Sandboxing Java / Groovy / Freemarker Code - Preve

2020-05-28 08:02发布

I'm developing a system that allows developers to upload custom groovy scripts and freemarker templates.

I can provide a certain level of security at a very high level with the default Java security infrastructure - i.e. prevent code from accessing the filesystem or network, however I have a need to restrict access to specific methods.

My plan was to modify the Groovy and Freemarker runtimes to read Annotations that would either whitelist or blacklist certain methods, however this would force me to maintain a forked version of their code, which is not desirable.

All I essentially need to be able to do is prevent the execution of specific methods when called from Groovy or Freemarker. I've considered a hack that would look at the call stack, but this would be a massive speed hit (and it quite messy).

Does anyone have any other ideas for implementing this?

4条回答
狗以群分
2楼-- · 2020-05-28 08:07

You can do it by subclassing the GroovyClassLoader and enforcing your constraints within an AST Visitor. THis post explains how to do it: http://hamletdarcy.blogspot.com/2009/01/groovy-compile-time-meta-magic.html

Also, the code referenced there is in the samples folder of Groovy 1.6 installer.

查看更多
爷、活的狠高调
3楼-- · 2020-05-28 08:07

You should have a look at the project groovy-sandbox from kohsuke. Have also a look to his blog post here on this topic and what is solution is addressing: sandboxing, but performance drawback.

查看更多
再贱就再见
4楼-- · 2020-05-28 08:10

You might also consider the java-sandbox (http://blog.datenwerke.net/p/the-java-sandbox.html) a recently developed library that allows to securely execute untrusted code from within java.

Also see: http://blog.datenwerke.net/2013/06/sandboxing-groovy-with-java-sandbox.html

查看更多
别忘想泡老子
5楼-- · 2020-05-28 08:19

OSGi is great for this. You can partition your code into bundles and set exactly what each bundle exposes, and to what other bundles. Would that work for you?

查看更多
登录 后发表回答