[prev in list] [next in list] [prev in thread] [next in thread]
List: groovy-dev
Subject: Re: [groovy-dev] GroovyShell / GroovyScriptEngine improvements
From: Cédric_Champeau <cedric.champeau () lingway ! com>
Date: 2011-02-24 15:27:36
Message-ID: 4D6678E8.6010800 () lingway ! com
[Download RAW message or body]
The patch is available at http://jira.codehaus.org/browse/GROOVY-4690
I have modified the ArithmeticShell example so that it uses the new
configuration features. Here's what it looks like :
| final ImportCustomizer imports = new
ImportCustomizer().addStaticStars('java.lang.Math') // add static import
of java.lang.Math
final SecureASTCustomizer secure = new SecureASTCustomizer()
secure.with {
closuresAllowed = false
methodDefinitionAllowed = false
importsWhitelist = []
staticImportsWhitelist = []
staticStarImportsWhitelist = ['java.lang.Math'] // only
java.lang.Math is allowed
tokensWhitelist = [
PLUS,
MINUS,
MULTIPLY,
DIVIDE,
MOD,
POWER,
PLUS_PLUS,
MINUS_MINUS,
COMPARE_EQUAL,
COMPARE_NOT_EQUAL,
COMPARE_LESS_THAN,
COMPARE_LESS_THAN_EQUAL,
COMPARE_GREATER_THAN,
COMPARE_GREATER_THAN_EQUAL,
].asImmutable()
constantTypesClassesWhiteList = [
Integer,
Float,
Long,
Double,
BigDecimal,
Integer.TYPE,
Long.TYPE,
Float.TYPE,
Double.TYPE
].asImmutable()
receiversClassesWhiteList = [
Math,
Integer,
Float,
Double,
Long,
BigDecimal
].asImmutable()
}
CompilerConfiguration config = new CompilerConfiguration()
config.addCompilationCustomizers(imports, secure)
GroovyClassLoader loader = new
GroovyClassLoader(this.class.classLoader, config)
|
Cheers,
Cédric
Le 19/02/2011 14:37, Cédric CHAMPEAU a écrit :
> Hi,
>
> I was thinking about making things easier to customize the behaviour
> of GroovyShell and GroovyScriptEngine. I have discussed about it a
> little with Guillaume, there are a few cases that are often
> encountered in real life and which are not made simple to the end
> user. I'm thinking about those cases :
>
> - adding default imports
> - import whitelist/blacklist
> - AST filtering (aka, throwing a security exception if an AST node
> is encountered, for example to disallow usage of some features)
> - hidden local AST transforms application
>
> If you have other use cases in mind, let me know. To get this simpler,
> I had in mind to use the decorator pattern : extend the
> GroovyClassLoader with a GroovyClassLoaderDecorator, then provide
> standard decorators : AddDefaultImportDecorator, ASTFilterDecorator,
> ... Though for a classloader, the decorator pattern may not be trivial
> to apply.
>
> What do you think ? Are there other use cases you see ? Any ideas
> about implementation details ?
>
> Cédric
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
> http://xircles.codehaus.org/manage_email
>
>
>
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
The patch is available at <a
href="http://jira.codehaus.org/browse/GROOVY-4690">http://jira.codehaus.org/browse/GROOVY-4690</a><br>
<br>
I have modified the ArithmeticShell example so that it uses the new
configuration features. Here's what it looks like :<br>
<br>
<code> final ImportCustomizer imports = new
ImportCustomizer().addStaticStars('java.lang.Math') // add static
import of java.lang.Math<br>
final SecureASTCustomizer secure = new \
SecureASTCustomizer()<br> secure.with {<br>
closuresAllowed = false<br>
methodDefinitionAllowed = false<br>
<br>
importsWhitelist = []<br>
staticImportsWhitelist = []<br>
staticStarImportsWhitelist = \
['java.lang.Math'] // only java.lang.Math is allowed<br>
<br>
tokensWhitelist = [<br>
PLUS,<br>
MINUS,<br>
MULTIPLY,<br>
DIVIDE,<br>
MOD,<br>
POWER,<br>
PLUS_PLUS,<br>
MINUS_MINUS,<br>
COMPARE_EQUAL,<br>
COMPARE_NOT_EQUAL,<br>
COMPARE_LESS_THAN,<br>
COMPARE_LESS_THAN_EQUAL,<br>
COMPARE_GREATER_THAN,<br>
COMPARE_GREATER_THAN_EQUAL,<br>
].asImmutable()<br>
<br>
constantTypesClassesWhiteList = \
[<br> Integer,<br>
Float,<br>
Long,<br>
Double,<br>
BigDecimal,<br>
Integer.TYPE,<br>
Long.TYPE,<br>
Float.TYPE,<br>
Double.TYPE<br>
].asImmutable()<br>
<br>
receiversClassesWhiteList = [<br>
Math,<br>
Integer,<br>
Float,<br>
Double,<br>
Long,<br>
BigDecimal<br>
].asImmutable()<br>
}<br>
CompilerConfiguration config = new \
CompilerConfiguration()<br>
config.addCompilationCustomizers(imports, secure)<br>
GroovyClassLoader loader = new
GroovyClassLoader(this.class.classLoader, config)<br>
</code><br>
Cheers,<br>
<br>
Cédric<br>
<br>
Le 19/02/2011 14:37, Cédric CHAMPEAU a écrit :
<blockquote cite="mid:4D5FC7A6.9010509@lingway.com" type="cite">Hi,
<br>
<br>
I was thinking about making things easier to customize the
behaviour of GroovyShell and GroovyScriptEngine. I have discussed
about it a little with Guillaume, there are a few cases that are
often encountered in real life and which are not made simple to
the end user. I'm thinking about those cases :
<br>
<br>
- adding default imports
<br>
- import whitelist/blacklist
<br>
- AST filtering (aka, throwing a security exception if an \
AST node is encountered, for example to disallow usage of some
features)
<br>
- hidden local AST transforms application
<br>
<br>
If you have other use cases in mind, let me know. To get this
simpler, I had in mind to use the decorator pattern : extend the
GroovyClassLoader with a GroovyClassLoaderDecorator, then provide
standard decorators : AddDefaultImportDecorator,
ASTFilterDecorator, ... Though for a classloader, the decorator
pattern may not be trivial to apply.
<br>
<br>
What do you think ? Are there other use cases you see ? Any ideas
about implementation details ?
<br>
<br>
Cédric
<br>
<br>
<br>
---------------------------------------------------------------------
<br>
To unsubscribe from this list, please visit:
<br>
<br>
<a class="moz-txt-link-freetext" \
href="http://xircles.codehaus.org/manage_email">http://xircles.codehaus.org/manage_email</a>
<br>
<br>
<br>
<br>
</blockquote>
<br>
</body>
</html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic