search

jenkinsci / groovy-sandbox

(Deprecated) Compile-time transformer to run Groovy code in a restrictive sandbox
MIT License
122 stars 60 forks source link

filter of sandbox is inactive #49

Closed Sunrry closed 4 years ago

Sunrry commented 5 years ago

I want to use groovy-sandbox in my project ( java project), so I create "GroovySandbox", the source code is as follow: ` public class GroovySandbox extends GroovyValueFilter {

@Override
public Object filter(Object o) {
    throw new SecurityException("Denied!");
}

} `

And I register the sandbox in my code like : CompilerConfiguration compilerConfiguration = new CompilerConfiguration(); compilerConfiguration.addCompilationCustomizers(new SandboxTransformer()); GroovyShell groovyShell = new GroovyShell(compilerConfiguration); new GroovySandbox().register(); groovyShell.evaluate("return true;");

While I debug my code, and I found it can never stop into filter method, and the exception is not thrown, is there anything I missed ? Thanks !

dwnusbaum commented 4 years ago

@Sunrry I am not sure why things might not have been working for you, maybe you needed to test with a more complicated script that contained property access or a method call or something? Either way, I would discourage you from using this library for any new development, please see the recently-updated README. I am going to go ahead and close this issue.

brandaomarcos commented 3 years ago

@Sunrry I am not sure why things might not have been working for you, maybe you needed to test with a more complicated script that contained property access or a method call or something? Either way, I would discourage you from using this library for any new development, please see the recently-updated README. I am going to go ahead and close this issue.

Is there any other lib that we can use to replace it?