Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/jenkinsci/groovy-sandbox
(Deprecated) Compile-time transformer to run Groovy code in a restrictive sandbox
https://github.com/jenkinsci/groovy-sandbox
groovy jenkins sandbox
Last synced: 4 days ago
JSON representation
(Deprecated) Compile-time transformer to run Groovy code in a restrictive sandbox
- Host: GitHub
- URL: https://github.com/jenkinsci/groovy-sandbox
- Owner: jenkinsci
- License: mit
- Created: 2012-04-28T20:31:42.000Z (over 12 years ago)
- Default Branch: master
- Last Pushed: 2024-11-18T10:44:50.000Z (about 1 month ago)
- Last Synced: 2024-12-13T19:13:47.485Z (11 days ago)
- Topics: groovy, jenkins, sandbox
- Language: Java
- Homepage:
- Size: 1.17 MB
- Stars: 124
- Watchers: 110
- Forks: 62
- Open Issues: 8
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
groovy-sandbox
==============**WARNING** This library is only maintained in the context of Jenkins, and should only be used as a dependency of Jenkins plugins such as [Script Security Plugin](https://plugins.jenkins.io/script-security) and [Pipeline: Groovy Plugin](https://plugins.jenkins.io/workflow-cps). It should be considered deprecated and unsafe for all other purposes.
This library provides a compile-time transformer to run Groovy code in an environment in which most operations, such as method calls, are intercepted before being executed. Consumers of the library can hook into the interception to allow or deny specific operations.
This library is **not secure** when used by itself. In particular, you must at least use an additional `CompilationCustomizer` along the lines of [RejectASTTransformsCustomizer](https://github.com/jenkinsci/script-security-plugin/blob/c43e099f2f86425b32b0be492020313644062763/src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/RejectASTTransformsCustomizer.java) to reject AST transformations that can bypass the sandbox, and you need to take special care to ensure untrusted scripts are both parsed and executed inside of the sandbox.