在Groovy中实现DSL白名单
提供以下代码,用于通过在Groovy中实现DSL白名单,groovy,dsl,Groovy,Dsl,提供以下代码,用于通过SecureASTCustomizer为DSL提供安全性 // @author: Groovy in Action import org.codehaus.groovy.control.* import org.codehaus.groovy.control.customizers.* def secure = new SecureASTCustomizer() secure.with { closuresAllowed = fal
SecureASTCustomizer
为DSL提供安全性
// @author: Groovy in Action
import org.codehaus.groovy.control.*
import org.codehaus.groovy.control.customizers.*
def secure = new SecureASTCustomizer()
secure.with {
closuresAllowed = false
methodDefinitionAllowed = false
importsWhitelist = []
staticImportsWhitelist = []
staticStarImportsWhitelist = ['java.lang.Math']
tokensWhitelist = [
PLUS, MINUS, MULTIPLY, DIVIDE, MOD, POWER,
PLUS_PLUS, MINUS_MINUS,
COMPARE_EQUAL, COMPARE_NOT_EQUAL,
COMPARE_LESS_THAN, COMPARE_LESS_THAN_EQUAL,
COMPARE_GREATER_THAN, COMPARE_GREATER_THAN_EQUAL,
]
constantTypesClassesWhiteList = [
Integer, Float, Long, Double, BigDecimal,
Integer.TYPE, Long.TYPE, Float.TYPE, Double.TYPE
]
receiversClassesWhiteList = [
Math, Integer, Float, Double, Long, BigDecimal
]
statementsWhitelist = [
BlockStatement, ExpressionStatement
]
expressionsWhitelist = [
BinaryExpression, ConstantExpression,
MethodCallExpression, StaticMethodCallExpression,
ArgumentListExpression, PropertyExpression,
UnaryMinusExpression, UnaryPlusExpression,
PrefixExpression, PostfixExpression,
TernaryExpression, ElvisOperatorExpression,
BooleanExpression, ClassExpression
]
}
def config = new CompilerConfiguration()
config.addCompilationCustomizers(secure)
def shell = new GroovyShell(config)
x = shell.evaluate '''
5 + 10
println("exiting...")
System.exit(0)
'''
println x
然而,当我运行这段代码时,我得到了一个运行时错误
如何修复错误以使示例正常工作?即执行数学运算的DSL,不允许任何其他类型的命令,例如System.exit(0)
PLUS
和朋友现在在
import static org.codehaus.groovy.syntax.Types.*
你也需要
import org.codehaus.groovy.ast.stmt.* // for the classes in `statementsWhitelist`
import org.codehaus.groovy.ast.expr.* // for the classes in `expressionsWhitelist`
考虑到这本书是从2009年开始的,您现在正在使用范围为2.3的groovy,包/类的位置只是随着时间的推移而改变,或者那里的源代码根本就不起作用
您可能需要考虑IDE,这有助于查找类/为您创建<代码>导入< /代码> s。< /P>
import org.codehaus.groovy.ast.stmt.* // for the classes in `statementsWhitelist`
import org.codehaus.groovy.ast.expr.* // for the classes in `expressionsWhitelist`