Closed dalbrx closed 4 years ago
@dalbrx I think that if you disable any of these, other than maybe attribute interception, code in the sandbox can disable all protections, so I am not sure why these properties even exist in the first place. I think they should all be deleted.
For example, interception of 'abc'.chars
is controlled by interceptProperty
, and interception of def a = [1]; a['toString']
is controlled by interceptArray
, but both of these types of syntax allow method calls that can disable the sandbox. As far as I know, you must intercept everything for the sandbox to actually work as a sandbox.
@dalbrx I am going to go ahead and close this issue for the reasons mentioned above, but let me know if you have any questions or comments.
After upgrading from 1.6 we noticed that it's not possible anymore to set the SandboxTransformer properties this change introduces getters and setters for them.