如何在Groovy脚本中通过@Grab禁止依赖项

时间:2015-08-21 21:29:31

标签: java security groovy scripting

我想允许用户在我的Java服务器应用程序中运行他们的Groovy脚本,但我也希望禁止他们使用@Grab添加任何随机依赖项。

是的,我可以通过搜索&删除所有@Grab注释。在源代码中替换,但最好以更优雅的方式执行此操作,例如仅允许批准的依赖项。

是的,我知道这个问题的最佳解决方案是JVM' SecurityManager

1 个答案:

答案 0 :(得分:2)

有各种方法,例如Groovy Sandbox,它们可能比您将要看到的更好。

import groovy.grape.Grape

Grape.metaClass.static.grab = {String endorsed ->
    throw new SecurityException("Oh no you didn't! Grabbing is forbidden.")
}

Grape.metaClass.static.grab = {Map dependency ->
    throw new SecurityException("Oh no you didn't! Grabbing is forbidden.")
}

Grape.metaClass.static.grab = {Map args, Map dependency ->
    throw new SecurityException("Oh no you didn't! Grabbing is forbidden.")
}

def source1 = '''
println('This is a nice safe Groovy script.')
'''

def source2 = '''
@Grab('commons-validator:commons-validator:1.4.1')

import org.apache.commons.validator.routines.EmailValidator

def emailValidator = EmailValidator.getInstance();

assert emailValidator.isValid('what.a.shame@us.elections.gov')
assert !emailValidator.isValid('an_invalid_emai_address')

println 'You should not see this message!'
'''

def script
def shell = new GroovyShell()

try {
    script = shell.parse(source1)
    script.run()
} catch (Exception e) { 
    assert false, "Oh, oh. That wasn't supposed to happen :("
}    

try {
    script = shell.parse(source2)
    assert false, "Oh, oh. That wasn't supposed to happen :("
} catch (ExceptionInInitializerError e) { 
    println 'Naughty script was blocked when parsed.'
}

上面的例子演示了如何阻止@Grab。它不是通过阻止注释来实现的,而是通过覆盖注释添加的方法调用:groovy.grape.Grape.grab()。 

Grape.metaClass.static.grab = {String endorsed ->
    throw new SecurityException("Oh no you didn't! Grabbing is forbidden.")
}

Grape.metaClass.static.grab = {Map dependency ->
    throw new SecurityException("Oh no you didn't! Grabbing is forbidden.")
}

Grape.metaClass.static.grab = {Map args, Map dependency ->
    throw new SecurityException("Oh no you didn't! Grabbing is forbidden.")
}

以下是Groovy Console AST查看器解析的淘气的脚本:

@groovy.lang.Grab(module = 'commons-validator', group = 'commons-validator', version = '1.4.1')
import org.apache.commons.validator.routines.EmailValidator as EmailValidator

public class script1440223706571 extends groovy.lang.Script { 

    private static org.codehaus.groovy.reflection.ClassInfo $staticClassInfo 
    public static transient boolean __$stMC 

    public script1440223706571() {
    }

    public script1440223706571(groovy.lang.Binding context) {
        super(context)
    }

    public static void main(java.lang.String[] args) {
        org.codehaus.groovy.runtime.InvokerHelper.runScript(script1440223706571, args)
    }

    public java.lang.Object run() {
        java.lang.Object emailValidator = org.apache.commons.validator.routines.EmailValidator.getInstance()
        assert emailValidator.isValid('what.a.shame@us.elections.gov') : null
        assert !(emailValidator.isValid('an_invalid_emai_address')) : null
        return null
    }

    static { 
        groovy.grape.Grape.grab([:], ['group': 'commons-validator', 'module': 'commons-validator', 'version': '1.4.1'])
    }

    protected groovy.lang.MetaClass $getStaticMetaClass() {
    }

}

在这里,您可以在静态初始化程序中看到对Grape.grab()的调用。要添加依赖项的细粒度过滤,您可以内省依赖项和已认可的参数。

依赖

['group':'commons-validator','module':'commons-validator','version':'1.4.1']

批准

公地验证:公地验证:1.4.1

修订后的实施

这个新实现使用Interceptor来阻止/允许Grape抓取。

import groovy.grape.GrapeIvy

def source1 = '''
println('This is a nice safe Groovy script.')
'''

def source2 = '''
@Grab('commons-validator:commons-validator:1.4.1')

import org.apache.commons.validator.routines.EmailValidator

def emailValidator = EmailValidator.getInstance();

assert emailValidator.isValid('what.a.shame@us.elections.gov')
assert !emailValidator.isValid('an_invalid_emai_address')

println 'You should not see this message!'
'''

def script
def shell = new GroovyShell()
def proxy = ProxyMetaClass.getInstance(GrapeIvy)

proxy.interceptor = new GrapeInterceptor({group, module, version ->
    if(group == 'commons-validator' && module == 'commons-validator') false
    else true
})

proxy.use {
    shell.parse(source1).run()

    try {
        shell.parse(source2).run()
    } catch (org.codehaus.groovy.control.MultipleCompilationErrorsException e) {
        assert e.message.contains('unable to resolve class')
    }
}

@groovy.transform.TupleConstructor
class GrapeInterceptor implements Interceptor {
    private boolean invokeMethod = true
    Closure authorizer

    def afterInvoke(Object object, String methodName, Object[] arguments, Object result) {
        invokeMethod = true

        return result
    }

    def beforeInvoke(Object object, String methodName, Object[] arguments) {
        if(methodName == 'createGrabRecord') {
            def dependencies = arguments[0]
            invokeMethod = authorizer(dependencies.group, dependencies.module, dependencies.version)
        } else {
            invokeMethod = true
        }

        return null
    }

    boolean doInvoke() { invokeMethod }
}

GrapeInterceptor构造函数将Closure作为其唯一参数。使用此Closure,您可以轻松决定是否允许Grab发生:)

例如,如果Grab看起来像这样:@Grab('commons-validator:commons-validator:1.4.1')

Closure的参数将按如下方式分配:

  • group:commons-validator
  • module:commons-validator
  • 版本:1.4.1

要允许Grab,Closure必须返回true。返回false以阻止它。

相关问题
最新问题