简体繁体 English

Freemarker代码 - 防止执行特定方法

[英]Sandboxing Java / Groovy / Freemarker Code - Preventing execution of specific methods

原文 2009-04-08 04:32:29 7 4 java/ security/ groovy/ sandbox/ freemarker

I'm developing a system that allows developers to upload custom groovy scripts and freemarker templates. 我正在开发一个允许开发人员上传自定义groovy脚本和freemarker模板的系统。

I can provide a certain level of security at a very high level with the default Java security infrastructure - ie prevent code from accessing the filesystem or network, however I have a need to restrict access to specific methods. 我可以使用默认的Java安全基础架构在非常高的级别上提供一定级别的安全性 - 即阻止代码访问文件系统或网络，但是我需要限制对特定方法的访问。

My plan was to modify the Groovy and Freemarker runtimes to read Annotations that would either whitelist or blacklist certain methods, however this would force me to maintain a forked version of their code, which is not desirable. 我的计划是修改Groovy和Freemarker运行时以读取将某些方法列入白名单或将其列入黑名单的注释，但这会迫使我维护其代码的分叉版本，这是不可取的。

All I essentially need to be able to do is prevent the execution of specific methods when called from Groovy or Freemarker. 我基本上需要做的就是在从Groovy或Freemarker调用时阻止特定方法的执行。 I've considered a hack that would look at the call stack, but this would be a massive speed hit (and it quite messy). 我已经考虑过一个可以查看调用堆栈的黑客，但这将是一个巨大的速度命中（并且它非常混乱）。

Does anyone have any other ideas for implementing this? 有没有人有任何其他想法来实现这个？

4 个解决方案

You can do it by subclassing the GroovyClassLoader and enforcing your constraints within an AST Visitor. 您可以通过继承GroovyClassLoader并在AST访问者中强制执行约束来实现。 THis post explains how to do it: http://hamletdarcy.blogspot.com/2009/01/groovy-compile-time-meta-magic.html 这篇文章解释了如何做到这一点： http ： //hamletdarcy.blogspot.com/2009/01/groovy-compile-time-meta-magic.html

Also, the code referenced there is in the samples folder of Groovy 1.6 installer. 此外，引用的代码位于Groovy 1.6安装程序的samples文件夹中。

You should have a look at the project groovy-sandbox from kohsuke. 你应该看看kohsuke的项目groovy-sandbox 。 Have also a look to his blog post here on this topic and what is solution is addressing: sandboxing, but performance drawback. 另请参阅他在这篇主题上的博客文章以及解决方案正在解决的问题：沙盒，但性能缺陷。

OSGi is great for this. OSGi非常适合这一点。 You can partition your code into bundles and set exactly what each bundle exposes, and to what other bundles. 您可以将代码分区为捆绑包，并准确设置每个捆绑包暴露的内容以及其他捆绑包。 Would that work for you? 这对你有用吗？

You might also consider the java-sandbox ( http://blog.datenwerke.net/p/the-java-sandbox.html ) a recently developed library that allows to securely execute untrusted code from within java. 您可能还会考虑java-sandbox（ http://blog.datenwerke.net/p/the-java-sandbox.html ）最近开发的库，它允许从java中安全地执行不受信任的代码。

Also see: http://blog.datenwerke.net/2013/06/sandboxing-groovy-with-java-sandbox.html 另见： http ： //blog.datenwerke.net/2013/06/sandboxing-groovy-with-java-sandbox.html