Class SecureASTCustomizer
- All Implemented Interfaces:
- CompilationUnit.IPrimaryClassNodeOperation
public class SecureASTCustomizer extends CompilationCustomizer
Most of the security customization options found in this class work with either allowed or disallowed lists. This means that, for a single option, you can set an allowed list OR a disallowed list, but not both. You can mix allowed/disallowed strategies for different options. For example, you can have an allowed import list and a disallowed tokens list.
The recommended way of securing shells is to use allowed lists because it is guaranteed that future features of the Groovy language won't be accidentally allowed unless explicitly added to the allowed list. Using disallowed lists, you can limit the features of the language constructs supported by your shell by opting out, but new language features are then implicitly also available and this may not be desirable. The implication is that you might need to update your configuration with each new release.
If neither an allowed list nor a disallowed list is set, then everything is permitted.
Combinations of import and star import constraints are authorized as long as you use the same type of list for both. For example, you may use an import allowed list and a star import allowed list together, but you cannot use an import allowed list with a star import disallowed list. Static imports are handled separately, meaning that disallowing an import does not prevent from allowing a static import.
 Eventually, if the features provided here are not sufficient, you may implement custom AST filtering handlers, either
 implementing the SecureASTCustomizer.StatementChecker interface or SecureASTCustomizer.ExpressionChecker interface then register your
 handlers thanks to the addExpressionCheckers(ExpressionChecker...)
 and addStatementCheckers(StatementChecker...)
 methods.
 
 Here is an example of usage. We will create a groovy classloader which only supports arithmetic operations and imports
 the java.lang.Math classes by default.
 
 final ImportCustomizer imports = new ImportCustomizer().addStaticStars('java.lang.Math') // add static import of java.lang.Math
 final SecureASTCustomizer secure = new SecureASTCustomizer()
 secure.with {
     closuresAllowed = false
     methodDefinitionAllowed = false
     allowedImports = []
     allowedStaticImports = []
     allowedStaticStarImports = ['java.lang.Math'] // only java.lang.Math is allowed
     allowedTokens = [
             PLUS,
             MINUS,
             MULTIPLY,
             DIVIDE,
             MOD,
             POWER,
             PLUS_PLUS,
             MINUS_MINUS,
             COMPARE_EQUAL,
             COMPARE_NOT_EQUAL,
             COMPARE_LESS_THAN,
             COMPARE_LESS_THAN_EQUAL,
             COMPARE_GREATER_THAN,
             COMPARE_GREATER_THAN_EQUAL,
     ].asImmutable()
     allowedConstantTypesClasses = [
             Integer,
             Float,
             Long,
             Double,
             BigDecimal,
             Integer.TYPE,
             Long.TYPE,
             Float.TYPE,
             Double.TYPE
     ].asImmutable()
     allowedReceiversClasses = [
             Math,
             Integer,
             Float,
             Double,
             Long,
             BigDecimal
     ].asImmutable()
 }
 CompilerConfiguration config = new CompilerConfiguration()
 config.addCompilationCustomizers(imports, secure)
 GroovyClassLoader loader = new GroovyClassLoader(this.class.classLoader, config)
  
 
  Note: SecureASTCustomizer allows you to lock down the grammar of scripts but by itself isn't intended
  to be the complete solution of all security issues when running scripts on the JVM. You might also want to
  consider setting the groovy.grape.enable System property to false, augmenting use of the customizer
  with additional techniques, and following standard security principles for JVM applications.
  
For more information, please read:
- Since:
- 1.8.0
- 
Nested Class SummaryNested Classes Modifier and Type Class Description static interfaceSecureASTCustomizer.ExpressionCheckerThis interface allows the user to provide a custom expression checker if the dis/allowed expression lists are not sufficientprotected classSecureASTCustomizer.SecuringCodeVisitorThis visitor directly implements theGroovyCodeVisitorinterface instead of using theCodeVisitorSupportclass to make sure that future features of the language gets managed by this visitor.static interfaceSecureASTCustomizer.StatementCheckerThis interface allows the user to provide a custom statement checker if the dis/allowed statement lists are not sufficient
- 
Constructor SummaryConstructors Constructor Description SecureASTCustomizer()
- 
Method SummaryModifier and Type Method Description voidaddExpressionCheckers(SecureASTCustomizer.ExpressionChecker... checkers)voidaddStatementCheckers(SecureASTCustomizer.StatementChecker... checkers)protected voidassertImportIsAllowed(java.lang.String className)protected voidassertStarImportIsAllowed(java.lang.String packageName)protected voidassertStaticImportIsAllowed(java.lang.String member, java.lang.String className)voidcall(SourceUnit source, GeneratorContext context, ClassNode classNode)protected voidcheckMethodDefinitionAllowed(ClassNode owner)protected GroovyCodeVisitorcreateGroovyCodeVisitor()protected static java.util.List<MethodNode>filterMethods(ClassNode owner)java.util.List<java.lang.String>getAllowedConstantTypes()java.util.List<java.lang.Class<? extends Expression>>getAllowedExpressions()java.util.List<java.lang.String>getAllowedImports()java.util.List<java.lang.String>getAllowedReceivers()java.util.List<java.lang.String>getAllowedStarImports()java.util.List<java.lang.Class<? extends Statement>>getAllowedStatements()java.util.List<java.lang.String>getAllowedStaticImports()java.util.List<java.lang.String>getAllowedStaticStarImports()java.util.List<java.lang.Integer>getAllowedTokens()java.util.List<java.lang.String>getConstantTypesBlackList()Legacy alias forgetDisallowedConstantTypes()java.util.List<java.lang.String>getConstantTypesWhiteList()Legacy alias forgetAllowedStatements()java.util.List<java.lang.String>getDisallowedConstantTypes()java.util.List<java.lang.Class<? extends Expression>>getDisallowedExpressions()java.util.List<java.lang.String>getDisallowedImports()java.util.List<java.lang.String>getDisallowedReceivers()java.util.List<java.lang.String>getDisallowedStarImports()java.util.List<java.lang.Class<? extends Statement>>getDisallowedStatements()java.util.List<java.lang.String>getDisallowedStaticImports()java.util.List<java.lang.String>getDisallowedStaticStarImports()java.util.List<java.lang.Integer>getDisallowedTokens()java.util.List<java.lang.Class<? extends Expression>>getExpressionsBlacklist()Legacy alias forgetDisallowedExpressions()java.util.List<java.lang.Class<? extends Expression>>getExpressionsWhitelist()Legacy alias forgetAllowedExpressions()java.util.List<java.lang.String>getImportsBlacklist()Legacy alias forgetDisallowedImports()java.util.List<java.lang.String>getImportsWhitelist()Legacy alias forgetAllowedImports()java.util.List<java.lang.String>getReceiversBlackList()Legacy alias forgetDisallowedReceivers()java.util.List<java.lang.String>getReceiversWhiteList()Legacy alias forgetAllowedReceivers()java.util.List<java.lang.String>getStarImportsBlacklist()Legacy alias forgetDisallowedStarImports()java.util.List<java.lang.String>getStarImportsWhitelist()Legacy alias forgetAllowedStarImports()java.util.List<java.lang.Class<? extends Statement>>getStatementsBlacklist()Legacy alias forgetDisallowedStatements()java.util.List<java.lang.Class<? extends Statement>>getStatementsWhitelist()Legacy alias forgetAllowedStatements()java.util.List<java.lang.String>getStaticImportsBlacklist()Legacy alias forgetDisallowedStaticImports()java.util.List<java.lang.String>getStaticImportsWhitelist()Legacy alias forgetAllowedStaticImports()java.util.List<java.lang.String>getStaticStarImportsBlacklist()Legacy alias forgetDisallowedStaticStarImports()java.util.List<java.lang.String>getStaticStarImportsWhitelist()Legacy alias forgetAllowedStaticStarImports()java.util.List<java.lang.Integer>getTokensBlacklist()Legacy alias forgetDisallowedTokens()java.util.List<java.lang.Integer>getTokensWhitelist()Legacy alias forgetAllowedTokens()booleanisClosuresAllowed()booleanisIndirectImportCheckEnabled()booleanisMethodDefinitionAllowed()booleanisPackageAllowed()voidsetAllowedConstantTypes(java.util.List<java.lang.String> allowedConstantTypes)voidsetAllowedConstantTypesClasses(java.util.List<java.lang.Class> allowedConstantTypes)An alternative way of setting constant types.voidsetAllowedExpressions(java.util.List<java.lang.Class<? extends Expression>> allowedExpressions)voidsetAllowedImports(java.util.List<java.lang.String> allowedImports)voidsetAllowedReceivers(java.util.List<java.lang.String> allowedReceivers)Sets the list of classes which may accept method calls.voidsetAllowedReceiversClasses(java.util.List<java.lang.Class> allowedReceivers)An alternative way of settingreceiver classes.voidsetAllowedStarImports(java.util.List<java.lang.String> allowedStarImports)voidsetAllowedStatements(java.util.List<java.lang.Class<? extends Statement>> allowedStatements)voidsetAllowedStaticImports(java.util.List<java.lang.String> allowedStaticImports)voidsetAllowedStaticStarImports(java.util.List<java.lang.String> allowedStaticStarImports)voidsetAllowedTokens(java.util.List<java.lang.Integer> allowedTokens)Sets the list of tokens which are permitted.voidsetClosuresAllowed(boolean closuresAllowed)voidsetConstantTypesBlackList(java.util.List<java.lang.String> constantTypesBlackList)voidsetConstantTypesClassesBlackList(java.util.List<java.lang.Class> disallowedConstantTypes)Legacy alias forsetDisallowedConstantTypesClasses(List)voidsetConstantTypesClassesWhiteList(java.util.List<java.lang.Class> allowedConstantTypes)Legacy alias forsetAllowedConstantTypesClasses(List)voidsetConstantTypesWhiteList(java.util.List<java.lang.String> allowedConstantTypes)Legacy alias forsetAllowedConstantTypes(List)voidsetDisallowedConstantTypesClasses(java.util.List<java.lang.Class> disallowedConstantTypes)An alternative way of setting constant types.voidsetDisallowedExpressions(java.util.List<java.lang.Class<? extends Expression>> disallowedExpressions)voidsetDisallowedImports(java.util.List<java.lang.String> disallowedImports)voidsetDisallowedReceivers(java.util.List<java.lang.String> disallowedReceivers)Sets the list of classes which deny method calls.voidsetDisallowedReceiversClasses(java.util.List<java.lang.Class> disallowedReceivers)An alternative way of settingreceiver classes.voidsetDisallowedStarImports(java.util.List<java.lang.String> disallowedStarImports)voidsetDisallowedStatements(java.util.List<java.lang.Class<? extends Statement>> disallowedStatements)voidsetDisallowedStaticImports(java.util.List<java.lang.String> disallowedStaticImports)voidsetDisallowedStaticStarImports(java.util.List<java.lang.String> disallowedStaticStarImports)voidsetDisallowedTokens(java.util.List<java.lang.Integer> disallowedTokens)Sets the list of tokens which are not permitted.voidsetExpressionsBlacklist(java.util.List<java.lang.Class<? extends Expression>> disallowedExpressions)Legacy alias forsetDisallowedExpressions(List)voidsetExpressionsWhitelist(java.util.List<java.lang.Class<? extends Expression>> allowedExpressions)Legacy alias forsetAllowedExpressions(List)voidsetImportsBlacklist(java.util.List<java.lang.String> disallowedImports)Legacy alias forsetDisallowedImports(List)voidsetImportsWhitelist(java.util.List<java.lang.String> allowedImports)Legacy alias forsetAllowedImports(List)voidsetIndirectImportCheckEnabled(boolean indirectImportCheckEnabled)Set this option to true if you want your import rules to be checked against every class node.voidsetMethodDefinitionAllowed(boolean methodDefinitionAllowed)voidsetPackageAllowed(boolean packageAllowed)voidsetReceiversBlackList(java.util.List<java.lang.String> disallowedReceivers)Legacy alias forsetDisallowedReceivers(List)voidsetReceiversClassesBlackList(java.util.List<java.lang.Class> disallowedReceivers)Legacy alias forsetDisallowedReceiversClasses(List).voidsetReceiversClassesWhiteList(java.util.List<java.lang.Class> allowedReceivers)Legacy alias forsetAllowedReceiversClasses(List)voidsetReceiversWhiteList(java.util.List<java.lang.String> allowedReceivers)Legacy alias forsetAllowedReceivers(List)voidsetStarImportsBlacklist(java.util.List<java.lang.String> disallowedStarImports)Legacy alias forsetDisallowedStarImports(List)voidsetStarImportsWhitelist(java.util.List<java.lang.String> allowedStarImports)Legacy alias forsetAllowedStarImports(List)voidsetStatementsBlacklist(java.util.List<java.lang.Class<? extends Statement>> disallowedStatements)Legacy alias forsetDisallowedStatements(List)voidsetStatementsWhitelist(java.util.List<java.lang.Class<? extends Statement>> allowedStatements)Legacy alias forsetAllowedStatements(List)voidsetStaticImportsBlacklist(java.util.List<java.lang.String> disallowedStaticImports)Legacy alias forsetDisallowedStaticImports(List)voidsetStaticImportsWhitelist(java.util.List<java.lang.String> allowedStaticImports)Legacy alias forsetAllowedStaticImports(List)voidsetStaticStarImportsBlacklist(java.util.List<java.lang.String> disallowedStaticStarImports)Legacy alias forsetDisallowedStaticStarImports(List)voidsetStaticStarImportsWhitelist(java.util.List<java.lang.String> allowedStaticStarImports)Legacy alias forsetAllowedStaticStarImports(List)voidsetTokensBlacklist(java.util.List<java.lang.Integer> disallowedTokens)Alias forsetDisallowedTokens(List).voidsetTokensWhitelist(java.util.List<java.lang.Integer> allowedTokens)Legacy alias forsetAllowedTokens(List)Methods inherited from class org.codehaus.groovy.control.customizers.CompilationCustomizergetPhaseMethods inherited from class java.lang.Objectclone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.codehaus.groovy.control.CompilationUnit.IPrimaryClassNodeOperationdoPhaseOperation, needSortedInput
- 
Constructor Details- 
SecureASTCustomizerpublic SecureASTCustomizer()
 
- 
- 
Method Details- 
isMethodDefinitionAllowedpublic boolean isMethodDefinitionAllowed()
- 
setMethodDefinitionAllowedpublic void setMethodDefinitionAllowed(boolean methodDefinitionAllowed)
- 
isPackageAllowedpublic boolean isPackageAllowed()
- 
isClosuresAllowedpublic boolean isClosuresAllowed()
- 
setClosuresAllowedpublic void setClosuresAllowed(boolean closuresAllowed)
- 
setPackageAllowedpublic void setPackageAllowed(boolean packageAllowed)
- 
getDisallowedImportspublic java.util.List<java.lang.String> getDisallowedImports()
- 
getImportsBlacklistpublic java.util.List<java.lang.String> getImportsBlacklist()Legacy alias forgetDisallowedImports()
- 
setDisallowedImportspublic void setDisallowedImports(java.util.List<java.lang.String> disallowedImports)
- 
setImportsBlacklistpublic void setImportsBlacklist(java.util.List<java.lang.String> disallowedImports)Legacy alias forsetDisallowedImports(List)
- 
getAllowedImportspublic java.util.List<java.lang.String> getAllowedImports()
- 
getImportsWhitelistpublic java.util.List<java.lang.String> getImportsWhitelist()Legacy alias forgetAllowedImports()
- 
setAllowedImportspublic void setAllowedImports(java.util.List<java.lang.String> allowedImports)
- 
setImportsWhitelistpublic void setImportsWhitelist(java.util.List<java.lang.String> allowedImports)Legacy alias forsetAllowedImports(List)
- 
getDisallowedStarImportspublic java.util.List<java.lang.String> getDisallowedStarImports()
- 
getStarImportsBlacklistpublic java.util.List<java.lang.String> getStarImportsBlacklist()Legacy alias forgetDisallowedStarImports()
- 
setDisallowedStarImportspublic void setDisallowedStarImports(java.util.List<java.lang.String> disallowedStarImports)
- 
setStarImportsBlacklistpublic void setStarImportsBlacklist(java.util.List<java.lang.String> disallowedStarImports)Legacy alias forsetDisallowedStarImports(List)
- 
getAllowedStarImportspublic java.util.List<java.lang.String> getAllowedStarImports()
- 
getStarImportsWhitelistpublic java.util.List<java.lang.String> getStarImportsWhitelist()Legacy alias forgetAllowedStarImports()
- 
setAllowedStarImportspublic void setAllowedStarImports(java.util.List<java.lang.String> allowedStarImports)
- 
setStarImportsWhitelistpublic void setStarImportsWhitelist(java.util.List<java.lang.String> allowedStarImports)Legacy alias forsetAllowedStarImports(List)
- 
getDisallowedStaticImportspublic java.util.List<java.lang.String> getDisallowedStaticImports()
- 
getStaticImportsBlacklistpublic java.util.List<java.lang.String> getStaticImportsBlacklist()Legacy alias forgetDisallowedStaticImports()
- 
setDisallowedStaticImportspublic void setDisallowedStaticImports(java.util.List<java.lang.String> disallowedStaticImports)
- 
setStaticImportsBlacklistpublic void setStaticImportsBlacklist(java.util.List<java.lang.String> disallowedStaticImports)Legacy alias forsetDisallowedStaticImports(List)
- 
getAllowedStaticImportspublic java.util.List<java.lang.String> getAllowedStaticImports()
- 
getStaticImportsWhitelistpublic java.util.List<java.lang.String> getStaticImportsWhitelist()Legacy alias forgetAllowedStaticImports()
- 
setAllowedStaticImportspublic void setAllowedStaticImports(java.util.List<java.lang.String> allowedStaticImports)
- 
setStaticImportsWhitelistpublic void setStaticImportsWhitelist(java.util.List<java.lang.String> allowedStaticImports)Legacy alias forsetAllowedStaticImports(List)
- 
getDisallowedStaticStarImportspublic java.util.List<java.lang.String> getDisallowedStaticStarImports()
- 
getStaticStarImportsBlacklistpublic java.util.List<java.lang.String> getStaticStarImportsBlacklist()Legacy alias forgetDisallowedStaticStarImports()
- 
setDisallowedStaticStarImportspublic void setDisallowedStaticStarImports(java.util.List<java.lang.String> disallowedStaticStarImports)
- 
setStaticStarImportsBlacklistpublic void setStaticStarImportsBlacklist(java.util.List<java.lang.String> disallowedStaticStarImports)Legacy alias forsetDisallowedStaticStarImports(List)
- 
getAllowedStaticStarImportspublic java.util.List<java.lang.String> getAllowedStaticStarImports()
- 
getStaticStarImportsWhitelistpublic java.util.List<java.lang.String> getStaticStarImportsWhitelist()Legacy alias forgetAllowedStaticStarImports()
- 
setAllowedStaticStarImportspublic void setAllowedStaticStarImports(java.util.List<java.lang.String> allowedStaticStarImports)
- 
setStaticStarImportsWhitelistpublic void setStaticStarImportsWhitelist(java.util.List<java.lang.String> allowedStaticStarImports)Legacy alias forsetAllowedStaticStarImports(List)
- 
getDisallowedExpressions
- 
getExpressionsBlacklistLegacy alias forgetDisallowedExpressions()
- 
setDisallowedExpressionspublic void setDisallowedExpressions(java.util.List<java.lang.Class<? extends Expression>> disallowedExpressions)
- 
setExpressionsBlacklistpublic void setExpressionsBlacklist(java.util.List<java.lang.Class<? extends Expression>> disallowedExpressions)Legacy alias forsetDisallowedExpressions(List)
- 
getAllowedExpressions
- 
getExpressionsWhitelistLegacy alias forgetAllowedExpressions()
- 
setAllowedExpressionspublic void setAllowedExpressions(java.util.List<java.lang.Class<? extends Expression>> allowedExpressions)
- 
setExpressionsWhitelistpublic void setExpressionsWhitelist(java.util.List<java.lang.Class<? extends Expression>> allowedExpressions)Legacy alias forsetAllowedExpressions(List)
- 
getDisallowedStatements
- 
getStatementsBlacklistLegacy alias forgetDisallowedStatements()
- 
setDisallowedStatementspublic void setDisallowedStatements(java.util.List<java.lang.Class<? extends Statement>> disallowedStatements)
- 
setStatementsBlacklistpublic void setStatementsBlacklist(java.util.List<java.lang.Class<? extends Statement>> disallowedStatements)Legacy alias forsetDisallowedStatements(List)
- 
getAllowedStatements
- 
getStatementsWhitelistLegacy alias forgetAllowedStatements()
- 
setAllowedStatementspublic void setAllowedStatements(java.util.List<java.lang.Class<? extends Statement>> allowedStatements)
- 
setStatementsWhitelistpublic void setStatementsWhitelist(java.util.List<java.lang.Class<? extends Statement>> allowedStatements)Legacy alias forsetAllowedStatements(List)
- 
isIndirectImportCheckEnabledpublic boolean isIndirectImportCheckEnabled()
- 
setIndirectImportCheckEnabledpublic void setIndirectImportCheckEnabled(boolean indirectImportCheckEnabled)Set this option to true if you want your import rules to be checked against every class node. This means that if someone uses a fully qualified class name, then it will also be checked against the import rules, preventing, for example, instantiation of classes without imports thanks to FQCN.- Parameters:
- indirectImportCheckEnabled- set to true to enable indirect checks
 
- 
getDisallowedTokenspublic java.util.List<java.lang.Integer> getDisallowedTokens()
- 
getTokensBlacklistpublic java.util.List<java.lang.Integer> getTokensBlacklist()Legacy alias forgetDisallowedTokens()
- 
setDisallowedTokenspublic void setDisallowedTokens(java.util.List<java.lang.Integer> disallowedTokens)Sets the list of tokens which are not permitted.- Parameters:
- disallowedTokens- the tokens. The values of the tokens must be those of- Types
 
- 
setTokensBlacklistpublic void setTokensBlacklist(java.util.List<java.lang.Integer> disallowedTokens)Alias forsetDisallowedTokens(List).
- 
getAllowedTokenspublic java.util.List<java.lang.Integer> getAllowedTokens()
- 
getTokensWhitelistpublic java.util.List<java.lang.Integer> getTokensWhitelist()Legacy alias forgetAllowedTokens()
- 
setAllowedTokenspublic void setAllowedTokens(java.util.List<java.lang.Integer> allowedTokens)Sets the list of tokens which are permitted.- Parameters:
- allowedTokens- the tokens. The values of the tokens must be those of- Types
 
- 
setTokensWhitelistpublic void setTokensWhitelist(java.util.List<java.lang.Integer> allowedTokens)Legacy alias forsetAllowedTokens(List)
- 
addStatementCheckers
- 
addExpressionCheckers
- 
getDisallowedConstantTypespublic java.util.List<java.lang.String> getDisallowedConstantTypes()
- 
getConstantTypesBlackListpublic java.util.List<java.lang.String> getConstantTypesBlackList()Legacy alias forgetDisallowedConstantTypes()
- 
setConstantTypesBlackListpublic void setConstantTypesBlackList(java.util.List<java.lang.String> constantTypesBlackList)
- 
getAllowedConstantTypespublic java.util.List<java.lang.String> getAllowedConstantTypes()
- 
getConstantTypesWhiteListpublic java.util.List<java.lang.String> getConstantTypesWhiteList()Legacy alias forgetAllowedStatements()
- 
setAllowedConstantTypespublic void setAllowedConstantTypes(java.util.List<java.lang.String> allowedConstantTypes)
- 
setConstantTypesWhiteListpublic void setConstantTypesWhiteList(java.util.List<java.lang.String> allowedConstantTypes)Legacy alias forsetAllowedConstantTypes(List)
- 
setAllowedConstantTypesClassespublic void setAllowedConstantTypesClasses(java.util.List<java.lang.Class> allowedConstantTypes)An alternative way of setting constant types.- Parameters:
- allowedConstantTypes- a list of classes.
 
- 
setConstantTypesClassesWhiteListpublic void setConstantTypesClassesWhiteList(java.util.List<java.lang.Class> allowedConstantTypes)Legacy alias forsetAllowedConstantTypesClasses(List)
- 
setDisallowedConstantTypesClassespublic void setDisallowedConstantTypesClasses(java.util.List<java.lang.Class> disallowedConstantTypes)An alternative way of setting constant types.- Parameters:
- disallowedConstantTypes- a list of classes.
 
- 
setConstantTypesClassesBlackListpublic void setConstantTypesClassesBlackList(java.util.List<java.lang.Class> disallowedConstantTypes)Legacy alias forsetDisallowedConstantTypesClasses(List)
- 
getDisallowedReceiverspublic java.util.List<java.lang.String> getDisallowedReceivers()
- 
getReceiversBlackListpublic java.util.List<java.lang.String> getReceiversBlackList()Legacy alias forgetDisallowedReceivers()
- 
setDisallowedReceiverspublic void setDisallowedReceivers(java.util.List<java.lang.String> disallowedReceivers)Sets the list of classes which deny method calls. Please note that since Groovy is a dynamic language, and this class performs a static type check, it will be relatively simple to bypass any disallowed list unless the disallowed receivers list contains, at a minimum, Object, Script, GroovyShell, and Eval. Additionally, it is necessary to also have MethodPointerExpression in the disallowed expressions list for the disallowed receivers list to function as a security check.- Parameters:
- disallowedReceivers- the list of refused classes, as fully qualified names
 
- 
setReceiversBlackListpublic void setReceiversBlackList(java.util.List<java.lang.String> disallowedReceivers)Legacy alias forsetDisallowedReceivers(List)
- 
setDisallowedReceiversClassespublic void setDisallowedReceiversClasses(java.util.List<java.lang.Class> disallowedReceivers)An alternative way of settingreceiver classes.- Parameters:
- disallowedReceivers- a list of classes.
 
- 
setReceiversClassesBlackListpublic void setReceiversClassesBlackList(java.util.List<java.lang.Class> disallowedReceivers)Legacy alias forsetDisallowedReceiversClasses(List).
- 
getAllowedReceiverspublic java.util.List<java.lang.String> getAllowedReceivers()
- 
getReceiversWhiteListpublic java.util.List<java.lang.String> getReceiversWhiteList()Legacy alias forgetAllowedReceivers()
- 
setAllowedReceiverspublic void setAllowedReceivers(java.util.List<java.lang.String> allowedReceivers)Sets the list of classes which may accept method calls.- Parameters:
- allowedReceivers- the list of accepted classes, as fully qualified names
 
- 
setReceiversWhiteListpublic void setReceiversWhiteList(java.util.List<java.lang.String> allowedReceivers)Legacy alias forsetAllowedReceivers(List)
- 
setAllowedReceiversClassespublic void setAllowedReceiversClasses(java.util.List<java.lang.Class> allowedReceivers)An alternative way of settingreceiver classes.- Parameters:
- allowedReceivers- a list of classes.
 
- 
setReceiversClassesWhiteListpublic void setReceiversClassesWhiteList(java.util.List<java.lang.Class> allowedReceivers)Legacy alias forsetAllowedReceiversClasses(List)
- 
callpublic void call(SourceUnit source, GeneratorContext context, ClassNode classNode) throws CompilationFailedException- Throws:
- CompilationFailedException
 
- 
createGroovyCodeVisitor
- 
checkMethodDefinitionAllowed
- 
filterMethods
- 
assertStarImportIsAllowedprotected void assertStarImportIsAllowed(java.lang.String packageName)
- 
assertImportIsAllowedprotected void assertImportIsAllowed(java.lang.String className)
- 
assertStaticImportIsAllowedprotected void assertStaticImportIsAllowed(java.lang.String member, java.lang.String className)
 
-