Merge pull request #14500 from rmuir/groovy_json
Add property permissions so groovy scripts can serialize json
This commit is contained in:
Robert Muir
commit
bcf05cf2b8
|
|
@ -26,6 +26,10 @@ grant {
|
||||||
// groovy IndyInterface bootstrap requires this property for indy logging
|
// groovy IndyInterface bootstrap requires this property for indy logging
|
||||||
permission java.util.PropertyPermission "groovy.indy.logging", "read";
|
permission java.util.PropertyPermission "groovy.indy.logging", "read";
|
||||||
|
|
||||||
|
// groovy JsonOutput, just allow it to read these props so it works (unsafe is not allowed)
|
||||||
|
permission java.util.PropertyPermission "groovy.json.faststringutils.disable", "read";
|
||||||
|
permission java.util.PropertyPermission "groovy.json.faststringutils.write.to.final.fields", "read";
|
||||||
|
|
||||||
// needed by Rhino engine exception handling
|
// needed by Rhino engine exception handling
|
||||||
permission java.util.PropertyPermission "rhino.stack.style", "read";
|
permission java.util.PropertyPermission "rhino.stack.style", "read";
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -64,6 +64,8 @@ public class GroovySecurityTests extends ESTestCase {
|
||||||
assertSuccess("def range = 1..doc['foo'].value; def v = range.get(0)");
|
assertSuccess("def range = 1..doc['foo'].value; def v = range.get(0)");
|
||||||
// Maps
|
// Maps
|
||||||
assertSuccess("def v = doc['foo'].value; def m = [:]; m.put(\"value\", v)");
|
assertSuccess("def v = doc['foo'].value; def m = [:]; m.put(\"value\", v)");
|
||||||
|
// serialization to json (this is best effort considering the unsafe etc at play)
|
||||||
|
assertSuccess("def x = 5; groovy.json.JsonOutput.toJson(x)");
|
||||||
// Times
|
// Times
|
||||||
assertSuccess("def t = Instant.now().getMillis()");
|
assertSuccess("def t = Instant.now().getMillis()");
|
||||||
// GroovyCollections
|
// GroovyCollections
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue