Fatal编程技术网
  • groovy/
  • 在Groovy中实现DSL白名单

在Groovy中实现DSL白名单

groovy

在Groovy中实现DSL白名单,groovy,dsl,Groovy,Dsl,提供以下代码,用于通过SecureASTCustomizer为DSL提供安全性 // @author: Groovy in Action import org.codehaus.groovy.control.* import org.codehaus.groovy.control.customizers.* def secure = new SecureASTCustomizer() secure.with { closuresAllowed = fal

提供以下代码,用于通过
SecureASTCustomizer
为DSL提供安全性

// @author: Groovy in Action 
import org.codehaus.groovy.control.*
import org.codehaus.groovy.control.customizers.*

def secure = new SecureASTCustomizer()

secure.with {
                  closuresAllowed = false 
                  methodDefinitionAllowed = false 
                  importsWhitelist = [] 

                  staticImportsWhitelist = [] 
                  staticStarImportsWhitelist = ['java.lang.Math']

                  tokensWhitelist = [ 
                    PLUS, MINUS, MULTIPLY, DIVIDE, MOD, POWER, 
                    PLUS_PLUS, MINUS_MINUS, 
                    COMPARE_EQUAL, COMPARE_NOT_EQUAL, 
                    COMPARE_LESS_THAN, COMPARE_LESS_THAN_EQUAL, 
                    COMPARE_GREATER_THAN, COMPARE_GREATER_THAN_EQUAL, 
                  ]

                  constantTypesClassesWhiteList = [ 
                    Integer, Float, Long, Double, BigDecimal, 
                    Integer.TYPE, Long.TYPE, Float.TYPE, Double.TYPE 
                  ]

                  receiversClassesWhiteList = [ 
                    Math, Integer, Float, Double, Long, BigDecimal 
                  ]

                  statementsWhitelist = [
                    BlockStatement, ExpressionStatement
                  ]

                  expressionsWhitelist = [ 
                    BinaryExpression, ConstantExpression,
                    MethodCallExpression, StaticMethodCallExpression,
                    ArgumentListExpression, PropertyExpression,
                    UnaryMinusExpression, UnaryPlusExpression,
                    PrefixExpression, PostfixExpression,
                    TernaryExpression, ElvisOperatorExpression,
                    BooleanExpression, ClassExpression
                  ] 
}

def config = new CompilerConfiguration()
config.addCompilationCustomizers(secure)

def shell = new GroovyShell(config)

x = shell.evaluate '''
    5 + 10  
    println("exiting...")
    System.exit(0)
'''

println x
然而,当我运行这段代码时,我得到了一个运行时错误

如何修复错误以使示例正常工作?即执行数学运算的DSL,不允许任何其他类型的命令,例如
System.exit(0)

PLUS
和朋友现在在

import static org.codehaus.groovy.syntax.Types.*
你也需要

import org.codehaus.groovy.ast.stmt.* // for the classes in `statementsWhitelist`
import org.codehaus.groovy.ast.expr.* // for the classes in `expressionsWhitelist`
考虑到这本书是从2009年开始的,您现在正在使用范围为2.3的groovy,包/类的位置只是随着时间的推移而改变,或者那里的源代码根本就不起作用

您可能需要考虑IDE,这有助于查找类/为您创建<代码>导入< /代码> s。< /P> 

import org.codehaus.groovy.ast.stmt.* // for the classes in `statementsWhitelist`
import org.codehaus.groovy.ast.expr.* // for the classes in `expressionsWhitelist`