Add GroovyCollections to the sandbox whitelist
Also clarify in the docs that changing the whitelist/blacklist settings replace the list, they don't add to it. Fixes #7089 Fixes #7088
This commit is contained in:
parent
089658a36f
commit
4dc060527c
|
@ -233,6 +233,9 @@ that can be used for configuring this sandbox:
|
|||
Flag to disable the sandbox (defaults to `true` meaning the sandbox is
|
||||
enabled).
|
||||
|
||||
When specifying whitelist or blacklist settings for the groovy sandbox, all
|
||||
options replace the current whitelist, they are not additive.
|
||||
|
||||
[float]
|
||||
=== Automatic Script Reloading
|
||||
|
||||
|
|
|
@ -88,6 +88,7 @@ public class GroovySandboxExpressionChecker implements SecureASTCustomizer.Expre
|
|||
|
||||
// Default whitelisted receiver classes for the Groovy sandbox
|
||||
private final static String[] defaultReceiverWhitelist = new String [] {
|
||||
groovy.util.GroovyCollections.class.getName(),
|
||||
java.lang.Math.class.getName(),
|
||||
java.lang.Integer.class.getName(), "[I", "[[I", "[[[I",
|
||||
java.lang.Float.class.getName(), "[F", "[[F", "[[[F",
|
||||
|
|
|
@ -47,6 +47,8 @@ public class GroovySandboxScriptTests extends ElasticsearchIntegrationTest {
|
|||
testSuccess("def v = doc['foo'].value; def m = [:]; m.put(\\\"value\\\", v)");
|
||||
// Times
|
||||
testSuccess("def t = Instant.now().getMillis()");
|
||||
// GroovyCollections
|
||||
testSuccess("def n = [1,2,3]; GroovyCollections.max(n)");
|
||||
|
||||
// Fail cases
|
||||
testFailure("pr = Runtime.getRuntime().exec(\\\"touch /tmp/gotcha\\\"); pr.waitFor()",
|
||||
|
|
Loading…
Reference in New Issue