com.github.jlangch.venice.javainterop

Class SandboxRules

java.lang.Object

com.github.jlangch.venice.javainterop.SandboxRules

public class SandboxRules
extends java.lang.Object

Defines the Venice's sandbox rules.

The sandbox keeps whitelist rules for the Java Interop and blacklist rules for the Venice functions.

Field Summary

Fields

Modifier and Type	Field and Description
static java.util.Set<java.lang.String>	DEFAULT_SYSTEM_ENVS
static java.util.Set<java.lang.String>	DEFAULT_SYSTEM_PROPERTIES
static java.util.Set<java.lang.String>	DEFAULT_WHITELISTED_MODULES

Constructor Summary

Constructors

Constructor and Description
SandboxRules()

Method Summary

Modifier and Type	Method and Description
static java.util.List<java.lang.String>	getDefaultRules() Returns the default rules used for Venice sandboxes.
java.lang.Integer	getMaxExecTimeSeconds()
java.lang.Integer	getMaxFutureThreadPoolSize()
java.util.List<java.lang.String>	getRules()
SandboxRules	merge(SandboxRules other) Merges this SandboxRules with the passed other SandboxRules
static SandboxRules	noDefaults() Creates new SandboxRules starting without any defaults.
SandboxRules	rejectAllConcurrencyFunctions() Reject access to all concurrency related functions agents futures promises thread thread local watches parallel processing scheduler
SandboxRules	rejectAllJavaCalls() Reject access to all Java related functions
SandboxRules	rejectAllJavaFunctions() Reject access to all Java related functions
SandboxRules	rejectAllSenstiveSpecialForms() Reject access to all sensitive special forms dynamic code loading ns manipulation var manipulation benchmark profiling
SandboxRules	rejectAllSystemFunctions() Reject access to all system related functions
SandboxRules	rejectAllUnsafeFunctions() Reject access to all unsafe functions
SandboxRules	rejectAllVeniceIoFunctions() Reject access to all Venice I/O related functions
SandboxRules	rejectVeniceFunctions(java.util.Collection<java.lang.String> rules) Reject Venice function rules to the sandbox.
SandboxRules	rejectVeniceFunctions(java.lang.String... rules) Reject Venice function rules to the sandbox.
java.lang.String	toString()
java.lang.String	toString(java.lang.String prefix)
SandboxRules	unique() Remove duplicate rules from these SandboxRules
SandboxRules	whitelistVeniceFunctions(java.util.Collection<java.lang.String> rules) Whitelist Venice function rules to the sandbox.
SandboxRules	whitelistVeniceFunctions(java.lang.String... rules) Whitelist Venice function rules to the sandbox.
SandboxRules	withAllSystemEnvs() Allow access to all system environment variables
SandboxRules	withAllSystemProperties() Allow access to all Java system properties
SandboxRules	withClasses(java.lang.Class<?>... classes) Add a rule for classes to the sandbox, whitelisting the class and all its methods and fields
SandboxRules	withClasses(java.util.Collection<java.lang.Class<?>> classes) Add a rule for classes to the sandbox, whitelisting the class and all its methods and fields
SandboxRules	withClasses(java.util.List<java.lang.String> rules) Add whitelisted class rules to the sandbox.
SandboxRules	withClasses(java.lang.String... rules) Add whitelisted class rules to the sandbox.
SandboxRules	withClasspathResources(java.util.Collection<java.lang.String> rules) Add whitelisted classpath resource rules to the sandbox.
SandboxRules	withClasspathResources(java.lang.String... rules) Add whitelisted classpath resource rules to the sandbox.
SandboxRules	withDefaultClasses()
SandboxRules	withDefaultVeniceModules()
SandboxRules	withMaxExecTimeSeconds(int maxExecTimeSeconds) Sets the max execution time in seconds a Venice script under this SandboxRules is allowed to run.
SandboxRules	withMaxFutureThreadPoolSize(int maximumPoolSize) Sets the max thread pool size for futures a Venice script under this SandboxRules is allowed to use.
SandboxRules	withStandardSystemEnvs() Allow access to all standard system environment variables
SandboxRules	withStandardSystemProperties() Allow access to all standard Java system properties
SandboxRules	withSystemEnvs(java.util.Collection<java.lang.String> rules) Add whitelisted system environment variable rules to the sandbox.
SandboxRules	withSystemEnvs(java.lang.String... rules) Add whitelisted system environment variable rules to the sandbox.
SandboxRules	withSystemProperties(java.util.Collection<java.lang.String> rules) Add whitelisted system property rules to the sandbox.
SandboxRules	withSystemProperties(java.lang.String... rules) Add whitelisted system property rules to the sandbox.
SandboxRules	withVeniceModules(java.util.Collection<java.lang.String> rules) Add rules for whitelisted Venice modules.
SandboxRules	withVeniceModules(java.lang.String... rules) Add rules for whitelisted Venice modules.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

DEFAULT_SYSTEM_PROPERTIES

public static final java.util.Set<java.lang.String> DEFAULT_SYSTEM_PROPERTIES

DEFAULT_SYSTEM_ENVS

public static final java.util.Set<java.lang.String> DEFAULT_SYSTEM_ENVS

DEFAULT_WHITELISTED_MODULES

public static java.util.Set<java.lang.String> DEFAULT_WHITELISTED_MODULES

Constructor Detail

SandboxRules

public SandboxRules()

Method Detail

noDefaults

public static SandboxRules noDefaults()

Creates new SandboxRules starting without any defaults.

Returns:

SandboxRules

withClasses

public SandboxRules withClasses(java.lang.String... rules)

Add whitelisted class rules to the sandbox.

Java whitelist rules for class/instance accessor follow the schema: '{package}.{className}:{methodName | fieldName}'. The asterix may be used as a wildcard

E.g:

• java.lang.Boolean (allow calling Java methods with arguments or return values of type Boolean)
• java.lang.* (allow calling Java methods with arguments or return values of any type in the package 'java.lang')
• java.lang.Long:new (allow calling Long constructor)
• java.lang.Math:abs (allow calling Math::abs method)
• java.lang.Math:* (allow calling all Math constructors/methods/fields)
• java.lang.*:* (allow calling all constructors/methods/fields for classes in the package 'java.lang')
• java.awt.**:* (allow calling all constructors/methods/fields for classes in the package 'java.awt' and all its subpackages)

Parameters:

rules - rules

Returns:

this SandboxRules

withClasses

public SandboxRules withClasses(java.util.List<java.lang.String> rules)

Add whitelisted class rules to the sandbox.

Java whitelist rules for class/instance accessor follow the schema: '{package}.{className}:{methodName | fieldName}'. The asterix may be used as a wildcard

E.g:

• java.lang.Boolean (allow calling Java methods with arguments or return values of type Boolean)
• java.lang.* (allow calling Java methods with arguments or return values of any type in the package 'java.lang')
• java.lang.Long:new (allow calling Long constructor)
• java.lang.Math:abs (allow calling Math::abs method)
• java.lang.Math:* (allow calling all Math constructors/methods/fields)
• java.lang.*:* (allow calling all constructors/methods/fields for classes in the package 'java.lang')
• java.awt.**:* (allow calling all constructors/methods/fields for classes in the package 'java.awt' and all its subpackages)

Parameters:

rules - rules

Returns:

this SandboxRules

withClasses

public SandboxRules withClasses(java.lang.Class<?>... classes)

Add a rule for classes to the sandbox, whitelisting the class and all its methods and fields

Adds a class rule "x.y.classname:*" for each class

Parameters:

classes - classes

Returns:

this SandboxRules

withClasses

public SandboxRules withClasses(java.util.Collection<java.lang.Class<?>> classes)

Add a rule for classes to the sandbox, whitelisting the class and all its methods and fields

Adds a class rule "x.y.classname:*" for each class

Parameters:

classes - classes

Returns:

this SandboxRules

withDefaultClasses

public SandboxRules withDefaultClasses()

withClasspathResources

public SandboxRules withClasspathResources(java.lang.String... rules)

Add whitelisted classpath resource rules to the sandbox. E.g:

• "foo/org/image.png2
• "foo/org/*.png"
• "foo/org/*.jpg"
• "foo/**/*.jpg"

Parameters:

rules - rules

Returns:

this SandboxRules

withClasspathResources

public SandboxRules withClasspathResources(java.util.Collection<java.lang.String> rules)

Add whitelisted classpath resource rules to the sandbox. E.g:

• "foo/org/image.png"
• "foo/org/*.png"
• "foo/org/*.jpg"
• "foo/**/*.jpg"

Parameters:

rules - rules

Returns:

this SandboxRules

withSystemProperties

public SandboxRules withSystemProperties(java.lang.String... rules)

Add whitelisted system property rules to the sandbox.

E.g: white listing Java system properties

• file.separator
• java.home

Parameters:

rules - rules

Returns:

this SandboxRules

withSystemProperties

public SandboxRules withSystemProperties(java.util.Collection<java.lang.String> rules)

Add whitelisted system property rules to the sandbox.

E.g: white listing Java system properties

• file.separator
• java.home

Parameters:

rules - rules

Returns:

this SandboxRules

withSystemEnvs

public SandboxRules withSystemEnvs(java.lang.String... rules)

Add whitelisted system environment variable rules to the sandbox.

E.g: white listing environment variable

• HOME

Parameters:

rules - rules

Returns:

this SandboxRules

withSystemEnvs

public SandboxRules withSystemEnvs(java.util.Collection<java.lang.String> rules)

Add whitelisted system environment variable rules to the sandbox.

E.g: white listing environment variable

• "HOME"

Parameters:

rules - rules

Returns:

this SandboxRules

rejectVeniceFunctions

public SandboxRules rejectVeniceFunctions(java.lang.String... rules)

Reject Venice function rules to the sandbox.

E.g:

• "io/slurp" (reject calls to 'io/slurp')
• "*io*" (reject all Venice I/O calls like 'io/slurp', 'create-file', ...)
• "." (reject java interop completely)

Parameters:

rules - rules

Returns:

this SandboxRules

rejectVeniceFunctions

public SandboxRules rejectVeniceFunctions(java.util.Collection<java.lang.String> rules)

Reject Venice function rules to the sandbox.

E.g:

• "io/slurp" (reject calls to 'io/slurp')
• "*io*" (reject all Venice I/O calls like 'io/slurp', 'create-file', ...)
• "." (reject java interop completely)

Parameters:

rules - rules

Returns:

this SandboxRules

whitelistVeniceFunctions

public SandboxRules whitelistVeniceFunctions(java.lang.String... rules)

Whitelist Venice function rules to the sandbox.

E.g:

• "print"
• "println"

Parameters:

rules - rules

Returns:

this SandboxRules

whitelistVeniceFunctions

public SandboxRules whitelistVeniceFunctions(java.util.Collection<java.lang.String> rules)

Whitelist Venice function rules to the sandbox.

E.g:

• "print"
• "println"

Parameters:

rules - rules

Returns:

this SandboxRules

withVeniceModules

public SandboxRules withVeniceModules(java.lang.String... rules)

Add rules for whitelisted Venice modules.

Parameters:

rules - rules

Returns:

this SandboxRules

withVeniceModules

public SandboxRules withVeniceModules(java.util.Collection<java.lang.String> rules)

Add rules for whitelisted Venice modules.

Parameters:

rules - rules

Returns:

this SandboxRules

withDefaultVeniceModules

public SandboxRules withDefaultVeniceModules()

withMaxExecTimeSeconds

public SandboxRules withMaxExecTimeSeconds(int maxExecTimeSeconds)

Sets the max execution time in seconds a Venice script under this SandboxRules is allowed to run.

Parameters:

maxExecTimeSeconds - the max exec time in seconds

Returns:

this SandboxRules

withMaxFutureThreadPoolSize

public SandboxRules withMaxFutureThreadPoolSize(int maximumPoolSize)

Sets the max thread pool size for futures a Venice script under this SandboxRules is allowed to use.

Parameters:

maximumPoolSize - the max thread pool size

Returns:

this SandboxRules

rejectAllVeniceIoFunctions

public SandboxRules rejectAllVeniceIoFunctions()

Reject access to all Venice I/O related functions

Returns:

this SandboxRules

rejectAllConcurrencyFunctions

public SandboxRules rejectAllConcurrencyFunctions()

Reject access to all concurrency related functions

• agents
• futures
• promises
• thread
• thread local
• watches
• parallel processing
• scheduler

Returns:

this SandboxRules

rejectAllSystemFunctions

public SandboxRules rejectAllSystemFunctions()

Reject access to all system related functions

Returns:

this SandboxRules

rejectAllJavaCalls

public SandboxRules rejectAllJavaCalls()

Reject access to all Java related functions

Returns:

this SandboxRules

rejectAllJavaFunctions

public SandboxRules rejectAllJavaFunctions()

Reject access to all Java related functions

Returns:

this SandboxRules

rejectAllSenstiveSpecialForms

public SandboxRules rejectAllSenstiveSpecialForms()

Reject access to all sensitive special forms

• dynamic code loading
• ns manipulation
• var manipulation
• benchmark
• profiling

Returns:

this SandboxRules

rejectAllUnsafeFunctions

public SandboxRules rejectAllUnsafeFunctions()

Reject access to all unsafe functions

Returns:

this SandboxRules

withStandardSystemProperties

public SandboxRules withStandardSystemProperties()

Allow access to all standard Java system properties

Standard system properties:

• file.separator
• java.home
• java.vendor
• java.vendor.url
• java.version
• line.separator
• os.arch
• os.name
• os.version
• path.separator
• user.dir
• user.home
• user.name

Returns:

this SandboxRules

withAllSystemProperties

public SandboxRules withAllSystemProperties()

Allow access to all Java system properties

Returns:

this SandboxRules

withStandardSystemEnvs

public SandboxRules withStandardSystemEnvs()

Allow access to all standard system environment variables

Standard system environment variables:

Returns:

this SandboxRules

withAllSystemEnvs

public SandboxRules withAllSystemEnvs()

Allow access to all system environment variables

Returns:

this SandboxRules

merge

public SandboxRules merge(SandboxRules other)

Merges this SandboxRules with the passed other SandboxRules

Note: merges only the rules but not 'maxExecTimeSeconds' and 'maxFutureThreadPoolSize' !!

Note: you may end up with duplicates rules. For better performance use SandboxRules.unique() to get a new deduplicated SandboxRules.

Parameters:

other - the other SandboxRules to merge with

Returns:

the new merged SandboxRules

unique

public SandboxRules unique()

Remove duplicate rules from these SandboxRules

Returns:

the new unique rules SandboxRules

getRules

public java.util.List<java.lang.String> getRules()

Returns:

the rules of this SandboxRules

getMaxExecTimeSeconds

public java.lang.Integer getMaxExecTimeSeconds()

Returns:

the max execution time in seconds a Venice script under this SandboxRules is allowed to run.

getMaxFutureThreadPoolSize

public java.lang.Integer getMaxFutureThreadPoolSize()

Returns:

the max thread pool size for futures a Venice script under this SandboxRules is allowed to use.

getDefaultRules

public static java.util.List<java.lang.String> getDefaultRules()

Returns the default rules used for Venice sandboxes.

Note: The default rules can be omitted by calling

    SandboxRules
        .noDefaults()
        .withClasses(
            "java.lang.Math",
            "java.math.BigDecimal");
 

Returns:

the default rules used for the Sandbox

toString

public java.lang.String toString()

Overrides:

toString in class java.lang.Object

toString

public java.lang.String toString(java.lang.String prefix)