Add String to the default whitelisted receivers

Fixes #8866
This commit is contained in:
Lee Hinman 2015-02-23 16:00:55 -07:00
parent 96b37a4bef
commit f493b98259
2 changed files with 3 additions and 0 deletions

View File

@ -92,6 +92,7 @@ public class GroovySandboxExpressionChecker implements SecureASTCustomizer.Expre
private final static String[] defaultReceiverWhitelist = new String [] { private final static String[] defaultReceiverWhitelist = new String [] {
groovy.util.GroovyCollections.class.getName(), groovy.util.GroovyCollections.class.getName(),
java.lang.Math.class.getName(), java.lang.Math.class.getName(),
java.lang.String.class.getName(),
java.lang.Integer.class.getName(), "[I", "[[I", "[[[I", java.lang.Integer.class.getName(), "[I", "[[I", "[[[I",
java.lang.Float.class.getName(), "[F", "[[F", "[[[F", java.lang.Float.class.getName(), "[F", "[[F", "[[[F",
java.lang.Double.class.getName(), "[D", "[[D", "[[[D", java.lang.Double.class.getName(), "[D", "[[D", "[[[D",

View File

@ -60,6 +60,8 @@ public class GroovySandboxScriptTests extends ElasticsearchIntegrationTest {
testSuccess("def t = Instant.now().getMillis()"); testSuccess("def t = Instant.now().getMillis()");
// GroovyCollections // GroovyCollections
testSuccess("def n = [1,2,3]; GroovyCollections.max(n)"); testSuccess("def n = [1,2,3]; GroovyCollections.max(n)");
// String
testSuccess("def s = String.format(\\\"%d\\\", 4)");
// Fail cases // Fail cases
testFailure("pr = Runtime.getRuntime().exec(\\\"touch /tmp/gotcha\\\"); pr.waitFor()", testFailure("pr = Runtime.getRuntime().exec(\\\"touch /tmp/gotcha\\\"); pr.waitFor()",