org.codehaus.groovy.control.customizers

Class SecureASTCustomizer

java.lang.Object

org.codehaus.groovy.control.CompilationUnit.PrimaryClassNodeOperation

org.codehaus.groovy.control.customizers.CompilationCustomizer

org.codehaus.groovy.control.customizers.SecureASTCustomizer

public class SecureASTCustomizer
extends CompilationCustomizer

This customizer allows securing source code by controlling what code constructs are permitted. This is typically done when using Groovy for its scripting or domain specific language (DSL) features. For example, if you only want to allow arithmetic operations in a groovy shell, you can configure this customizer to restrict package imports, method calls and so on.

Most of the security customization options found in this class work with either allowed or disallowed lists. This means that, for a single option, you can set an allowed list OR a disallowed list, but not both. You can mix allowed/disallowed strategies for different options. For example, you can have an allowed import list and a disallowed tokens list.

The recommended way of securing shells is to use allowed lists because it is guaranteed that future features of the Groovy language won't be accidentally allowed unless explicitly added to the allowed list. Using disallowed lists, you can limit the features of the language constructs supported by your shell by opting out, but new language features are then implicitly also available and this may not be desirable. The implication is that you might need to update your configuration with each new release.

If neither an allowed list nor a disallowed list is set, then everything is permitted.

Combinations of import and star import constraints are authorized as long as you use the same type of list for both. For example, you may use an import allowed list and a star import allowed list together, but you cannot use an import allowed list with a star import disallowed list. Static imports are handled separately, meaning that disallowing an import does not prevent from allowing a static import.

Eventually, if the features provided here are not sufficient, you may implement custom AST filtering handlers, either implementing the SecureASTCustomizer.StatementChecker interface or SecureASTCustomizer.ExpressionChecker interface then register your handlers thanks to the addExpressionCheckers(org.codehaus.groovy.control.customizers.SecureASTCustomizer.ExpressionChecker...) and addStatementCheckers(org.codehaus.groovy.control.customizers.SecureASTCustomizer.StatementChecker...) methods.

Here is an example of usage. We will create a groovy classloader which only supports arithmetic operations and imports the java.lang.Math classes by default.

 final ImportCustomizer imports = new ImportCustomizer().addStaticStars('java.lang.Math') // add static import of java.lang.Math
     final SecureASTCustomizer secure = new SecureASTCustomizer()
     secure.with {
         closuresAllowed = false
         methodDefinitionAllowed = false

         allowedImports = []
         allowedStaticImports = []
         allowedStaticStarImports = ['java.lang.Math'] // only java.lang.Math is allowed

         allowedTokens = [
                 PLUS,
                 MINUS,
                 MULTIPLY,
                 DIVIDE,
                 MOD,
                 POWER,
                 PLUS_PLUS,
                 MINUS_MINUS,
                 COMPARE_EQUAL,
                 COMPARE_NOT_EQUAL,
                 COMPARE_LESS_THAN,
                 COMPARE_LESS_THAN_EQUAL,
                 COMPARE_GREATER_THAN,
                 COMPARE_GREATER_THAN_EQUAL,
         ].asImmutable()

         allowedConstantTypesClasses = [
                 Integer,
                 Float,
                 Long,
                 Double,
                 BigDecimal,
                 Integer.TYPE,
                 Long.TYPE,
                 Float.TYPE,
                 Double.TYPE
         ].asImmutable()

         allowedReceiversClasses = [
                 Math,
                 Integer,
                 Float,
                 Double,
                 Long,
                 BigDecimal
         ].asImmutable()
     }
     CompilerConfiguration config = new CompilerConfiguration()
     config.addCompilationCustomizers(imports, secure)
     GroovyClassLoader loader = new GroovyClassLoader(this.class.classLoader, config)
  

Since:

1.8.0

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static interface	SecureASTCustomizer.ExpressionChecker This interface allows the user to provide a custom expression checker if the dis/allowed expression lists are not sufficient
static interface	SecureASTCustomizer.StatementChecker This interface allows the user to provide a custom statement checker if the dis/allowed statement lists are not sufficient

Constructor Summary

Constructors

Constructor and Description
SecureASTCustomizer()

Method Summary

Modifier and Type	Method and Description
void	addExpressionCheckers(SecureASTCustomizer.ExpressionChecker... checkers)
void	addStatementCheckers(SecureASTCustomizer.StatementChecker... checkers)
void	call(SourceUnit source, GeneratorContext context, ClassNode classNode)
List<String>	getAllowedConstantTypes()
List<Class<? extends Expression>>	getAllowedExpressions()
List<String>	getAllowedImports()
List<String>	getAllowedReceivers()
List<String>	getAllowedStarImports()
List<Class<? extends Statement>>	getAllowedStatements()
List<String>	getAllowedStaticImports()
List<String>	getAllowedStaticStarImports()
List<Integer>	getAllowedTokens()
List<String>	getConstantTypesBlackList() Legacy alias for getDisallowedConstantTypes()
List<String>	getConstantTypesWhiteList() Legacy alias for getAllowedStatements()
List<String>	getDisallowedConstantTypes()
List<Class<? extends Expression>>	getDisallowedExpressions()
List<String>	getDisallowedImports()
List<String>	getDisallowedReceivers()
List<String>	getDisallowedStarImports()
List<Class<? extends Statement>>	getDisallowedStatements()
List<String>	getDisallowedStaticImports()
List<String>	getDisallowedStaticStarImports()
List<Integer>	getDisallowedTokens()
List<Class<? extends Expression>>	getExpressionsBlacklist() Legacy alias for getDisallowedExpressions()
List<Class<? extends Expression>>	getExpressionsWhitelist() Legacy alias for getAllowedExpressions()
List<String>	getImportsBlacklist() Legacy alias for getDisallowedImports()
List<String>	getImportsWhitelist() Legacy alias for getAllowedImports()
List<String>	getReceiversBlackList() Legacy alias for getDisallowedReceivers()
List<String>	getReceiversWhiteList() Legacy alias for getAllowedReceivers()
List<String>	getStarImportsBlacklist() Legacy alias for getDisallowedStarImports()
List<String>	getStarImportsWhitelist() Legacy alias for getAllowedStarImports()
List<Class<? extends Statement>>	getStatementsBlacklist() Legacy alias for getDisallowedStatements()
List<Class<? extends Statement>>	getStatementsWhitelist() Legacy alias for getAllowedStatements()
List<String>	getStaticImportsBlacklist() Legacy alias for getDisallowedStaticImports()
List<String>	getStaticImportsWhitelist() Legacy alias for getAllowedStaticImports()
List<String>	getStaticStarImportsBlacklist() Legacy alias for getDisallowedStaticStarImports()
List<String>	getStaticStarImportsWhitelist() Legacy alias for getAllowedStaticStarImports()
List<Integer>	getTokensBlacklist() Legacy alias for getDisallowedTokens()
List<Integer>	getTokensWhitelist() Legacy alias for getAllowedTokens()
boolean	isClosuresAllowed()
boolean	isIndirectImportCheckEnabled()
boolean	isMethodDefinitionAllowed()
boolean	isPackageAllowed()
void	setAllowedConstantTypes(List<String> allowedConstantTypes)
void	setAllowedConstantTypesClasses(List<Class> allowedConstantTypes) An alternative way of setting constant types.
void	setAllowedExpressions(List<Class<? extends Expression>> allowedExpressions)
void	setAllowedImports(List<String> allowedImports)
void	setAllowedReceivers(List<String> allowedReceivers) Sets the list of classes which may accept method calls.
void	setAllowedReceiversClasses(List<Class> allowedReceivers) An alternative way of setting receiver classes.
void	setAllowedStarImports(List<String> allowedStarImports)
void	setAllowedStatements(List<Class<? extends Statement>> allowedStatements)
void	setAllowedStaticImports(List<String> allowedStaticImports)
void	setAllowedStaticStarImports(List<String> allowedStaticStarImports)
void	setAllowedTokens(List<Integer> allowedTokens) Sets the list of tokens which are permitted.
void	setClosuresAllowed(boolean closuresAllowed)
void	setConstantTypesBlackList(List<String> constantTypesBlackList)
void	setConstantTypesClassesBlackList(List<Class> disallowedConstantTypes) Legacy alias for setDisallowedConstantTypesClasses(List)
void	setConstantTypesClassesWhiteList(List<Class> allowedConstantTypes) Legacy alias for setAllowedConstantTypesClasses(List)
void	setConstantTypesWhiteList(List<String> allowedConstantTypes) Legacy alias for setAllowedConstantTypes(List)
void	setDisallowedConstantTypesClasses(List<Class> disallowedConstantTypes) An alternative way of setting constant types.
void	setDisallowedExpressions(List<Class<? extends Expression>> disallowedExpressions)
void	setDisallowedImports(List<String> disallowedImports)
void	setDisallowedReceivers(List<String> disallowedReceivers) Sets the list of classes which deny method calls.
void	setDisallowedReceiversClasses(List<Class> disallowedReceivers) An alternative way of setting receiver classes.
void	setDisallowedStarImports(List<String> disallowedStarImports)
void	setDisallowedStatements(List<Class<? extends Statement>> disallowedStatements)
void	setDisallowedStaticImports(List<String> disallowedStaticImports)
void	setDisallowedStaticStarImports(List<String> disallowedStaticStarImports)
void	setDisallowedTokens(List<Integer> disallowedTokens) Sets the list of tokens which are not permitted.
void	setExpressionsBlacklist(List<Class<? extends Expression>> disallowedExpressions) Legacy alias for setDisallowedExpressions(List)
void	setExpressionsWhitelist(List<Class<? extends Expression>> allowedExpressions) Legacy alias for setAllowedExpressions(List)
void	setImportsBlacklist(List<String> disallowedImports) Legacy alias for setDisallowedImports(List)
void	setImportsWhitelist(List<String> allowedImports) Legacy alias for setAllowedImports(List)
void	setIndirectImportCheckEnabled(boolean indirectImportCheckEnabled) Set this option to true if you want your import rules to be checked against every class node.
void	setMethodDefinitionAllowed(boolean methodDefinitionAllowed)
void	setPackageAllowed(boolean packageAllowed)
void	setReceiversBlackList(List<String> disallowedReceivers) Legacy alias for setDisallowedReceivers(List)
void	setReceiversClassesBlackList(List<Class> disallowedReceivers) Legacy alias for setDisallowedReceiversClasses(List).
void	setReceiversClassesWhiteList(List<Class> allowedReceivers) Legacy alias for setAllowedReceiversClasses(List)
void	setReceiversWhiteList(List<String> allowedReceivers) Legacy alias for setAllowedReceivers(List)
void	setStarImportsBlacklist(List<String> disallowedStarImports) Legacy alias for setDisallowedStarImports(List)
void	setStarImportsWhitelist(List<String> allowedStarImports) Legacy alias for setAllowedStarImports(List)
void	setStatementsBlacklist(List<Class<? extends Statement>> disallowedStatements) Legacy alias for setDisallowedStatements(List)
void	setStatementsWhitelist(List<Class<? extends Statement>> allowedStatements) Legacy alias for setAllowedStatements(List)
void	setStaticImportsBlacklist(List<String> disallowedStaticImports) Legacy alias for setDisallowedStaticImports(List)
void	setStaticImportsWhitelist(List<String> allowedStaticImports) Legacy alias for setAllowedStaticImports(List)
void	setStaticStarImportsBlacklist(List<String> disallowedStaticStarImports) Legacy alias for setDisallowedStaticStarImports(List)
void	setStaticStarImportsWhitelist(List<String> allowedStaticStarImports) Legacy alias for setAllowedStaticStarImports(List)
void	setTokensBlacklist(List<Integer> disallowedTokens) Alias for setDisallowedTokens(List).
void	setTokensWhitelist(List<Integer> allowedTokens) Legacy alias for setAllowedTokens(List)

Methods inherited from class org.codehaus.groovy.control.customizers.CompilationCustomizer

getPhase

Methods inherited from class org.codehaus.groovy.control.CompilationUnit.PrimaryClassNodeOperation

needSortedInput

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SecureASTCustomizer

public SecureASTCustomizer()

Method Detail

isMethodDefinitionAllowed

public boolean isMethodDefinitionAllowed()

setMethodDefinitionAllowed

public void setMethodDefinitionAllowed(boolean methodDefinitionAllowed)

isPackageAllowed

public boolean isPackageAllowed()

isClosuresAllowed

public boolean isClosuresAllowed()

setClosuresAllowed

public void setClosuresAllowed(boolean closuresAllowed)

setPackageAllowed

public void setPackageAllowed(boolean packageAllowed)

getDisallowedImports

public List<String> getDisallowedImports()

getImportsBlacklist

public List<String> getImportsBlacklist()

Legacy alias for getDisallowedImports()

setDisallowedImports

public void setDisallowedImports(List<String> disallowedImports)

setImportsBlacklist

public void setImportsBlacklist(List<String> disallowedImports)

Legacy alias for setDisallowedImports(List)

getAllowedImports

public List<String> getAllowedImports()

getImportsWhitelist

public List<String> getImportsWhitelist()

Legacy alias for getAllowedImports()

setAllowedImports

public void setAllowedImports(List<String> allowedImports)

setImportsWhitelist

public void setImportsWhitelist(List<String> allowedImports)

Legacy alias for setAllowedImports(List)

getDisallowedStarImports

public List<String> getDisallowedStarImports()

getStarImportsBlacklist

public List<String> getStarImportsBlacklist()

Legacy alias for getDisallowedStarImports()

setDisallowedStarImports

public void setDisallowedStarImports(List<String> disallowedStarImports)

setStarImportsBlacklist

public void setStarImportsBlacklist(List<String> disallowedStarImports)

Legacy alias for setDisallowedStarImports(List)

getAllowedStarImports

public List<String> getAllowedStarImports()

getStarImportsWhitelist

public List<String> getStarImportsWhitelist()

Legacy alias for getAllowedStarImports()

setAllowedStarImports

public void setAllowedStarImports(List<String> allowedStarImports)

setStarImportsWhitelist

public void setStarImportsWhitelist(List<String> allowedStarImports)

Legacy alias for setAllowedStarImports(List)

getDisallowedStaticImports

public List<String> getDisallowedStaticImports()

getStaticImportsBlacklist

public List<String> getStaticImportsBlacklist()

Legacy alias for getDisallowedStaticImports()

setDisallowedStaticImports

public void setDisallowedStaticImports(List<String> disallowedStaticImports)

setStaticImportsBlacklist

public void setStaticImportsBlacklist(List<String> disallowedStaticImports)

Legacy alias for setDisallowedStaticImports(List)

getAllowedStaticImports

public List<String> getAllowedStaticImports()

getStaticImportsWhitelist

public List<String> getStaticImportsWhitelist()

Legacy alias for getAllowedStaticImports()

setAllowedStaticImports

public void setAllowedStaticImports(List<String> allowedStaticImports)

setStaticImportsWhitelist

public void setStaticImportsWhitelist(List<String> allowedStaticImports)

Legacy alias for setAllowedStaticImports(List)

getDisallowedStaticStarImports

public List<String> getDisallowedStaticStarImports()

getStaticStarImportsBlacklist

public List<String> getStaticStarImportsBlacklist()

Legacy alias for getDisallowedStaticStarImports()

setDisallowedStaticStarImports

public void setDisallowedStaticStarImports(List<String> disallowedStaticStarImports)

setStaticStarImportsBlacklist

public void setStaticStarImportsBlacklist(List<String> disallowedStaticStarImports)

Legacy alias for setDisallowedStaticStarImports(List)

getAllowedStaticStarImports

public List<String> getAllowedStaticStarImports()

getStaticStarImportsWhitelist

public List<String> getStaticStarImportsWhitelist()

Legacy alias for getAllowedStaticStarImports()

setAllowedStaticStarImports

public void setAllowedStaticStarImports(List<String> allowedStaticStarImports)

setStaticStarImportsWhitelist

public void setStaticStarImportsWhitelist(List<String> allowedStaticStarImports)

Legacy alias for setAllowedStaticStarImports(List)

getDisallowedExpressions

public List<Class<? extends Expression>> getDisallowedExpressions()

getExpressionsBlacklist

public List<Class<? extends Expression>> getExpressionsBlacklist()

Legacy alias for getDisallowedExpressions()

setDisallowedExpressions

public void setDisallowedExpressions(List<Class<? extends Expression>> disallowedExpressions)

setExpressionsBlacklist

public void setExpressionsBlacklist(List<Class<? extends Expression>> disallowedExpressions)

Legacy alias for setDisallowedExpressions(List)

getAllowedExpressions

public List<Class<? extends Expression>> getAllowedExpressions()

getExpressionsWhitelist

public List<Class<? extends Expression>> getExpressionsWhitelist()

Legacy alias for getAllowedExpressions()

setAllowedExpressions

public void setAllowedExpressions(List<Class<? extends Expression>> allowedExpressions)

setExpressionsWhitelist

public void setExpressionsWhitelist(List<Class<? extends Expression>> allowedExpressions)

Legacy alias for setAllowedExpressions(List)

getDisallowedStatements

public List<Class<? extends Statement>> getDisallowedStatements()

getStatementsBlacklist

public List<Class<? extends Statement>> getStatementsBlacklist()

Legacy alias for getDisallowedStatements()

setDisallowedStatements

public void setDisallowedStatements(List<Class<? extends Statement>> disallowedStatements)

setStatementsBlacklist

public void setStatementsBlacklist(List<Class<? extends Statement>> disallowedStatements)

Legacy alias for setDisallowedStatements(List)

getAllowedStatements

public List<Class<? extends Statement>> getAllowedStatements()

getStatementsWhitelist

public List<Class<? extends Statement>> getStatementsWhitelist()

Legacy alias for getAllowedStatements()

setAllowedStatements

public void setAllowedStatements(List<Class<? extends Statement>> allowedStatements)

setStatementsWhitelist

public void setStatementsWhitelist(List<Class<? extends Statement>> allowedStatements)

Legacy alias for setAllowedStatements(List)

isIndirectImportCheckEnabled

public boolean isIndirectImportCheckEnabled()

setIndirectImportCheckEnabled

public void setIndirectImportCheckEnabled(boolean indirectImportCheckEnabled)

Set this option to true if you want your import rules to be checked against every class node. This means that if someone uses a fully qualified class name, then it will also be checked against the import rules, preventing, for example, instantiation of classes without imports thanks to FQCN.

Parameters:

indirectImportCheckEnabled - set to true to enable indirect checks

getDisallowedTokens

public List<Integer> getDisallowedTokens()

getTokensBlacklist

public List<Integer> getTokensBlacklist()

Legacy alias for getDisallowedTokens()

setDisallowedTokens

public void setDisallowedTokens(List<Integer> disallowedTokens)

Sets the list of tokens which are not permitted.

Parameters:

disallowedTokens - the tokens. The values of the tokens must be those of Types

setTokensBlacklist

public void setTokensBlacklist(List<Integer> disallowedTokens)

Alias for setDisallowedTokens(List).

getAllowedTokens

public List<Integer> getAllowedTokens()

getTokensWhitelist

public List<Integer> getTokensWhitelist()

Legacy alias for getAllowedTokens()

setAllowedTokens

public void setAllowedTokens(List<Integer> allowedTokens)

Sets the list of tokens which are permitted.

Parameters:

allowedTokens - the tokens. The values of the tokens must be those of Types

setTokensWhitelist

public void setTokensWhitelist(List<Integer> allowedTokens)

Legacy alias for setAllowedTokens(List)

addStatementCheckers

public void addStatementCheckers(SecureASTCustomizer.StatementChecker... checkers)

addExpressionCheckers

public void addExpressionCheckers(SecureASTCustomizer.ExpressionChecker... checkers)

getDisallowedConstantTypes

public List<String> getDisallowedConstantTypes()

getConstantTypesBlackList

public List<String> getConstantTypesBlackList()

Legacy alias for getDisallowedConstantTypes()

setConstantTypesBlackList

public void setConstantTypesBlackList(List<String> constantTypesBlackList)

getAllowedConstantTypes

public List<String> getAllowedConstantTypes()

getConstantTypesWhiteList

public List<String> getConstantTypesWhiteList()

Legacy alias for getAllowedStatements()

setAllowedConstantTypes

public void setAllowedConstantTypes(List<String> allowedConstantTypes)

setConstantTypesWhiteList

public void setConstantTypesWhiteList(List<String> allowedConstantTypes)

Legacy alias for setAllowedConstantTypes(List)

setAllowedConstantTypesClasses

public void setAllowedConstantTypesClasses(List<Class> allowedConstantTypes)

An alternative way of setting constant types.

Parameters:

allowedConstantTypes - a list of classes.

setConstantTypesClassesWhiteList

public void setConstantTypesClassesWhiteList(List<Class> allowedConstantTypes)

Legacy alias for setAllowedConstantTypesClasses(List)

setDisallowedConstantTypesClasses

public void setDisallowedConstantTypesClasses(List<Class> disallowedConstantTypes)

An alternative way of setting constant types.

Parameters:

disallowedConstantTypes - a list of classes.

setConstantTypesClassesBlackList

public void setConstantTypesClassesBlackList(List<Class> disallowedConstantTypes)

Legacy alias for setDisallowedConstantTypesClasses(List)

getDisallowedReceivers

public List<String> getDisallowedReceivers()

getReceiversBlackList

public List<String> getReceiversBlackList()

Legacy alias for getDisallowedReceivers()

setDisallowedReceivers

public void setDisallowedReceivers(List<String> disallowedReceivers)

Sets the list of classes which deny method calls. Please note that since Groovy is a dynamic language, and this class performs a static type check, it will be relatively simple to bypass any disallowed list unless the disallowed receivers list contains, at a minimum, Object, Script, GroovyShell, and Eval. Additionally, it is necessary to also have MethodPointerExpression in the disallowed expressions list for the disallowed receivers list to function as a security check.

Parameters:

disallowedReceivers - the list of refused classes, as fully qualified names

setReceiversBlackList

public void setReceiversBlackList(List<String> disallowedReceivers)

Legacy alias for setDisallowedReceivers(List)

setDisallowedReceiversClasses

public void setDisallowedReceiversClasses(List<Class> disallowedReceivers)

An alternative way of setting receiver classes.

Parameters:

disallowedReceivers - a list of classes.

setReceiversClassesBlackList

public void setReceiversClassesBlackList(List<Class> disallowedReceivers)

Legacy alias for setDisallowedReceiversClasses(List).

getAllowedReceivers

public List<String> getAllowedReceivers()

getReceiversWhiteList

public List<String> getReceiversWhiteList()

Legacy alias for getAllowedReceivers()

setAllowedReceivers

public void setAllowedReceivers(List<String> allowedReceivers)

Sets the list of classes which may accept method calls.

Parameters:

allowedReceivers - the list of accepted classes, as fully qualified names

setReceiversWhiteList

public void setReceiversWhiteList(List<String> allowedReceivers)

Legacy alias for setAllowedReceivers(List)

setAllowedReceiversClasses

public void setAllowedReceiversClasses(List<Class> allowedReceivers)

An alternative way of setting receiver classes.

Parameters:

allowedReceivers - a list of classes.

setReceiversClassesWhiteList

public void setReceiversClassesWhiteList(List<Class> allowedReceivers)

Legacy alias for setAllowedReceiversClasses(List)

call

public void call(SourceUnit source,
                 GeneratorContext context,
                 ClassNode classNode)
          throws CompilationFailedException

Specified by:

call in class CompilationUnit.PrimaryClassNodeOperation

Throws:

CompilationFailedException