com.github.jlangch.venice.javainterop

Class SandboxRules

java.lang.Object

com.github.jlangch.venice.javainterop.SandboxRules

public class SandboxRules
extends java.lang.Object

Defines the Venice's sandbox rules.

The sandbox keeps whitelist rules for the Java Interop and blacklist rules for the Venice functions.

Field Summary

Fields

Modifier and Type	Field and Description
static java.util.Set<java.lang.String>	DEFAULT_SYSTEM_ENVS
static java.util.Set<java.lang.String>	DEFAULT_SYSTEM_PROPERTIES

Constructor Summary

Constructors

Constructor and Description
SandboxRules()

Method Summary

Modifier and Type	Method and Description
static java.util.List<java.lang.String>	getDefaultRules() Returns the default rules used for Venice sandboxes.
java.lang.Integer	getMaxExecTimeSeconds()
java.lang.Integer	getMaxFutureThreadPoolSize()
java.util.Set<java.lang.String>	getRules()
SandboxRules	merge(SandboxRules other) Merges this SandboxRules with the passed other SandboxRules
static SandboxRules	noDefaults() Creates new SandboxRules starting without any defaults.
SandboxRules	rejectAllJavaCalls() Reject access to all Java related functions
SandboxRules	rejectAllVeniceIoFunctions() Reject access to all Venice I/O related functions
SandboxRules	rejectVeniceFunctions(java.util.Collection<java.lang.String> rules) Reject Venice function rules to the sandbox.
SandboxRules	rejectVeniceFunctions(java.lang.String... rules) Reject Venice function rules to the sandbox.
SandboxRules	rejectVeniceModules(java.util.Collection<java.lang.String> rules) Reject Venice module rules to the sandbox.
SandboxRules	rejectVeniceModules(java.lang.String... rules) Reject Venice module rules to the sandbox.
java.lang.String	toString()
java.lang.String	toString(java.lang.String prefix)
SandboxRules	withAllSystemEnvs() Allow access to all system environment variables
SandboxRules	withAllSystemProperties() Allow access to all Java system properties
SandboxRules	withClasses(java.lang.Class<?>... classes) Add a rule for classes to the sandbox, whitelisting the class and all its methods and fields
SandboxRules	withClasses(java.util.Collection<java.lang.Class<?>> classes) Add a rule for classes to the sandbox, whitelisting the class and all its methods and fields
SandboxRules	withClasses(java.util.List<java.lang.String> rules) Add whitelisted class rules to the sandbox.
SandboxRules	withClasses(java.lang.String... rules) Add whitelisted class rules to the sandbox.
SandboxRules	withClasspathResources(java.util.Collection<java.lang.String> rules) Add whitelisted classpath resource rules to the sandbox.
SandboxRules	withClasspathResources(java.lang.String... rules) Add whitelisted classpath resource rules to the sandbox.
SandboxRules	withDefaultClasses()
SandboxRules	withMaxExecTimeSeconds(int maxExecTimeSeconds) Sets the max execution time in seconds a Venice script under this SandboxRules is allowed to run.
SandboxRules	withMaxFutureThreadPoolSize(int maximumPoolSize) Sets the max thread pool size for futures a Venice script under this SandboxRules is allowed to use.
SandboxRules	withStandardSystemEnvs() Allow access to all standard system environment variables
SandboxRules	withStandardSystemProperties() Allow access to all standard Java system properties
SandboxRules	withSystemEnvs(java.util.Collection<java.lang.String> rules) Add whitelisted system environment variable rules to the sandbox.
SandboxRules	withSystemEnvs(java.lang.String... rules) Add whitelisted system environment variable rules to the sandbox.
SandboxRules	withSystemProperties(java.util.Collection<java.lang.String> rules) Add whitelisted system property rules to the sandbox.
SandboxRules	withSystemProperties(java.lang.String... rules) Add whitelisted system property rules to the sandbox.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

DEFAULT_SYSTEM_PROPERTIES

public static final java.util.Set<java.lang.String> DEFAULT_SYSTEM_PROPERTIES

DEFAULT_SYSTEM_ENVS

public static final java.util.Set<java.lang.String> DEFAULT_SYSTEM_ENVS

Constructor Detail

SandboxRules

public SandboxRules()

Method Detail

noDefaults

public static SandboxRules noDefaults()

Creates new SandboxRules starting without any defaults.

Returns:

SandboxRules

withClasses

public SandboxRules withClasses(java.lang.String... rules)

Add whitelisted class rules to the sandbox.

Java whitelist rules for class/instance accessor follow the schema: '{package}.{className}:{methodName | fieldName}'. The asterix may be used as a wildcard

E.g:

• java.lang.Boolean (allow calling Java methods with arguments or return values of type Boolean)
• java.lang.* (allow calling Java methods with arguments or return values of any type in the package 'java.lang')
• java.lang.Long:new (allow calling Long constructor)
• java.lang.Math:abs (allow calling Math::abs method)
• java.lang.Math:* (allow calling all Math constructors/methods/fields)
• java.lang.*:* (allow calling all constructors/methods/fields for classes in the package 'java.lang')
• java.awt.**:* (allow calling all constructors/methods/fields for classes in the package 'java.awt' and all its subpackages)

Parameters:

rules - rules

Returns:

this SandboxRules

withClasses

public SandboxRules withClasses(java.util.List<java.lang.String> rules)

Add whitelisted class rules to the sandbox.

Java whitelist rules for class/instance accessor follow the schema: '{package}.{className}:{methodName | fieldName}'. The asterix may be used as a wildcard

E.g:

• java.lang.Boolean (allow calling Java methods with arguments or return values of type Boolean)
• java.lang.* (allow calling Java methods with arguments or return values of any type in the package 'java.lang')
• java.lang.Long:new (allow calling Long constructor)
• java.lang.Math:abs (allow calling Math::abs method)
• java.lang.Math:* (allow calling all Math constructors/methods/fields)
• java.lang.*:* (allow calling all constructors/methods/fields for classes in the package 'java.lang')
• java.awt.**:* (allow calling all constructors/methods/fields for classes in the package 'java.awt' and all its subpackages)

Parameters:

rules - rules

Returns:

this SandboxRules

withClasses

public SandboxRules withClasses(java.lang.Class<?>... classes)

Add a rule for classes to the sandbox, whitelisting the class and all its methods and fields

Adds a class rule "x.y.classname:*" for each class

Parameters:

classes - classes

Returns:

this SandboxRules

withClasses

public SandboxRules withClasses(java.util.Collection<java.lang.Class<?>> classes)

Add a rule for classes to the sandbox, whitelisting the class and all its methods and fields

Adds a class rule "x.y.classname:*" for each class

Parameters:

classes - classes

Returns:

this SandboxRules

withDefaultClasses

public SandboxRules withDefaultClasses()

withClasspathResources

public SandboxRules withClasspathResources(java.lang.String... rules)

Add whitelisted classpath resource rules to the sandbox. E.g:

• foo/org/image.png
• foo/org/*.png
• foo/org/*.jpg
• foo/**/*.jpg

Parameters:

rules - rules

Returns:

this SandboxRules

withClasspathResources

public SandboxRules withClasspathResources(java.util.Collection<java.lang.String> rules)

Add whitelisted classpath resource rules to the sandbox. E.g:

• foo/org/image.png
• foo/org/*.png
• foo/org/*.jpg
• foo/**/*.jpg

Parameters:

rules - rules

Returns:

this SandboxRules

withSystemProperties

public SandboxRules withSystemProperties(java.lang.String... rules)

Add whitelisted system property rules to the sandbox.

E.g: white listing Java system properties

• file.separator
• java.home

Parameters:

rules - rules

Returns:

this SandboxRules

withSystemProperties

public SandboxRules withSystemProperties(java.util.Collection<java.lang.String> rules)

Add whitelisted system property rules to the sandbox.

E.g: white listing Java system properties

• file.separator
• java.home

Parameters:

rules - rules

Returns:

this SandboxRules

withSystemEnvs

public SandboxRules withSystemEnvs(java.lang.String... rules)

Add whitelisted system environment variable rules to the sandbox.

E.g: white listing environment variable

• HOME

Parameters:

rules - rules

Returns:

this SandboxRules

withSystemEnvs

public SandboxRules withSystemEnvs(java.util.Collection<java.lang.String> rules)

Add whitelisted system environment variable rules to the sandbox.

E.g: white listing environment variable

• HOME

Parameters:

rules - rules

Returns:

this SandboxRules

rejectVeniceFunctions

public SandboxRules rejectVeniceFunctions(java.lang.String... rules)

Reject Venice function rules to the sandbox.

E.g:

• io/slurp (reject calls to 'io/slurp')
• *io* (reject all Venice I/O calls like 'io/slurp', 'create-file', ...)
• . (reject java interop completely)

Parameters:

rules - rules

Returns:

this SandboxRules

rejectVeniceFunctions

public SandboxRules rejectVeniceFunctions(java.util.Collection<java.lang.String> rules)

Reject Venice function rules to the sandbox.

E.g:

• io/slurp (reject calls to 'io/slurp')
• *io* (reject all Venice I/O calls like 'io/slurp', 'create-file', ...)
• . (reject java interop completely)

Parameters:

rules - rules

Returns:

this SandboxRules

rejectVeniceModules

public SandboxRules rejectVeniceModules(java.lang.String... rules)

Reject Venice module rules to the sandbox.

Parameters:

rules - rules

Returns:

this SandboxRules

rejectVeniceModules

public SandboxRules rejectVeniceModules(java.util.Collection<java.lang.String> rules)

Reject Venice module rules to the sandbox.

Parameters:

rules - rules

Returns:

this SandboxRules

withMaxExecTimeSeconds

public SandboxRules withMaxExecTimeSeconds(int maxExecTimeSeconds)

Sets the max execution time in seconds a Venice script under this SandboxRules is allowed to run.

Parameters:

maxExecTimeSeconds - the max exec time in seconds

Returns:

this SandboxRules

withMaxFutureThreadPoolSize

public SandboxRules withMaxFutureThreadPoolSize(int maximumPoolSize)

Sets the max thread pool size for futures a Venice script under this SandboxRules is allowed to use.

Parameters:

maximumPoolSize - the max thread pool size

Returns:

this SandboxRules

rejectAllVeniceIoFunctions

public SandboxRules rejectAllVeniceIoFunctions()

Reject access to all Venice I/O related functions

Returns:

this SandboxRules

rejectAllJavaCalls

public SandboxRules rejectAllJavaCalls()

Reject access to all Java related functions

Returns:

this SandboxRules

withStandardSystemProperties

public SandboxRules withStandardSystemProperties()

Allow access to all standard Java system properties

Standard system properties:

• file.separator
• java.home
• java.vendor
• java.vendor.url
• java.version
• line.separator
• os.arch
• os.name
• os.version
• path.separator
• user.dir
• user.home
• user.name

Returns:

this SandboxRules

withAllSystemProperties

public SandboxRules withAllSystemProperties()

Allow access to all Java system properties

Returns:

this SandboxRules

withStandardSystemEnvs

public SandboxRules withStandardSystemEnvs()

Allow access to all standard system environment variables

Standard system environment variables:

Returns:

this SandboxRules

withAllSystemEnvs

public SandboxRules withAllSystemEnvs()

Allow access to all system environment variables

Returns:

this SandboxRules

merge

public SandboxRules merge(SandboxRules other)

Merges this SandboxRules with the passed other SandboxRules

Parameters:

other - the other SandboxRules to merge with

Returns:

the new merged SandboxRules

getRules

public java.util.Set<java.lang.String> getRules()

Returns:

the rules of this SandboxRules

getMaxExecTimeSeconds

public java.lang.Integer getMaxExecTimeSeconds()

Returns:

the max execution time in seconds a Venice script under this SandboxRules is allowed to run.

getMaxFutureThreadPoolSize

public java.lang.Integer getMaxFutureThreadPoolSize()

Returns:

the max thread pool size for futures a Venice script under this SandboxRules is allowed to use.

getDefaultRules

public static java.util.List<java.lang.String> getDefaultRules()

Returns the default rules used for Venice sandboxes.

Note: The default rules can be omitted by calling

    SandboxRules
        .noDefaults()
        .withClasses(
            "java.lang.Math",
            "java.math.BigDecimal");
 

Returns:

the default rules used for the Sandbox

toString

public java.lang.String toString()

Overrides:

toString in class java.lang.Object

toString

public java.lang.String toString(java.lang.String prefix)