustomizer ()`

Methods Summary

Methods
Type Params	Return Type	Name and description
	`void`	`addExpressionCheckers(SecureASTCustomizer.ExpressionChecker... checkers)`
	`void`	`addStatementCheckers(SecureASTCustomizer.StatementChecker... checkers)`
	`void`	`call(SourceUnit source, GeneratorContext context, ClassNode classNode)`
	`List<String>`	`getConstantTypesBlackList()`
	`List<String>`	`getConstantTypesWhiteList()`
	`List<Class<? extends Expression>>`	`getExpressionsBlacklist()`
	`List<Class<? extends Expression>>`	`getExpressionsWhitelist()`
	`List<String>`	`getImportsBlacklist()`
	`List<String>`	`getImportsWhitelist()`
	`List<String>`	`getReceiversBlackList()`
	`List<String>`	`getReceiversWhiteList()`
	`List<String>`	`getStarImportsBlacklist()`
	`List<String>`	`getStarImportsWhitelist()`
	`List<Class<? extends Statement>>`	`getStatementsBlacklist()`
	`List<Class<? extends Statement>>`	`getStatementsWhitelist()`
	`List<String>`	`getStaticImportsBlacklist()`
	`List<String>`	`getStaticImportsWhitelist()`
	`List<String>`	`getStaticStarImportsBlacklist()`
	`List<String>`	`getStaticStarImportsWhitelist()`
	`List<Integer>`	`getTokensBlacklist()`
	`List<Integer>`	`getTokensWhitelist()`
	`boolean`	`isClosuresAllowed()`
	`boolean`	`isIndirectImportCheckEnabled()`
	`boolean`	`isMethodDefinitionAllowed()`
	`boolean`	`isPackageAllowed()`
	`void`	`setClosuresAllowed(boolean closuresAllowed)`
	`void`	`setConstantTypesBlackList(List<String> constantTypesBlackList)`
	`void`	`setConstantTypesClassesBlackList(List<Class> constantTypesBlackList)` An alternative way of setting constant types.
	`void`	`setConstantTypesClassesWhiteList(List<Class> constantTypesWhiteList)` An alternative way of setting constant types.
	`void`	`setConstantTypesWhiteList(List<String> constantTypesWhiteList)`
	`void`	`setExpressionsBlacklist(List<Class<? extends Expression>> expressionsBlacklist)`
	`void`	`setExpressionsWhitelist(List<Class<? extends Expression>> expressionsWhitelist)`
	`void`	`setImportsBlacklist(List<String> importsBlacklist)`
	`void`	`setImportsWhitelist(List<String> importsWhitelist)`
	`void`	`setIndirectImportCheckEnabled(boolean indirectImportCheckEnabled)` Set this option to true if you want your import rules to be checked against every class node.
	`void`	`setMethodDefinitionAllowed(boolean methodDefinitionAllowed)`
	`void`	`setPackageAllowed(boolean packageAllowed)`
	`void`	`setReceiversBlackList(List<String> receiversBlackList)` Sets the list of classes which deny method calls.
	`void`	`setReceiversClassesBlackList(List<Class> receiversBlacklist)` An alternative way of setting receiver classes.
	`void`	`setReceiversClassesWhiteList(List<Class> receiversWhitelist)` An alternative way of setting receiver classes.
	`void`	`setReceiversWhiteList(List<String> receiversWhiteList)` Sets the list of classes which may accept method calls.
	`void`	`setStarImportsBlacklist(List<String> starImportsBlacklist)`
	`void`	`setStarImportsWhitelist(List<String> starImportsWhitelist)`
	`void`	`setStatementsBlacklist(List<Class<? extends Statement>> statementsBlacklist)`
	`void`	`setStatementsWhitelist(List<Class<? extends Statement>> statementsWhitelist)`
	`void`	`setStaticImportsBlacklist(List<String> staticImportsBlacklist)`
	`void`	`setStaticImportsWhitelist(List<String> staticImportsWhitelist)`
	`void`	`setStaticStarImportsBlacklist(List<String> staticStarImportsBlacklist)`
	`void`	`setStaticStarImportsWhitelist(List<String> staticStarImportsWhitelist)`
	`void`	`setTokensBlacklist(List<Integer> tokensBlacklist)` Sets the list of tokens which are blacklisted.
	`void`	`setTokensWhitelist(List<Integer> tokensWhitelist)` Sets the list of tokens which are whitelisted.

Inherited Methods Summary

Inherited Methods
Methods inherited from class	Name
`class CompilationCustomizer`	`getPhase`

- Constructor Detail
  - public SecureASTCustomizer()
- Method Detail
  - public void addExpressionCheckers(SecureASTCustomizer.ExpressionChecker... checkers)
  - public void addStatementCheckers(SecureASTCustomizer.StatementChecker... checkers)
  - @Override public void call(SourceUnit source, GeneratorContext context, ClassNode classNode)
  - public List<String> getConstantTypesBlackList()
  - public List<String> getConstantTypesWhiteList()
  - public List<Class<? extends Expression>> getExpressionsBlacklist()
  - public List<Class<? extends Expression>> getExpressionsWhitelist()
  - public List<String> getImportsBlacklist()
  - public List<String> getImportsWhitelist()
  - public List<String> getReceiversBlackList()
  - public List<String> getReceiversWhiteList()
  - public List<String> getStarImportsBlacklist()
  - public List<String> getStarImportsWhitelist()
  - public List<Class<? extends Statement>> getStatementsBlacklist()
  - public List<Class<? extends Statement>> getStatementsWhitelist()
  - public List<String> getStaticImportsBlacklist()
  - public List<String> getStaticImportsWhitelist()
  - public List<String> getStaticStarImportsBlacklist()
  - public List<String> getStaticStarImportsWhitelist()
  - public List<Integer> getTokensBlacklist()
  - public List<Integer> getTokensWhitelist()
  - public boolean isClosuresAllowed()
  - public boolean isIndirectImportCheckEnabled()
  - public boolean isMethodDefinitionAllowed()
  - public boolean isPackageAllowed()
  - public void setClosuresAllowed(boolean closuresAllowed)
  - public void setConstantTypesBlackList(List<String> constantTypesBlackList)
  - public void setConstantTypesClassesBlackList(List<Class> constantTypesBlackList)
    
    An alternative way of setting constant types.
    Parameters:
    constantTypesBlackList - a list of classes.
  - public void setConstantTypesClassesWhiteList(List<Class> constantTypesWhiteList)
    
    An alternative way of setting constant types.
    Parameters:
    constantTypesWhiteList - a list of classes.
  - public void setConstantTypesWhiteList(List<String> constantTypesWhiteList)
  - public void setExpressionsBlacklist(List<Class<? extends Expression>> expressionsBlacklist)
  - public void setExpressionsWhitelist(List<Class<? extends Expression>> expressionsWhitelist)
  - public void setImportsBlacklist(List<String> importsBlacklist)
  - public void setImportsWhitelist(List<String> importsWhitelist)
  - public void setIndirectImportCheckEnabled(boolean indirectImportCheckEnabled)
    
    Set this option to true if you want your import rules to be checked against every class node. This means that if someone uses a fully qualified class name, then it will also be checked against the import rules, preventing, for example, instantiation of classes without imports thanks to FQCN.
    Parameters:
    indirectImportCheckEnabled - set to true to enable indirect checks
  - public void setMethodDefinitionAllowed(boolean methodDefinitionAllowed)
  - public void setPackageAllowed(boolean packageAllowed)
  - public void setReceiversBlackList(List<String> receiversBlackList)
    
    Sets the list of classes which deny method calls. Please note that since Groovy is a dynamic language, and this class performs a static type check, it will be reletively simple to bypass any blacklist unless the receivers blacklist contains, at a minimum, Object, Script, GroovyShell, and Eval. Additionally, it is necessary to also blacklist MethodPointerExpression in the expressions blacklist for the receivers blacklist to function as a security check.
    Parameters:
    receiversBlackList - the list of refused classes, as fully qualified names
  - public void setReceiversClassesBlackList(List<Class> receiversBlacklist)
    
    An alternative way of setting receiver classes.
    Parameters:
    receiversBlacklist - a list of classes.
  - public void setReceiversClassesWhiteList(List<Class> receiversWhitelist)
    
    An alternative way of setting receiver classes.
    Parameters:
    receiversWhitelist - a list of classes.
  - public void setReceiversWhiteList(List<String> receiversWhiteList)
    
    Sets the list of classes which may accept method calls.
    Parameters:
    receiversWhiteList - the list of accepted classes, as fully qualified names
  - public void setStarImportsBlacklist(List<String> starImportsBlacklist)
  - public void setStarImportsWhitelist(List<String> starImportsWhitelist)
  - public void setStatementsBlacklist(List<Class<? extends Statement>> statementsBlacklist)
  - public void setStatementsWhitelist(List<Class<? extends Statement>> statementsWhitelist)
  - public void setStaticImportsBlacklist(List<String> staticImportsBlacklist)
  - public void setStaticImportsWhitelist(List<String> staticImportsWhitelist)
  - public void setStaticStarImportsBlacklist(List<String> staticStarImportsBlacklist)
  - public void setStaticStarImportsWhitelist(List<String> staticStarImportsWhitelist)
  - public void setTokensBlacklist(List<Integer> tokensBlacklist)
    
    Sets the list of tokens which are blacklisted.
    Parameters:
    tokensBlacklist - the tokens. The values of the tokens must be those of Types
  - public void setTokensWhitelist(List<Integer> tokensWhitelist)
    
    Sets the list of tokens which are whitelisted.
    Parameters:
    tokensWhitelist - the tokens. The values of the tokens must be those of Types

Summary:
Nested
Constructor
Method

| Detail:
Constructor
Method

[Java] Class SecureASTCustomizer

Nested Class Summary

Constructor Summary

Methods Summary

Inherited Methods Summary

Constructor Detail

public SecureASTCustomizer()

Method Detail

public void addExpressionCheckers(SecureASTCustomizer.ExpressionChecker... checkers)

public void addStatementCheckers(SecureASTCustomizer.StatementChecker... checkers)

@Override public void call(SourceUnit source, GeneratorContext context, ClassNode classNode)

public List<String> getConstantTypesBlackList()

public List<String> getConstantTypesWhiteList()

public List<Class<? extends Expression>> getExpressionsBlacklist()

public List<Class<? extends Expression>> getExpressionsWhitelist()

public List<String> getImportsBlacklist()

public List<String> getImportsWhitelist()

public List<String> getReceiversBlackList()

public List<String> getReceiversWhiteList()

public List<String> getStarImportsBlacklist()

public List<String> getStarImportsWhitelist()

public List<Class<? extends Statement>> getStatementsBlacklist()

public List<Class<? extends Statement>> getStatementsWhitelist()

public List<String> getStaticImportsBlacklist()

public List<String> getStaticImportsWhitelist()

public List<String> getStaticStarImportsBlacklist()

public List<String> getStaticStarImportsWhitelist()

public List<Integer> getTokensBlacklist()

public List<Integer> getTokensWhitelist()

public boolean isClosuresAllowed()

public boolean isIndirectImportCheckEnabled()

public boolean isMethodDefinitionAllowed()

public boolean isPackageAllowed()

public void setClosuresAllowed(boolean closuresAllowed)

public void setConstantTypesBlackList(List<String> constantTypesBlackList)

public void setConstantTypesClassesBlackList(List<Class> constantTypesBlackList)

public void setConstantTypesClassesWhiteList(List<Class> constantTypesWhiteList)

public void setConstantTypesWhiteList(List<String> constantTypesWhiteList)

public void setExpressionsBlacklist(List<Class<? extends Expression>> expressionsBlacklist)

public void setExpressionsWhitelist(List<Class<? extends Expression>> expressionsWhitelist)

public void setImportsBlacklist(List<String> importsBlacklist)

public void setImportsWhitelist(List<String> importsWhitelist)

public void setIndirectImportCheckEnabled(boolean indirectImportCheckEnabled)

public void setMethodDefinitionAllowed(boolean methodDefinitionAllowed)

public void setPackageAllowed(boolean packageAllowed)

public void setReceiversBlackList(List<String> receiversBlackList)

public void setReceiversClassesBlackList(List<Class> receiversBlacklist)

public void setReceiversClassesWhiteList(List<Class> receiversWhitelist)

public void setReceiversWhiteList(List<String> receiversWhiteList)

public void setStarImportsBlacklist(List<String> starImportsBlacklist)

public void setStarImportsWhitelist(List<String> starImportsWhitelist)

public void setStatementsBlacklist(List<Class<? extends Statement>> statementsBlacklist)

public void setStatementsWhitelist(List<Class<? extends Statement>> statementsWhitelist)

public void setStaticImportsBlacklist(List<String> staticImportsBlacklist)

public void setStaticImportsWhitelist(List<String> staticImportsWhitelist)

public void setStaticStarImportsBlacklist(List<String> staticStarImportsBlacklist)

public void setStaticStarImportsWhitelist(List<String> staticStarImportsWhitelist)

public void setTokensBlacklist(List<Integer> tokensBlacklist)

public void setTokensWhitelist(List<Integer> tokensWhitelist)