Unlock 30% off on Manual Testing Annual Plans this Holiday Season.

Copied to Clipboard!

How to use checkAllowed method of org.cerberus.service.groovy.impl.RestrictiveGroovyInterceptor class

Best Cerberus-source code snippet using org.cerberus.service.groovy.impl.RestrictiveGroovyInterceptor.checkAllowed

Source:RestrictiveGroovyInterceptor.java

...156         *157         * @param clazz the class to test158         * @return true, if the class may be used, false otherwise159         */160        public boolean checkAllowed(Class<?> clazz) {161            String className = clazz.getName();162            if (className.startsWith(prefix)) {163                return allowChildren || !className.substring(prefix.length()).contains(".");164            } else {165                return false;166            }167        }168    }169    private final Set<Class<?>> instanceAllowedClasses = new HashSet<>(allowedClasses);170    private final Set<Class<?>> instanceAllAllowedClasses = new HashSet<>(allAllowedClasses);171    private final List<AllowedPrefix> instanceAllowedPackages = new ArrayList<>(allowedPackages);172    /**173     * Constructor using additional allowed classes.174     *175     * @param additionalAllowedClasses classes, which may be initialized, and176     * all their declared methods may be used177     * @param additionalAllAllowedClasses classes, which may be initialized, and178     * any call on them is allowed (has to implement methodMissing or equal)179     * @param additionalAllowedPackages packages whose classes and their180     * declared methods may be used181     */182    public RestrictiveGroovyInterceptor(Set<Class<?>> additionalAllowedClasses,183            Set<Class<?>> additionalAllAllowedClasses, List<AllowedPrefix> additionalAllowedPackages) {184        instanceAllowedClasses.addAll(additionalAllowedClasses);185        instanceAllowedClasses.addAll(additionalAllAllowedClasses);186        instanceAllAllowedClasses.addAll(additionalAllAllowedClasses);187        instanceAllowedPackages.addAll(additionalAllowedPackages);188    }189    @Override190    public Object onStaticCall(Invoker invoker, @SuppressWarnings("rawtypes") Class receiver,191            String method, Object... args) throws Throwable {192        if (isAllowedClass(receiver) || isScriptClass(receiver)) {193            return super.onStaticCall(invoker, receiver, method, args);194        } else {195            throw new GroovyRestrictionException("using class " + receiver.getSimpleName()196                    + " is not allowed!");197        }198    }199    @Override200    public Object onNewInstance(Invoker invoker, @SuppressWarnings("rawtypes") Class receiver,201            Object... args) throws Throwable {202        // classes defined in the script would be okay, sadly it is not possible203        // to identify those?204        if (isAllowedClass(receiver) || isScriptClass(receiver)) {205            return super.onNewInstance(invoker, receiver, args);206        } else {207            throw new GroovyRestrictionException("using class " + receiver.getSimpleName()208                    + " is not allowed!");209        }210    }211    @Override212    public Object onMethodCall(Invoker invoker, Object receiver, String method, Object... args)213            throws Throwable {214        if (disallowedMethods.contains(method)) {215            throw new GroovyRestrictionException("using methods named " + method216                    + " is not allowed in Groovy transformations!");217        } else if (receiver instanceof Closure && disallowedClosureMethods.contains(method)) {218            throw new GroovyRestrictionException("using the closure method " + method219                    + " is not allowed in Groovy transformations!");220        }221        // Return value doesn't matter!222        // true -> allowed delegation found223        // false -> no disallowed delegation found224        checkMethodCall(receiver, method);225        return super.onMethodCall(invoker, receiver, method, args);226    }227    private boolean checkMethodCall(Object receiver, String method)228            throws GroovyRestrictionException {229        if (receiver instanceof Closure) {230            // Closure method names were tested before.231            Closure<?> closure = (Closure<?>) receiver;232            Object owner = closure.getOwner();233            Object delegate = closure.getDelegate();234            int rs = closure.getResolveStrategy();235            // Check owner first.236            if (rs == Closure.OWNER_FIRST || rs == Closure.OWNER_ONLY) {237                if (checkMethodCall(owner, method)) {238                    return true;239                }240            }241            // Check delegate first/second.242            if (rs == Closure.OWNER_FIRST || rs == Closure.DELEGATE_FIRST243                    || rs == Closure.DELEGATE_ONLY) {244                if (delegate != null && delegate != closure) {245                    if (checkMethodCall(delegate, method)) {246                        return true;247                    }248                }249            }250            // Check owner second.251            if (rs == Closure.DELEGATE_FIRST) {252                if (checkMethodCall(owner, method)) {253                    return true;254                }255            }256            // Cannot be 100% sure whether the call will be handled by257            // delegation to this closure.258            return false;259        } else if (isAllowedClass(receiver.getClass())) {260            checkExecute(receiver, method);261            return instanceAllAllowedClasses.contains(receiver.getClass())262                    || !InvokerHelper.getMetaClass(receiver).respondsTo(receiver, method).isEmpty();263        } else if (isScriptClass(receiver.getClass()) && !disallowedScriptMethods.contains(method)) {264            return !InvokerHelper.getMetaClass(receiver).respondsTo(receiver, method).isEmpty();265        }266        throw new GroovyRestrictionException("Possible access of method " + method + " on class "267                + receiver.getClass().getSimpleName()268                + " is not allowed in Groovy transformations!");269    }270    /**271     * Checks for an execute call on List, String, String[] and GString.272     *273     * @param receiver the receiver object274     * @param method the method name275     */276    private void checkExecute(Object receiver, String method) {277        if ("execute".equals(method)) {278            if (receiver instanceof List || receiver instanceof String279                    || receiver.getClass().isArray() || receiver instanceof String[]280                    || receiver instanceof GString) {281                throw new GroovyRestrictionException(282                        "Possible access of method execute on List, String, String[] and GString is not allowed in Groovy transformations!");283            }284        }285    }286    private boolean isScriptClass(Class<?> receiver) {287        // while-doesn't really do anything, because Groovy extracts classes288        // defined in scripts as stand-alone classes.289//		while (receiver.getEnclosingClass() != null)290//			receiver = receiver.getEnclosingClass();291        return Script.class.isAssignableFrom(receiver);292    }293    @Override294    public Object onGetProperty(Invoker invoker, Object receiver, String property) throws Throwable {295        if (receiver instanceof Class<?> && isAllowedClass((Class<?>) receiver)296                && !"class".equals(property)) {297            return super.onGetProperty(invoker, receiver, property);298        }299        checkPropertyAccess(receiver, property, false);300        return super.onGetProperty(invoker, receiver, property);301    }302    @Override303    public Object onSetProperty(Invoker invoker, Object receiver, String property, Object value)304            throws Throwable {305        if (disallowedWriteProperties.contains(property)) {306            throw new GroovyRestrictionException("setting the property " + property307                    + " is not allowed in Groovy transformations!");308        }309        if (receiver instanceof Closure && disallowedClosureWriteProperties.contains(property)) {310            throw new GroovyRestrictionException("setting the closure property " + property311                    + " is not allowed in Groovy transformations!");312        }313        checkPropertyAccess(receiver, property, true);314        return super.onSetProperty(invoker, receiver, property, value);315    }316    private boolean checkPropertyAccess(Object receiver, String property, boolean set)317            throws GroovyRestrictionException {318        if (receiver instanceof Closure) {319            // Closure properties were tested before.320            Closure<?> closure = (Closure<?>) receiver;321            Object owner = closure.getOwner();322            Object delegate = closure.getDelegate();323            int rs = closure.getResolveStrategy();324            // Check owner first.325            if (rs == Closure.OWNER_FIRST || rs == Closure.OWNER_ONLY) {326                if (checkPropertyAccess(owner, property, set)) {327                    return true;328                }329            }330            // Check delegate first/second.331            if (rs == Closure.OWNER_FIRST || rs == Closure.DELEGATE_FIRST332                    || rs == Closure.DELEGATE_ONLY) {333                if (delegate != null && delegate != closure) {334                    if (checkPropertyAccess(delegate, property, set)) {335                        return true;336                    }337                }338            }339            // Check owner second.340            if (rs == Closure.DELEGATE_FIRST) {341                if (checkPropertyAccess(owner, property, set)) {342                    return true;343                }344            }345            // Cannot be 100% sure whether the property will be handled by346            // delegation to this closure.347            return false;348        } else if (instanceAllAllowedClasses.contains(receiver.getClass())) {349            return true;350        } else if (isAllowedClass(receiver.getClass())) {351            return hasProperty(receiver, property);352        } else if (isScriptClass(receiver.getClass())353                && (!set || !disallowedScriptWriteProperties.contains(property))) {354            return hasProperty(receiver, property);355        }356        throw new GroovyRestrictionException("Possible " + (set ? "write " : "")357                + "access of property " + property + " on class "358                + receiver.getClass().getSimpleName()359                + " is not allowed in Groovy transformations!");360    }361    @Override362    public Object onGetAttribute(Invoker invoker, Object receiver, String attribute)363            throws Throwable {364        checkPropertyAccess(receiver, attribute, false);365        return super.onGetAttribute(invoker, receiver, attribute);366    }367    @Override368    public Object onSetAttribute(Invoker invoker, Object receiver, String attribute, Object value)369            throws Throwable {370        if (disallowedWriteProperties.contains(attribute)) {371            throw new GroovyRestrictionException("setting the property " + attribute372                    + " is not allowed in Groovy transformations!");373        }374        if (receiver instanceof Closure && disallowedClosureWriteProperties.contains(attribute)) {375            throw new GroovyRestrictionException("setting the closure property " + attribute376                    + " is not allowed in Groovy transformations!");377        }378        checkPropertyAccess(receiver, attribute, true);379        return super.onSetAttribute(invoker, receiver, attribute, value);380    }381    @Override382    public Object onGetArray(Invoker invoker, Object receiver, Object index) throws Throwable {383        // generally allow array access for now384        return super.onGetArray(invoker, receiver, index);385    }386    @Override387    public Object onSetArray(Invoker invoker, Object receiver, Object index, Object value)388            throws Throwable {389        // generally allow array access for now390        return super.onSetArray(invoker, receiver, index, value);391    }392    private static boolean hasProperty(Object object, String property) {393        if (InvokerHelper.getMetaClass(object).hasProperty(object, property) != null) {394            return true;395        }396        // The only way to be sure whether something is handled as a property in397        // Groovy is to actually get it and catch a MissingPropertyException.398        // But this actually accesses the property (-> side effects?)!399        // Here this is no problem, since we only disallow some write access...400        // The only allowed class with side effects should be InstanceAccessor,401        // which is in "allAllowedClasses" and thus shouldn't reach here402        try {403            InvokerHelper.getProperty(object, property);404            return true;405        } catch (MissingPropertyException e) {406            return false;407        }408    }409    private boolean isAllowedClass(Class<?> clazz) {410        // instanceAllowedClasses.add needs to be synchronized, as internal411        // state changes.412        // .contains does not need to be synchronized, worst case would be that413        // an element is added several times then, which doesn't matter.414        if (instanceAllowedClasses.contains(clazz)) {415            return true;416        }417        // allow accessing arrays in general418        // (calls like execute are disallowed by another mechanism)419        if (clazz.isArray()) {420            return true;421        }422        // allow nested classes of allowed classes423        Class<?> topLevelClass = clazz;424        while (topLevelClass.getEnclosingClass() != null) {425            topLevelClass = topLevelClass.getEnclosingClass();426        }427        if (topLevelClass != clazz) {428            if (instanceAllowedClasses.contains(topLevelClass)) {429                // cache result for nested class430                synchronized (instanceAllowedClasses) {431                    instanceAllowedClasses.add(clazz);432                }433                return true;434            }435        }436        // walk through prefixes437        for (AllowedPrefix allowedPackage : instanceAllowedPackages) {438            if (allowedPackage.checkAllowed(clazz)) {439                // cache result for class within a allowed package440                synchronized (instanceAllowedClasses) {441                    instanceAllowedClasses.add(clazz);442                }443                return true;444            }445        }446        return false;447    }448}...

checkAllowed

Using AI Code Generation

1import org.cerberus.service.groovy.impl.RestrictiveGroovyInterceptor2import org.cerberus.service.groovy.impl.RestrictiveGroovyInterceptor$CheckAllowedResult3def checkAllowedResult = RestrictiveGroovyInterceptor.checkAllowed("myScript", "myMethod", "myParameter", "myParameter2")4if (checkAllowedResult == CheckAllowedResult.ALLOWED) {5} else if (checkAllowedResult == CheckAllowedResult.NOT_ALLOWED) {6} else {7}8RestrictiveGroovyInterceptor.checkAllowed() is a static method that will return an enum of type CheckAllowedResult. The enum has 3 values:

checkAllowed

Using AI Code Generation

1import org.cerberus.service.groovy.impl.RestrictiveGroovyInterceptor2RestrictiveGroovyInterceptor groovyInterceptor = new RestrictiveGroovyInterceptor()3groovyInterceptor.checkAllowed(application, user, permission)4import org.cerberus.service.groovy.impl.RestrictiveGroovyInterceptor5RestrictiveGroovyInterceptor groovyInterceptor = new RestrictiveGroovyInterceptor()6groovyInterceptor.checkAllowed(application, user, permission)7import org.cerberus.service.groovy.impl.RestrictiveGroovyInterceptor8RestrictiveGroovyInterceptor groovyInterceptor = new RestrictiveGroovyInterceptor()9groovyInterceptor.checkAllowed(application, user, permission)10import org.cerberus.service.groovy.impl.RestrictiveGroovyInterceptor11RestrictiveGroovyInterceptor groovyInterceptor = new RestrictiveGroovyInterceptor()12groovyInterceptor.checkAllowed(application, user, permission)13import org.cerberus.service.groovy.impl.RestrictiveGroovyInterceptor14RestrictiveGroovyInterceptor groovyInterceptor = new RestrictiveGroovyInterceptor()15groovyInterceptor.checkAllowed(application, user, permission)16import org.cerberus.service.groovy.impl.RestrictiveGroovyInterceptor17RestrictiveGroovyInterceptor groovyInterceptor = new RestrictiveGroovyInterceptor()18groovyInterceptor.checkAllowed(application, user, permission)

checkAllowed

Using AI Code Generation

1def method = org.cerberus.service.groovy.impl.RestrictiveGroovyInterceptor.class.getDeclaredMethod("checkAllowed", java.lang.String)2method.setAccessible(true)3boolean allowed = (boolean) method.invoke(null, "MyScript")4if (!allowed) {5    throw new Exception("You are not allowed to execute this script")6}

checkAllowed

Using AI Code Generation

1import org.cerberus.service.groovy.impl.RestrictiveGroovyInterceptor2def isUserAuthenticated = request.isUserInRole("Authenticated")3def isUserHasPermission = request.isUserInRole("RunGroovyScript")4def isUserAuthenticated = request.isUserInRole("Authenticated")5def isUserHasPermission = request.isUserInRole("RunGroovyScript")6def isUserHasPermission = request.isUserInRole("RunGroovyScript")7def isUserAuthenticated = request.isUserInRole("Authenticated")8def isUserHasPermission = request.isUserInRole("RunGroovyScript")9def isUserHasPermission = request.isUserInRole("RunGroovyScript")10def isUserAuthenticated = request.isUserInRole("Authenticated")11def isUserAuthenticated = request.isUserInRole("Authenticated")12def isUserHasPermission = request.isUserInRole("RunGroovyScript")13def isUserHasPermission = request.isUserInRole("RunGroovyScript")14def isUserAuthenticated = request.isUserInRole("Authenticated")

checkAllowed

Using AI Code Generation

1if(!checkAllowed("Update","Application")){2}3if(!checkAllowed("Update","Application","You are not allowed to perform this action")){4}5if(!checkAllowed("Update","Application","You are not allowed to perform this action","home.jsp")){6}7if(!checkAllowed("Update","Application","You are not allowed to perform this action","home.jsp","main")){8}

Automation Testing Tutorials

Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.