Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.codehaus.groovy.control.customizers
Class SecureASTCustomizer

java.lang.Object
  extended by org.codehaus.groovy.control.CompilationUnit.PrimaryClassNodeOperation
      extended by org.codehaus.groovy.control.customizers.CompilationCustomizer
          extended by org.codehaus.groovy.control.customizers.SecureASTCustomizer

public class SecureASTCustomizer
extends CompilationCustomizer

This customizer allows securing source code by controlling what code constructs are allowed. For example, if you only want to allow arithmetic operations in a groovy shell, you can configure this customizer to restrict package imports, method calls and so on.

Most of the securization options found in this class work with either blacklist or whitelist. This means that, for a single option, you can set a whitelist OR a blacklist, but not both. You can mix whitelist/blacklist strategies for different options. For example, you can have import whitelist and tokens blacklist.

The recommanded way of securing shells is to use whitelists because it is guaranteed that future features of the Groovy language won't be allowed by defaut. Using blacklists, you can limit the features of the languages by opting out, but new language features would require you to update your configuration.

If you set neither a whitelist nor a blacklist, then everything is authorized.

Combinations of import and star imports constraints are authorized as long as you use the same type of list for both. For example, you may use an import whitelist and a star import whitelist together, but you cannot use an import white list with a star import blacklist. static imports are handled separately, meaning that blacklisting an import does not prevent from using a static import.

Eventually, if the features provided here are not sufficient, you may implement custom AST filtering handlers, either implementing the SecureASTCustomizer.StatementChecker interface or SecureASTCustomizer.ExpressionChecker interface then register your handlers thanks to the addExpressionCheckers(org.codehaus.groovy.control.customizers.SecureASTCustomizer.ExpressionChecker...) and addStatementCheckers(org.codehaus.groovy.control.customizers.SecureASTCustomizer.StatementChecker...) methods.

Here is an example of usage. We will create a groovy classloader which only supports arithmetic operations and imports the java.lang.Math classes by default. 

 final ImportCustomizer imports = new ImportCustomizer().addStaticStars('java.lang.Math') // add static import of java.lang.Math
             final SecureASTCustomizer secure = new SecureASTCustomizer()
             secure.with {
                 closuresAllowed = false
                 methodDefinitionAllowed = false

                 importsWhitelist = []
                 staticImportsWhitelist = []
                 staticStarImportsWhitelist = ['java.lang.Math'] // only java.lang.Math is allowed

                 tokensWhitelist = [
                         PLUS,
                         MINUS,
                         MULTIPLY,
                         DIVIDE,
                         MOD,
                         POWER,
                         PLUS_PLUS,
                         MINUS_MINUS,
                         COMPARE_EQUAL,
                         COMPARE_NOT_EQUAL,
                         COMPARE_LESS_THAN,
                         COMPARE_LESS_THAN_EQUAL,
                         COMPARE_GREATER_THAN,
                         COMPARE_GREATER_THAN_EQUAL,
                 ].asImmutable()

                 constantTypesClassesWhiteList = [
                         Integer,
                         Float,
                         Long,
                         Double,
                         BigDecimal,
                         Integer.TYPE,
                         Long.TYPE,
                         Float.TYPE,
                         Double.TYPE
                 ].asImmutable()

                 receiversClassesWhiteList = [
                         Math,
                         Integer,
                         Float,
                         Double,
                         Long,
                         BigDecimal
                 ].asImmutable()
             }
             CompilerConfiguration config = new CompilerConfiguration()
             config.addCompilationCustomizers(imports, secure)
             GroovyClassLoader loader = new GroovyClassLoader(this.class.classLoader, config)

Since:
1.8.0
Author:
Cedric Champeau, Guillaume Laforge, Hamlet D'Arcy

Nested Class Summary
static interface SecureASTCustomizer.ExpressionChecker
          This interface allows the user to plugin custom expression checkers if expression blacklist or whitelist are not sufficient
static interface SecureASTCustomizer.StatementChecker
          This interface allows the user to plugin custom statement checkers if statement blacklist or whitelist are not sufficient
 
Constructor Summary
SecureASTCustomizer()
           
 
Method Summary
 void addExpressionCheckers(SecureASTCustomizer.ExpressionChecker... checkers)
           
 void addStatementCheckers(SecureASTCustomizer.StatementChecker... checkers)
           
 void call(SourceUnit source, GeneratorContext context, ClassNode classNode)
           
 List<String> getConstantTypesBlackList()
           
 List<String> getConstantTypesWhiteList()
           
 List<Class<? extends Expression>> getExpressionsBlacklist()
           
 List<Class<? extends Expression>> getExpressionsWhitelist()
           
 List<String> getImportsBlacklist()
           
 List<String> getImportsWhitelist()
           
 List<String> getReceiversBlackList()
           
 List<String> getReceiversWhiteList()
           
 List<String> getStarImportsBlacklist()
           
 List<String> getStarImportsWhitelist()
           
 List<Class<? extends Statement>> getStatementsBlacklist()
           
 List<Class<? extends Statement>> getStatementsWhitelist()
           
 List<String> getStaticImportsBlacklist()
           
 List<String> getStaticImportsWhitelist()
           
 List<String> getStaticStarImportsBlacklist()
           
 List<String> getStaticStarImportsWhitelist()
           
 List<Integer> getTokensBlacklist()
           
 List<Integer> getTokensWhitelist()
           
 boolean isClosuresAllowed()
           
 boolean isIndirectImportCheckEnabled()
           
 boolean isMethodDefinitionAllowed()
           
 boolean isPackageAllowed()
           
 void setClosuresAllowed(boolean closuresAllowed)
           
 void setConstantTypesBlackList(List<String> constantTypesBlackList)
           
 void setConstantTypesClassesBlackList(List<Class> constantTypesBlackList)
          An alternative way of setting constant types.
 void setConstantTypesClassesWhiteList(List<Class> constantTypesWhiteList)
          An alternative way of setting constant types.
 void setConstantTypesWhiteList(List<String> constantTypesWhiteList)
           
 void setExpressionsBlacklist(List<Class<? extends Expression>> expressionsBlacklist)
           
 void setExpressionsWhitelist(List<Class<? extends Expression>> expressionsWhitelist)
           
 void setImportsBlacklist(List<String> importsBlacklist)
           
 void setImportsWhitelist(List<String> importsWhitelist)
           
 void setIndirectImportCheckEnabled(boolean indirectImportCheckEnabled)
          Set this option to true if you want your import rules to be checked against every class node.
 void setMethodDefinitionAllowed(boolean methodDefinitionAllowed)
           
 void setPackageAllowed(boolean packageAllowed)
           
 void setReceiversBlackList(List<String> receiversBlackList)
          Sets the list of classes which deny method calls.
 void setReceiversClassesBlackList(List<Class> receiversBlacklist)
          An alternative way of setting receiver classes.
 void setReceiversClassesWhiteList(List<Class> receiversWhitelist)
          An alternative way of setting receiver classes.
 void setReceiversWhiteList(List<String> receiversWhiteList)
          Sets the list of classes which may accept method calls.
 void setStarImportsBlacklist(List<String> starImportsBlacklist)
           
 void setStarImportsWhitelist(List<String> starImportsWhitelist)
           
 void setStatementsBlacklist(List<Class<? extends Statement>> statementsBlacklist)
           
 void setStatementsWhitelist(List<Class<? extends Statement>> statementsWhitelist)
           
 void setStaticImportsBlacklist(List<String> staticImportsBlacklist)
           
 void setStaticImportsWhitelist(List<String> staticImportsWhitelist)
           
 void setStaticStarImportsBlacklist(List<String> staticStarImportsBlacklist)
           
 void setStaticStarImportsWhitelist(List<String> staticStarImportsWhitelist)
           
 void setTokensBlacklist(List<Integer> tokensBlacklist)
          Sets the list of tokens which are blacklisted.
 void setTokensWhitelist(List<Integer> tokensWhitelist)
          Sets the list of tokens which are whitelisted.
 
Methods inherited from class org.codehaus.groovy.control.customizers.CompilationCustomizer
getPhase
 
Methods inherited from class org.codehaus.groovy.control.CompilationUnit.PrimaryClassNodeOperation
needSortedInput
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SecureASTCustomizer

public SecureASTCustomizer()
Method Detail

isMethodDefinitionAllowed

public boolean isMethodDefinitionAllowed()

setMethodDefinitionAllowed

public void setMethodDefinitionAllowed(boolean methodDefinitionAllowed)

isPackageAllowed

public boolean isPackageAllowed()

isClosuresAllowed

public boolean isClosuresAllowed()

setClosuresAllowed

public void setClosuresAllowed(boolean closuresAllowed)

setPackageAllowed

public void setPackageAllowed(boolean packageAllowed)

getImportsBlacklist

public List<String> getImportsBlacklist()

setImportsBlacklist

public void setImportsBlacklist(List<String> importsBlacklist)

getImportsWhitelist

public List<String> getImportsWhitelist()

setImportsWhitelist

public void setImportsWhitelist(List<String> importsWhitelist)

getStarImportsBlacklist

public List<String> getStarImportsBlacklist()

setStarImportsBlacklist

public void setStarImportsBlacklist(List<String> starImportsBlacklist)

getStarImportsWhitelist

public List<String> getStarImportsWhitelist()

setStarImportsWhitelist

public void setStarImportsWhitelist(List<String> starImportsWhitelist)

getStaticImportsBlacklist

public List<String> getStaticImportsBlacklist()

setStaticImportsBlacklist

public void setStaticImportsBlacklist(List<String> staticImportsBlacklist)

getStaticImportsWhitelist

public List<String> getStaticImportsWhitelist()

setStaticImportsWhitelist

public void setStaticImportsWhitelist(List<String> staticImportsWhitelist)

getStaticStarImportsBlacklist

public List<String> getStaticStarImportsBlacklist()

setStaticStarImportsBlacklist

public void setStaticStarImportsBlacklist(List<String> staticStarImportsBlacklist)

getStaticStarImportsWhitelist

public List<String> getStaticStarImportsWhitelist()

setStaticStarImportsWhitelist

public void setStaticStarImportsWhitelist(List<String> staticStarImportsWhitelist)

getExpressionsBlacklist

public List<Class<? extends Expression>> getExpressionsBlacklist()

setExpressionsBlacklist

public void setExpressionsBlacklist(List<Class<? extends Expression>> expressionsBlacklist)

getExpressionsWhitelist

public List<Class<? extends Expression>> getExpressionsWhitelist()

setExpressionsWhitelist

public void setExpressionsWhitelist(List<Class<? extends Expression>> expressionsWhitelist)

getStatementsBlacklist

public List<Class<? extends Statement>> getStatementsBlacklist()

setStatementsBlacklist

public void setStatementsBlacklist(List<Class<? extends Statement>> statementsBlacklist)

getStatementsWhitelist

public List<Class<? extends Statement>> getStatementsWhitelist()

setStatementsWhitelist

public void setStatementsWhitelist(List<Class<? extends Statement>> statementsWhitelist)

getTokensBlacklist

public List<Integer> getTokensBlacklist()

isIndirectImportCheckEnabled

public boolean isIndirectImportCheckEnabled()

setIndirectImportCheckEnabled

public void setIndirectImportCheckEnabled(boolean indirectImportCheckEnabled)
Set this option to true if you want your import rules to be checked against every class node. This means that if someone uses a fully qualified class name, then it will also be checked against the import rules, preventing, for example, instantiation of classes without imports thanks to FQCN.

Parameters:
indirectImportCheckEnabled - set to true to enable indirect checks

setTokensBlacklist

public void setTokensBlacklist(List<Integer> tokensBlacklist)
Sets the list of tokens which are blacklisted.

Parameters:
tokensBlacklist - the tokens. The values of the tokens must be those of Types

getTokensWhitelist

public List<Integer> getTokensWhitelist()

setTokensWhitelist

public void setTokensWhitelist(List<Integer> tokensWhitelist)
Sets the list of tokens which are whitelisted.

Parameters:
tokensWhitelist - the tokens. The values of the tokens must be those of Types

addStatementCheckers

public void addStatementCheckers(SecureASTCustomizer.StatementChecker... checkers)

addExpressionCheckers

public void addExpressionCheckers(SecureASTCustomizer.ExpressionChecker... checkers)

getConstantTypesBlackList

public List<String> getConstantTypesBlackList()

setConstantTypesBlackList

public void setConstantTypesBlackList(List<String> constantTypesBlackList)

getConstantTypesWhiteList

public List<String> getConstantTypesWhiteList()

setConstantTypesWhiteList

public void setConstantTypesWhiteList(List<String> constantTypesWhiteList)

setConstantTypesClassesWhiteList

public void setConstantTypesClassesWhiteList(List<Class> constantTypesWhiteList)
An alternative way of setting constant types.

Parameters:
constantTypesWhiteList - a list of classes.

setConstantTypesClassesBlackList

public void setConstantTypesClassesBlackList(List<Class> constantTypesBlackList)
An alternative way of setting constant types.

Parameters:
constantTypesBlackList - a list of classes.

getReceiversBlackList

public List<String> getReceiversBlackList()

setReceiversBlackList

public void setReceiversBlackList(List<String> receiversBlackList)
Sets the list of classes which deny method calls.

Parameters:
receiversBlackList - the list of refused classes, as fully qualified names

setReceiversClassesBlackList

public void setReceiversClassesBlackList(List<Class> receiversBlacklist)
An alternative way of setting receiver classes.

Parameters:
receiversBlacklist - a list of classes.

getReceiversWhiteList

public List<String> getReceiversWhiteList()

setReceiversWhiteList

public void setReceiversWhiteList(List<String> receiversWhiteList)
Sets the list of classes which may accept method calls.

Parameters:
receiversWhiteList - the list of accepted classes, as fully qualified names

setReceiversClassesWhiteList

public void setReceiversClassesWhiteList(List<Class> receiversWhitelist)
An alternative way of setting receiver classes.

Parameters:
receiversWhitelist - a list of classes.

call

public void call(SourceUnit source,
                 GeneratorContext context,
                 ClassNode classNode)
          throws CompilationFailedException
Specified by:
call in class CompilationUnit.PrimaryClassNodeOperation
Throws:
CompilationFailedException
Overview  Package   Class  Tree  Deprecated  Index  Help 
Copyright © 2003-2012 The Codehaus. All rights reserved.
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD