SandboxRules (venice 1.10.27 API)

java.lang.Object
- com.github.jlangch.venice.javainterop.SandboxRules

```
public class SandboxRules
extends java.lang.Object
```
Defines the Venice's sandbox rules.
The sandbox keeps whitelist rules for the Java Interop and blacklist rules for the Venice functions.

Constructor Summary

Constructors
Constructor and Description

SandboxRules()

Constructors
Constructor and Description
`SandboxRules()`

Method Summary

All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods
Modifier and Type	Method and Description
`static java.util.List<java.lang.String>`	`getDefaultRules()` Returns the default rules used for Venice sandboxes.
`java.lang.Integer`	`getMaxExecTimeSeconds()`
`java.lang.Integer`	`getMaxFutureThreadPoolSize()`
`java.util.List<java.lang.String>`	`getRules()`
`SandboxRules`	`merge(SandboxRules other)` Merges this `SandboxRules` with the passed other `SandboxRules`
`static SandboxRules`	`noDefaults()` Creates new SandboxRules starting without any defaults.
`SandboxRules`	`rejectAllConcurrencyFunctions()` Reject access to all concurrency related functions agents futures promises thread thread local watches parallel processing scheduler
`SandboxRules`	`rejectAllIoFunctions()` Reject access to all Venice I/O related functions
`SandboxRules`	`rejectAllJavaInteropFunctions()` Reject access to all Java interop functions
`SandboxRules`	`rejectAllSenstiveSpecialForms()` Reject access to all sensitive special forms dynamic code loading ns manipulation var manipulation benchmark profiling ...
`SandboxRules`	`rejectAllSystemFunctions()` Reject access to all system related functions
`SandboxRules`	`rejectAllUnsafeFunctions()` Reject access to all unsafe functions.
`SandboxRules`	`rejectAllVeniceIoFunctions()` Deprecated. use `rejectAllIoFunctions()`
`SandboxRules`	`rejectVeniceFunctions(java.util.Collection<java.lang.String> rules)` Reject Venice function rules to the sandbox.
`SandboxRules`	`rejectVeniceFunctions(java.lang.String... rules)` Reject Venice function rules to the sandbox.
`SandboxInterceptor`	`sandbox()` Builds a sandbox from this rules.
`java.lang.String`	`toString()`
`java.lang.String`	`toString(java.lang.String prefix)`
`SandboxRules`	`unique()` Remove duplicate rules from these `SandboxRules`
`SandboxRules`	`whitelistVeniceFunctions(java.util.Collection<java.lang.String> rules)` Whitelist Venice function rules to the sandbox.
`SandboxRules`	`whitelistVeniceFunctions(java.lang.String... rules)` Whitelist Venice function rules to the sandbox.
`SandboxRules`	`withAllSystemEnvs()` Allow access to all system environment variables
`SandboxRules`	`withAllSystemProperties()` Allow access to all Java system properties
`SandboxRules`	`withClasses(java.lang.Class<?>... classes)` Add a rule for classes to the sandbox, whitelisting the class and all its methods and fields
`SandboxRules`	`withClasses(java.util.Collection<java.lang.Class<?>> classes)` Add a rule for classes to the sandbox, whitelisting the class and all its methods and fields
`SandboxRules`	`withClasses(java.util.List<java.lang.String> rules)` Add whitelisted class rules to the sandbox.
`SandboxRules`	`withClasses(java.lang.String... rules)` Add whitelisted class rules to the sandbox.
`SandboxRules`	`withClasspathResources(java.util.Collection<java.lang.String> rules)` Add whitelisted classpath resource rules to the sandbox.
`SandboxRules`	`withClasspathResources(java.lang.String... rules)` Add whitelisted classpath resource rules to the sandbox.
`SandboxRules`	`withDefaultClasses()`
`SandboxRules`	`withDefaultVeniceModules()`
`SandboxRules`	`withMaxExecTimeSeconds(int maxExecTimeSeconds)` Sets the max execution time in seconds a Venice script under this `SandboxRules` is allowed to run.
`SandboxRules`	`withMaxFutureThreadPoolSize(int maximumPoolSize)` Sets the max thread pool size for futures a Venice script under this `SandboxRules` is allowed to use.
`SandboxRules`	`withStandardSystemEnvs()` Allow access to all standard system environment variables
`SandboxRules`	`withStandardSystemProperties()` Allow access to all standard Java system properties
`SandboxRules`	`withSystemEnvs(java.util.Collection<java.lang.String> rules)` Add whitelisted system environment variable rules to the sandbox.
`SandboxRules`	`withSystemEnvs(java.lang.String... rules)` Add whitelisted system environment variable rules to the sandbox.
`SandboxRules`	`withSystemProperties(java.util.Collection<java.lang.String> rules)` Add whitelisted system property rules to the sandbox.
`SandboxRules`	`withSystemProperties(java.lang.String... rules)` Add whitelisted system property rules to the sandbox.
`SandboxRules`	`withVeniceModules(java.util.Collection<java.lang.String> rules)` Add rules for whitelisted Venice modules.
`SandboxRules`	`withVeniceModules(java.lang.String... rules)` Add rules for whitelisted Venice modules.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

- Constructor Detail
  - SandboxRules
```
public SandboxRules()
```
- Method Detail
  - sandbox
```
public SandboxInterceptor sandbox()
```
    Builds a sandbox from this rules.
    
    Returns:
    
    a SandboxInterceptor
  - noDefaults
```
public static SandboxRules noDefaults()
```
    Creates new SandboxRules starting without any defaults.
    
    Returns:
    
    SandboxRules
  - withClasses
```
public SandboxRules withClasses(java.lang.String... rules)
```
    Add whitelisted class rules to the sandbox.
    Java whitelist rules for class/instance accessor follow the schema: '{package}.{className}:{methodName | fieldName}'. The asterix may be used as a wildcard
    E.g:
    - java.lang.Boolean (allow calling Java methods with arguments or return values of type Boolean)
    - java.lang.* (allow calling Java methods with arguments or return values of any type in the package 'java.lang')
    - java.lang.Long:new (allow calling Long constructor)
    - java.lang.Math:abs (allow calling Math::abs method)
    - java.lang.Math:* (allow calling all Math constructors/methods/fields)
    - java.lang.*:* (allow calling all constructors/methods/fields for classes in the package 'java.lang')
    - java.awt.**:* (allow calling all constructors/methods/fields for classes in the package 'java.awt' and all its subpackages)
    Parameters:
    
    rules - rules
    
    Returns:
    
    this SandboxRules
  - withClasses
```
public SandboxRules withClasses(java.util.List<java.lang.String> rules)
```
    Add whitelisted class rules to the sandbox.
    Java whitelist rules for class/instance accessor follow the schema: '{package}.{className}:{methodName | fieldName}'. The asterix may be used as a wildcard
    E.g:
    - java.lang.Boolean (allow calling Java methods with arguments or return values of type Boolean)
    - java.lang.* (allow calling Java methods with arguments or return values of any type in the package 'java.lang')
    - java.lang.Long:new (allow calling Long constructor)
    - java.lang.Math:abs (allow calling Math::abs method)
    - java.lang.Math:* (allow calling all Math constructors/methods/fields)
    - java.lang.*:* (allow calling all constructors/methods/fields for classes in the package 'java.lang')
    - java.awt.**:* (allow calling all constructors/methods/fields for classes in the package 'java.awt' and all its subpackages)
    Parameters:
    
    rules - rules
    
    Returns:
    
    this SandboxRules
  - withClasses
```
public SandboxRules withClasses(java.lang.Class<?>... classes)
```
    Add a rule for classes to the sandbox, whitelisting the class and all its methods and fields
    Adds a class rule "x.y.classname:*" for each class
    
    Parameters:
    
    classes - classes
    
    Returns:
    
    this SandboxRules
  - withClasses
```
public SandboxRules withClasses(java.util.Collection<java.lang.Class<?>> classes)
```
    Add a rule for classes to the sandbox, whitelisting the class and all its methods and fields
    Adds a class rule "x.y.classname:*" for each class
    
    Parameters:
    
    classes - classes
    
    Returns:
    
    this SandboxRules
  - withDefaultClasses
```
public SandboxRules withDefaultClasses()
```
  - withClasspathResources
```
public SandboxRules withClasspathResources(java.lang.String... rules)
```
    Add whitelisted classpath resource rules to the sandbox. E.g:
    - "foo/org/image.png2
    - "foo/org/*.png"
    - "foo/org/*.jpg"
    - "foo/**/*.jpg"
    Parameters:
    
    rules - rules
    
    Returns:
    
    this SandboxRules
  - withClasspathResources
```
public SandboxRules withClasspathResources(java.util.Collection<java.lang.String> rules)
```
    Add whitelisted classpath resource rules to the sandbox. E.g:
    - "foo/org/image.png"
    - "foo/org/*.png"
    - "foo/org/*.jpg"
    - "foo/**/*.jpg"
    Parameters:
    
    rules - rules
    
    Returns:
    
    this SandboxRules
  - withSystemProperties
```
public SandboxRules withSystemProperties(java.lang.String... rules)
```
    Add whitelisted system property rules to the sandbox.
    E.g: white listing Java system properties
    - file.separator
    - java.home
    Parameters:
    
    rules - rules
    
    Returns:
    
    this SandboxRules
  - withSystemProperties
```
public SandboxRules withSystemProperties(java.util.Collection<java.lang.String> rules)
```
    Add whitelisted system property rules to the sandbox.
    E.g: white listing Java system properties
    - file.separator
    - java.home
    Parameters:
    
    rules - rules
    
    Returns:
    
    this SandboxRules
  - withSystemEnvs
```
public SandboxRules withSystemEnvs(java.lang.String... rules)
```
    Add whitelisted system environment variable rules to the sandbox.
    E.g: white listing environment variable
    - HOME
    Parameters:
    
    rules - rules
    
    Returns:
    
    this SandboxRules
  - withSystemEnvs
```
public SandboxRules withSystemEnvs(java.util.Collection<java.lang.String> rules)
```
    Add whitelisted system environment variable rules to the sandbox.
    E.g: white listing environment variable
    - "HOME"
    Parameters:
    
    rules - rules
    
    Returns:
    
    this SandboxRules
  - rejectVeniceFunctions
```
public SandboxRules rejectVeniceFunctions(java.lang.String... rules)
```
    Reject Venice function rules to the sandbox.
    E.g:
    - "io/slurp" (reject calls to 'io/slurp')
    - "*io*" (reject all Venice I/O calls like 'io/slurp', 'create-file', ...)
    - "." (reject java interop completely)
    Parameters:
    
    rules - rules
    
    Returns:
    
    this SandboxRules
  - rejectVeniceFunctions
```
public SandboxRules rejectVeniceFunctions(java.util.Collection<java.lang.String> rules)
```
    Reject Venice function rules to the sandbox.
    E.g:
    - "io/slurp" (reject calls to 'io/slurp')
    - "*io*" (reject all Venice I/O calls like 'io/slurp', 'create-file', ...)
    - "." (reject java interop completely)
    Parameters:
    
    rules - rules
    
    Returns:
    
    this SandboxRules
  - whitelistVeniceFunctions
```
public SandboxRules whitelistVeniceFunctions(java.lang.String... rules)
```
    Whitelist Venice function rules to the sandbox.
    E.g:
    - "print"
    - "println"
    Parameters:
    
    rules - rules
    
    Returns:
    
    this SandboxRules
  - whitelistVeniceFunctions
```
public SandboxRules whitelistVeniceFunctions(java.util.Collection<java.lang.String> rules)
```
    Whitelist Venice function rules to the sandbox.
    E.g:
    - "print"
    - "println"
    Parameters:
    
    rules - rules
    
    Returns:
    
    this SandboxRules
  - withVeniceModules
```
public SandboxRules withVeniceModules(java.lang.String... rules)
```
    Add rules for whitelisted Venice modules.
    
    Parameters:
    
    rules - rules
    
    Returns:
    
    this SandboxRules
  - withVeniceModules
```
public SandboxRules withVeniceModules(java.util.Collection<java.lang.String> rules)
```
    Add rules for whitelisted Venice modules.
    
    Parameters:
    
    rules - rules
    
    Returns:
    
    this SandboxRules
  - withDefaultVeniceModules
```
public SandboxRules withDefaultVeniceModules()
```
  - withMaxExecTimeSeconds
```
public SandboxRules withMaxExecTimeSeconds(int maxExecTimeSeconds)
```
    Sets the max execution time in seconds a Venice script under this SandboxRules is allowed to run.
    
    Parameters:
    
    maxExecTimeSeconds - the max exec time in seconds
    
    Returns:
    
    this SandboxRules
  - withMaxFutureThreadPoolSize
```
public SandboxRules withMaxFutureThreadPoolSize(int maximumPoolSize)
```
    Sets the max thread pool size for futures a Venice script under this SandboxRules is allowed to use.
    
    Parameters:
    
    maximumPoolSize - the max thread pool size
    
    Returns:
    
    this SandboxRules
  - rejectAllIoFunctions
```
public SandboxRules rejectAllIoFunctions()
```
    Reject access to all Venice I/O related functions
    
    Returns:
    
    this SandboxRules
  - rejectAllVeniceIoFunctions
```
@Deprecated
public SandboxRules rejectAllVeniceIoFunctions()
```
    Deprecated. use rejectAllIoFunctions()
    
    Reject access to all Venice I/O related functions
    
    Returns:
    
    this SandboxRules
  - rejectAllConcurrencyFunctions
```
public SandboxRules rejectAllConcurrencyFunctions()
```
    Reject access to all concurrency related functions
    - agents
    - futures
    - promises
    - thread
    - thread local
    - watches
    - parallel processing
    - scheduler
    Returns:
    
    this SandboxRules
  - rejectAllSystemFunctions
```
public SandboxRules rejectAllSystemFunctions()
```
    Reject access to all system related functions
    
    Returns:
    
    this SandboxRules
  - rejectAllJavaInteropFunctions
```
public SandboxRules rejectAllJavaInteropFunctions()
```
    Reject access to all Java interop functions
    
    Returns:
    
    this SandboxRules
  - rejectAllSenstiveSpecialForms
```
public SandboxRules rejectAllSenstiveSpecialForms()
```
    Reject access to all sensitive special forms
    - dynamic code loading
    - ns manipulation
    - var manipulation
    - benchmark
    - profiling
    - ...
    Returns:
    
    this SandboxRules
  - rejectAllUnsafeFunctions
```
public SandboxRules rejectAllUnsafeFunctions()
```
    Reject access to all unsafe functions.
    
    Returns:
    
    this SandboxRules
  - withStandardSystemProperties
```
public SandboxRules withStandardSystemProperties()
```
    Allow access to all standard Java system properties
    Standard system properties:
    - file.separator
    - java.home
    - java.vendor
    - java.vendor.url
    - java.version
    - line.separator
    - os.arch
    - os.name
    - os.version
    - path.separator
    - user.dir
    - user.home
    - user.name
    Returns:
    
    this SandboxRules
  - withAllSystemProperties
```
public SandboxRules withAllSystemProperties()
```
    Allow access to all Java system properties
    
    Returns:
    
    this SandboxRules
  - withStandardSystemEnvs
```
public SandboxRules withStandardSystemEnvs()
```
    Allow access to all standard system environment variables
    Standard system environment variables:
    
    Returns:
    
    this SandboxRules
  - withAllSystemEnvs
```
public SandboxRules withAllSystemEnvs()
```
    Allow access to all system environment variables
    
    Returns:
    
    this SandboxRules
  - merge
```
public SandboxRules merge(SandboxRules other)
```
    Merges this SandboxRules with the passed other SandboxRules
    Note: merges only the rules but not 'maxExecTimeSeconds' and 'maxFutureThreadPoolSize' !!
    Note: you may end up with duplicates rules. For better performance use SandboxRules.unique() to get a new deduplicated SandboxRules.
    
    Parameters:
    
    other - the other SandboxRules to merge with
    
    Returns:
    
    the new merged SandboxRules
  - unique
```
public SandboxRules unique()
```
    Remove duplicate rules from these SandboxRules
    
    Returns:
    
    the new unique rules SandboxRules
  - getRules
```
public java.util.List<java.lang.String> getRules()
```
    Returns:
    
    the rules of this SandboxRules
  - getMaxExecTimeSeconds
```
public java.lang.Integer getMaxExecTimeSeconds()
```
    Returns:
    
    the max execution time in seconds a Venice script under this SandboxRules is allowed to run.
  - getMaxFutureThreadPoolSize
```
public java.lang.Integer getMaxFutureThreadPoolSize()
```
    Returns:
    
    the max thread pool size for futures a Venice script under this SandboxRules is allowed to use.
  - getDefaultRules
```
public static java.util.List<java.lang.String> getDefaultRules()
```
    Returns the default rules used for Venice sandboxes.
    Note: The default rules can be omitted by calling
```
    SandboxRules
        .noDefaults()
        .withClasses(
            "java.lang.Math",
            "java.math.BigDecimal");
 
```
    Returns:
    
    the default rules used for the Sandbox
  - toString
```
public java.lang.String toString()
```
    Overrides:
    
    toString in class java.lang.Object
  - toString
```
public java.lang.String toString(java.lang.String prefix)
```

Class SandboxRules

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

SandboxRules

Method Detail

sandbox

noDefaults

withClasses

withClasses

withClasses

withClasses

withDefaultClasses

withClasspathResources

withClasspathResources

withSystemProperties

withSystemProperties

withSystemEnvs

withSystemEnvs

rejectVeniceFunctions

rejectVeniceFunctions

whitelistVeniceFunctions

whitelistVeniceFunctions

withVeniceModules

withVeniceModules

withDefaultVeniceModules

withMaxExecTimeSeconds

withMaxFutureThreadPoolSize

rejectAllIoFunctions

rejectAllVeniceIoFunctions

rejectAllConcurrencyFunctions

rejectAllSystemFunctions

rejectAllJavaInteropFunctions

rejectAllSenstiveSpecialForms

rejectAllUnsafeFunctions

withStandardSystemProperties

withAllSystemProperties

withStandardSystemEnvs

withAllSystemEnvs

merge

unique

getRules

getMaxExecTimeSeconds

getMaxFutureThreadPoolSize

getDefaultRules

toString

toString