com.github.jlangch.venice.javainterop

Class SandboxInterceptor

java.lang.Object

com.github.jlangch.venice.javainterop.Interceptor

com.github.jlangch.venice.javainterop.ValueFilterInterceptor

com.github.jlangch.venice.javainterop.SandboxInterceptor

All Implemented Interfaces:

IInterceptor

public class SandboxInterceptor
extends ValueFilterInterceptor

Constructor Summary

Constructors

Constructor and Description
SandboxInterceptor(SandboxRules rules)
SandboxInterceptor(SandboxRules rules, ILoadPaths loadPaths)

Method Summary

Modifier and Type	Method and Description
protected java.lang.Object	filter(java.lang.Object obj)
protected java.lang.Object	filterAccessor(java.lang.Object o, java.lang.String accessor)
protected ReturnValue	filterReturnValue(ReturnValue returnValue)
java.lang.Integer	getMaxExecutionTimeSeconds()
java.lang.Integer	getMaxFutureThreadPoolSize()
SandboxRules	getRules()
ReturnValue	onGetBeanProperty(IInvoker invoker, java.lang.Object receiver, java.lang.String property) Gets a Java Bean property
ReturnValue	onGetInstanceField(IInvoker invoker, java.lang.Object receiver, java.lang.Class<?> receiverFormalType, java.lang.String fieldName) Get an instance field's value
ReturnValue	onGetStaticField(IInvoker invoker, java.lang.Class<?> receiver, java.lang.String fieldName) Get a static field's value
ReturnValue	onInvokeConstructor(IInvoker invoker, java.lang.Class<?> receiver, java.lang.Object... args) Invokes a constructor
ReturnValue	onInvokeInstanceMethod(IInvoker invoker, java.lang.Object receiver, java.lang.Class<?> receiverFormalType, java.lang.String method, java.lang.Object... args) Invokes an instance method
ReturnValue	onInvokeStaticMethod(IInvoker invoker, java.lang.Class<?> receiver, java.lang.String method, java.lang.Object... args) Invokes a static method
byte[]	onLoadClassPathResource(java.lang.String resourceName) Loads a classpath resource
java.lang.String	onReadSystemEnv(java.lang.String name) Reads a Java environment variable
java.lang.String	onReadSystemProperty(java.lang.String propertyName) Reads a Java system property
void	onSetBeanProperty(IInvoker invoker, java.lang.Object receiver, java.lang.String property, java.lang.Object value) Sets a Java Bean property
void	validateLoadModule(java.lang.String moduleName) Validates the load of a module
void	validateMaxExecutionTime() Validates the execution time
void	validateVeniceFunction(java.lang.String funcName) Validates the invocation of a Venice function.

Methods inherited from class com.github.jlangch.venice.javainterop.ValueFilterInterceptor

filterArgument

Methods inherited from class com.github.jlangch.venice.javainterop.Interceptor

getLoadPaths, getMeterRegistry

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SandboxInterceptor

public SandboxInterceptor(SandboxRules rules)

SandboxInterceptor

public SandboxInterceptor(SandboxRules rules,
                          ILoadPaths loadPaths)

Method Detail

getRules

public SandboxRules getRules()

onInvokeInstanceMethod

public ReturnValue onInvokeInstanceMethod(IInvoker invoker,
                                          java.lang.Object receiver,
                                          java.lang.Class<?> receiverFormalType,
                                          java.lang.String method,
                                          java.lang.Object... args)
                                   throws java.lang.SecurityException

Description copied from interface: IInterceptor

Invokes an instance method

Specified by:

onInvokeInstanceMethod in interface IInterceptor

Overrides:

onInvokeInstanceMethod in class ValueFilterInterceptor

Parameters:

invoker - the invoker

receiver - an object

receiverFormalType - the formal type of the receiver (e.g a superclass)

method - a method

args - a list of arguments

Returns:

the return value

Throws:

java.lang.SecurityException - if the instance method is not whitelisted

onInvokeStaticMethod

public ReturnValue onInvokeStaticMethod(IInvoker invoker,
                                        java.lang.Class<?> receiver,
                                        java.lang.String method,
                                        java.lang.Object... args)
                                 throws java.lang.SecurityException

Description copied from interface: IInterceptor

Invokes a static method

Specified by:

onInvokeStaticMethod in interface IInterceptor

Overrides:

onInvokeStaticMethod in class ValueFilterInterceptor

Parameters:

invoker - the invoker

receiver - a class

method - a method

args - a list of arguments

Returns:

the return value

Throws:

java.lang.SecurityException - if the static method is not whitelisted

onInvokeConstructor

public ReturnValue onInvokeConstructor(IInvoker invoker,
                                       java.lang.Class<?> receiver,
                                       java.lang.Object... args)
                                throws java.lang.SecurityException

Description copied from interface: IInterceptor

Invokes a constructor

Specified by:

onInvokeConstructor in interface IInterceptor

Overrides:

onInvokeConstructor in class ValueFilterInterceptor

Parameters:

invoker - the invoker

receiver - a class

args - a list of arguments

Returns:

the create object

Throws:

java.lang.SecurityException - if the constructor is not whitelisted

onGetBeanProperty

public ReturnValue onGetBeanProperty(IInvoker invoker,
                                     java.lang.Object receiver,
                                     java.lang.String property)
                              throws java.lang.SecurityException

Description copied from interface: IInterceptor

Gets a Java Bean property

Specified by:

onGetBeanProperty in interface IInterceptor

Overrides:

onGetBeanProperty in class ValueFilterInterceptor

Parameters:

invoker - the invoker

receiver - an object

property - a property name

Returns:

the property's value

Throws:

java.lang.SecurityException - if the bean property (instance method) is not whitelisted

onSetBeanProperty

public void onSetBeanProperty(IInvoker invoker,
                              java.lang.Object receiver,
                              java.lang.String property,
                              java.lang.Object value)
                       throws java.lang.SecurityException

Description copied from interface: IInterceptor

Sets a Java Bean property

Specified by:

onSetBeanProperty in interface IInterceptor

Overrides:

onSetBeanProperty in class ValueFilterInterceptor

Parameters:

invoker - the invoker

receiver - an object

property - a property name

value - a property value

Throws:

java.lang.SecurityException - if the bean property (instance method) is not whitelisted

onGetStaticField

public ReturnValue onGetStaticField(IInvoker invoker,
                                    java.lang.Class<?> receiver,
                                    java.lang.String fieldName)
                             throws java.lang.SecurityException

Description copied from interface: IInterceptor

Get a static field's value

Specified by:

onGetStaticField in interface IInterceptor

Overrides:

onGetStaticField in class ValueFilterInterceptor

Parameters:

invoker - the invoker

receiver - a class

fieldName - a field name

Returns:

the field's value

Throws:

java.lang.SecurityException - if the static field is not whitelisted

onGetInstanceField

public ReturnValue onGetInstanceField(IInvoker invoker,
                                      java.lang.Object receiver,
                                      java.lang.Class<?> receiverFormalType,
                                      java.lang.String fieldName)
                               throws java.lang.SecurityException

Description copied from interface: IInterceptor

Get an instance field's value

Specified by:

onGetInstanceField in interface IInterceptor

Overrides:

onGetInstanceField in class ValueFilterInterceptor

Parameters:

invoker - the invoker

receiver - an object

receiverFormalType - the formal type of the receiver (e.g a superclass)

fieldName - a field name

Returns:

the field's value

Throws:

java.lang.SecurityException - if the instance field is not whitelisted

onLoadClassPathResource

public byte[] onLoadClassPathResource(java.lang.String resourceName)
                               throws java.lang.SecurityException

Description copied from interface: IInterceptor

Loads a classpath resource

Specified by:

onLoadClassPathResource in interface IInterceptor

Overrides:

onLoadClassPathResource in class Interceptor

Parameters:

resourceName - a resource name (e.g.: /foo/org/image.png)

Returns:

the resource data

Throws:

java.lang.SecurityException - if the classpath resource is not whitelisted

onReadSystemProperty

public java.lang.String onReadSystemProperty(java.lang.String propertyName)
                                      throws java.lang.SecurityException

Description copied from interface: IInterceptor

Reads a Java system property

Specified by:

onReadSystemProperty in interface IInterceptor

Overrides:

onReadSystemProperty in class Interceptor

Parameters:

propertyName - a property name (e.g: user.home)

Returns:

the property's value

Throws:

java.lang.SecurityException - if the property is not whitelisted

onReadSystemEnv

public java.lang.String onReadSystemEnv(java.lang.String name)
                                 throws java.lang.SecurityException

Description copied from interface: IInterceptor

Reads a Java environment variable

Specified by:

onReadSystemEnv in interface IInterceptor

Overrides:

onReadSystemEnv in class Interceptor

Parameters:

name - a variable name (e.g: USER)

Returns:

the variable value

Throws:

java.lang.SecurityException - if the variable is not whitelisted

validateVeniceFunction

public void validateVeniceFunction(java.lang.String funcName)
                            throws java.lang.SecurityException

Description copied from interface: IInterceptor

Validates the invocation of a Venice function.

Specified by:

validateVeniceFunction in interface IInterceptor

Overrides:

validateVeniceFunction in class Interceptor

Parameters:

funcName - A venice function name

Throws:

java.lang.SecurityException - if the function is blacklisted and not allowed to be invoked.

validateLoadModule

public void validateLoadModule(java.lang.String moduleName)
                        throws java.lang.SecurityException

Description copied from interface: IInterceptor

Validates the load of a module

Specified by:

validateLoadModule in interface IInterceptor

Overrides:

validateLoadModule in class Interceptor

Parameters:

moduleName - the module name

Throws:

java.lang.SecurityException - if the module is blacklisted

validateMaxExecutionTime

public void validateMaxExecutionTime()
                              throws java.lang.SecurityException

Description copied from interface: IInterceptor

Validates the execution time

Specified by:

validateMaxExecutionTime in interface IInterceptor

Overrides:

validateMaxExecutionTime in class Interceptor

Throws:

java.lang.SecurityException - if the execution time exceeds the configured limit.

getMaxExecutionTimeSeconds

public java.lang.Integer getMaxExecutionTimeSeconds()

Specified by:

getMaxExecutionTimeSeconds in interface IInterceptor

Overrides:

getMaxExecutionTimeSeconds in class Interceptor

Returns:

the max execution time in seconds a Venice script under this Sandbox is allowed to run.

getMaxFutureThreadPoolSize

public java.lang.Integer getMaxFutureThreadPoolSize()

Specified by:

getMaxFutureThreadPoolSize in interface IInterceptor

Overrides:

getMaxFutureThreadPoolSize in class Interceptor

Returns:

the max future thread pool size a Venice script under this Sandbox is allowed to use.

filterReturnValue

protected ReturnValue filterReturnValue(ReturnValue returnValue)

Overrides:

filterReturnValue in class ValueFilterInterceptor

filter

protected java.lang.Object filter(java.lang.Object obj)

Overrides:

filter in class ValueFilterInterceptor

filterAccessor

protected java.lang.Object filterAccessor(java.lang.Object o,
                                          java.lang.String accessor)

Overrides:

filterAccessor in class ValueFilterInterceptor