groovy-sandbox

Compile-time transformer to run Groovy code in a restrictive sandbox. Executes untrusted Groovy script safely.

Maven dependency

<dependency>
    <groupId>org.kohsuke</groupId>
    <artifactId>groovy-sandbox</artifactId>
    <version>1.6</version>
</dependency>

Usage

A good example can be found here. This is a simple test that always expects a SecurityException:

class Test {
    static class DenyAll extends GroovyValueFilter {
        Object filter(Object o) { throw new SecurityException('Denied!') }
    }
    @Test(expected = SecurityException)
    void testScript() {
        final sh = new GroovyShell(new CompilerConfiguration()
                .addCompilationCustomizers(new SandboxTransformer()))
        new DenyAll().register()
        sh.evaluate('println hi')
    }
}

About

Compile-time transformer to run Groovy code in a restrictive sandbox

http://groovy-sandbox.kohsuke.org/

MIT License

Languages

Language:Java 75.7%Language:Groovy 24.2%Language:Shell 0.1%