How to use isAllowedClass method of org.cerberus.service.groovy.impl.RestrictiveGroovyInterceptor class

Best Cerberus-source code snippet using org.cerberus.service.groovy.impl.RestrictiveGroovyInterceptor.isAllowedClass

Source:RestrictiveGroovyInterceptor.java

...188    }189    @Override190    public Object onStaticCall(Invoker invoker, @SuppressWarnings("rawtypes") Class receiver,191            String method, Object... args) throws Throwable {192        if (isAllowedClass(receiver) || isScriptClass(receiver)) {193            return super.onStaticCall(invoker, receiver, method, args);194        } else {195            throw new GroovyRestrictionException("using class " + receiver.getSimpleName()196                    + " is not allowed!");197        }198    }199    @Override200    public Object onNewInstance(Invoker invoker, @SuppressWarnings("rawtypes") Class receiver,201            Object... args) throws Throwable {202        // classes defined in the script would be okay, sadly it is not possible203        // to identify those?204        if (isAllowedClass(receiver) || isScriptClass(receiver)) {205            return super.onNewInstance(invoker, receiver, args);206        } else {207            throw new GroovyRestrictionException("using class " + receiver.getSimpleName()208                    + " is not allowed!");209        }210    }211    @Override212    public Object onMethodCall(Invoker invoker, Object receiver, String method, Object... args)213            throws Throwable {214        if (disallowedMethods.contains(method)) {215            throw new GroovyRestrictionException("using methods named " + method216                    + " is not allowed in Groovy transformations!");217        } else if (receiver instanceof Closure && disallowedClosureMethods.contains(method)) {218            throw new GroovyRestrictionException("using the closure method " + method219                    + " is not allowed in Groovy transformations!");220        }221        // Return value doesn't matter!222        // true -> allowed delegation found223        // false -> no disallowed delegation found224        checkMethodCall(receiver, method);225        return super.onMethodCall(invoker, receiver, method, args);226    }227    private boolean checkMethodCall(Object receiver, String method)228            throws GroovyRestrictionException {229        if (receiver instanceof Closure) {230            // Closure method names were tested before.231            Closure<?> closure = (Closure<?>) receiver;232            Object owner = closure.getOwner();233            Object delegate = closure.getDelegate();234            int rs = closure.getResolveStrategy();235            // Check owner first.236            if (rs == Closure.OWNER_FIRST || rs == Closure.OWNER_ONLY) {237                if (checkMethodCall(owner, method)) {238                    return true;239                }240            }241            // Check delegate first/second.242            if (rs == Closure.OWNER_FIRST || rs == Closure.DELEGATE_FIRST243                    || rs == Closure.DELEGATE_ONLY) {244                if (delegate != null && delegate != closure) {245                    if (checkMethodCall(delegate, method)) {246                        return true;247                    }248                }249            }250            // Check owner second.251            if (rs == Closure.DELEGATE_FIRST) {252                if (checkMethodCall(owner, method)) {253                    return true;254                }255            }256            // Cannot be 100% sure whether the call will be handled by257            // delegation to this closure.258            return false;259        } else if (isAllowedClass(receiver.getClass())) {260            checkExecute(receiver, method);261            return instanceAllAllowedClasses.contains(receiver.getClass())262                    || !InvokerHelper.getMetaClass(receiver).respondsTo(receiver, method).isEmpty();263        } else if (isScriptClass(receiver.getClass()) && !disallowedScriptMethods.contains(method)) {264            return !InvokerHelper.getMetaClass(receiver).respondsTo(receiver, method).isEmpty();265        }266        throw new GroovyRestrictionException("Possible access of method " + method + " on class "267                + receiver.getClass().getSimpleName()268                + " is not allowed in Groovy transformations!");269    }270    /**271     * Checks for an execute call on List, String, String[] and GString.272     *273     * @param receiver the receiver object274     * @param method the method name275     */276    private void checkExecute(Object receiver, String method) {277        if ("execute".equals(method)) {278            if (receiver instanceof List || receiver instanceof String279                    || receiver.getClass().isArray() || receiver instanceof String[]280                    || receiver instanceof GString) {281                throw new GroovyRestrictionException(282                        "Possible access of method execute on List, String, String[] and GString is not allowed in Groovy transformations!");283            }284        }285    }286    private boolean isScriptClass(Class<?> receiver) {287        // while-doesn't really do anything, because Groovy extracts classes288        // defined in scripts as stand-alone classes.289//		while (receiver.getEnclosingClass() != null)290//			receiver = receiver.getEnclosingClass();291        return Script.class.isAssignableFrom(receiver);292    }293    @Override294    public Object onGetProperty(Invoker invoker, Object receiver, String property) throws Throwable {295        if (receiver instanceof Class<?> && isAllowedClass((Class<?>) receiver)296                && !"class".equals(property)) {297            return super.onGetProperty(invoker, receiver, property);298        }299        checkPropertyAccess(receiver, property, false);300        return super.onGetProperty(invoker, receiver, property);301    }302    @Override303    public Object onSetProperty(Invoker invoker, Object receiver, String property, Object value)304            throws Throwable {305        if (disallowedWriteProperties.contains(property)) {306            throw new GroovyRestrictionException("setting the property " + property307                    + " is not allowed in Groovy transformations!");308        }309        if (receiver instanceof Closure && disallowedClosureWriteProperties.contains(property)) {310            throw new GroovyRestrictionException("setting the closure property " + property311                    + " is not allowed in Groovy transformations!");312        }313        checkPropertyAccess(receiver, property, true);314        return super.onSetProperty(invoker, receiver, property, value);315    }316    private boolean checkPropertyAccess(Object receiver, String property, boolean set)317            throws GroovyRestrictionException {318        if (receiver instanceof Closure) {319            // Closure properties were tested before.320            Closure<?> closure = (Closure<?>) receiver;321            Object owner = closure.getOwner();322            Object delegate = closure.getDelegate();323            int rs = closure.getResolveStrategy();324            // Check owner first.325            if (rs == Closure.OWNER_FIRST || rs == Closure.OWNER_ONLY) {326                if (checkPropertyAccess(owner, property, set)) {327                    return true;328                }329            }330            // Check delegate first/second.331            if (rs == Closure.OWNER_FIRST || rs == Closure.DELEGATE_FIRST332                    || rs == Closure.DELEGATE_ONLY) {333                if (delegate != null && delegate != closure) {334                    if (checkPropertyAccess(delegate, property, set)) {335                        return true;336                    }337                }338            }339            // Check owner second.340            if (rs == Closure.DELEGATE_FIRST) {341                if (checkPropertyAccess(owner, property, set)) {342                    return true;343                }344            }345            // Cannot be 100% sure whether the property will be handled by346            // delegation to this closure.347            return false;348        } else if (instanceAllAllowedClasses.contains(receiver.getClass())) {349            return true;350        } else if (isAllowedClass(receiver.getClass())) {351            return hasProperty(receiver, property);352        } else if (isScriptClass(receiver.getClass())353                && (!set || !disallowedScriptWriteProperties.contains(property))) {354            return hasProperty(receiver, property);355        }356        throw new GroovyRestrictionException("Possible " + (set ? "write " : "")357                + "access of property " + property + " on class "358                + receiver.getClass().getSimpleName()359                + " is not allowed in Groovy transformations!");360    }361    @Override362    public Object onGetAttribute(Invoker invoker, Object receiver, String attribute)363            throws Throwable {364        checkPropertyAccess(receiver, attribute, false);365        return super.onGetAttribute(invoker, receiver, attribute);366    }367    @Override368    public Object onSetAttribute(Invoker invoker, Object receiver, String attribute, Object value)369            throws Throwable {370        if (disallowedWriteProperties.contains(attribute)) {371            throw new GroovyRestrictionException("setting the property " + attribute372                    + " is not allowed in Groovy transformations!");373        }374        if (receiver instanceof Closure && disallowedClosureWriteProperties.contains(attribute)) {375            throw new GroovyRestrictionException("setting the closure property " + attribute376                    + " is not allowed in Groovy transformations!");377        }378        checkPropertyAccess(receiver, attribute, true);379        return super.onSetAttribute(invoker, receiver, attribute, value);380    }381    @Override382    public Object onGetArray(Invoker invoker, Object receiver, Object index) throws Throwable {383        // generally allow array access for now384        return super.onGetArray(invoker, receiver, index);385    }386    @Override387    public Object onSetArray(Invoker invoker, Object receiver, Object index, Object value)388            throws Throwable {389        // generally allow array access for now390        return super.onSetArray(invoker, receiver, index, value);391    }392    private static boolean hasProperty(Object object, String property) {393        if (InvokerHelper.getMetaClass(object).hasProperty(object, property) != null) {394            return true;395        }396        // The only way to be sure whether something is handled as a property in397        // Groovy is to actually get it and catch a MissingPropertyException.398        // But this actually accesses the property (-> side effects?)!399        // Here this is no problem, since we only disallow some write access...400        // The only allowed class with side effects should be InstanceAccessor,401        // which is in "allAllowedClasses" and thus shouldn't reach here402        try {403            InvokerHelper.getProperty(object, property);404            return true;405        } catch (MissingPropertyException e) {406            return false;407        }408    }409    private boolean isAllowedClass(Class<?> clazz) {410        // instanceAllowedClasses.add needs to be synchronized, as internal411        // state changes.412        // .contains does not need to be synchronized, worst case would be that413        // an element is added several times then, which doesn't matter.414        if (instanceAllowedClasses.contains(clazz)) {415            return true;416        }417        // allow accessing arrays in general418        // (calls like execute are disallowed by another mechanism)419        if (clazz.isArray()) {420            return true;421        }422        // allow nested classes of allowed classes423        Class<?> topLevelClass = clazz;...

isAllowedClass

Using AI Code Generation

1if (!isAllowedClass('org.cerberus.service.groovy.impl.GroovyService')) {2    throw new RuntimeException("Class not allowed")3}4if (!isAllowedMethod('org.cerberus.service.groovy.impl.GroovyService', 'execute')) {5    throw new RuntimeException("Method not allowed")6}7if (!isAllowedField('org.cerberus.service.groovy.impl.GroovyService', 'logEventService')) {8    throw new RuntimeException("Field not allowed")9}10if (!isAllowedClass('org.cerberus.service.groovy.impl.GroovyService')) {11    throw new RuntimeException("Class not allowed")12}13if (!isAllowedMethod('org.cerberus.service.groovy.impl.GroovyService', 'execute')) {14    throw new RuntimeException("Method not allowed")15}16if (!isAllowedField('org.cerberus.service.groovy.impl.GroovyService', 'logEventService')) {17    throw new RuntimeException("Field not allowed")18}19if (!isAllowedClass('org.cerberus.service.groovy.impl.GroovyService')) {20    throw new RuntimeException("Class not allowed")21}22if (!isAllowedMethod('org.cerberus.service.groovy.impl.GroovyService', 'execute')) {23    throw new RuntimeException("Method not allowed")24}25if (!isAllowedField('org.cerberus.service.groovy.impl.GroovyService', 'logEventService')) {26    throw new RuntimeException("Field not allowed")27}28if (!is

isAllowedClass

Using AI Code Generation

1import org.cerberus.engine.entity.MessageEvent2def isAllowedClass(obj){3}4def execute(obj){5    log.debug("Script executed with object " + obj.toString())6}7def execute(){8    log.debug("Script executed")9}

Automation Testing Tutorials

Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.