IdStory Identity Manager

I solved problem with incompatible AceReact component with test.

• For script running via GroovyScriptService is allowed use only classes:
  • Default/primitive types "String.class, Integer.class, Double.class, Long.class, Date.class, Enum.class, Boolean.class, BigDecimal.class, UUID.class, Character.class"
  • I add as allowed all classes from script input variables. If is input parameter List, then I added as allowed all unique classes from all items.
  • Everything elese is banned

All variant for this are secured:

System.exit(-1);

def c = System
c.exit(-1)

((Object)System).exit(-1)

Class.forName('java.lang.System').exit(-1)
('java.lang.System' as Class).exit(-1)

import static java.lang.System.exit
exit(-1)

I created tests for run/validate and security check in https://github.com/bcvsolutions/CzechIdMng/blob/develop/Realization/backend/core/core-impl/src/test/java/eu/bcvsolutions/idm/core/service/DefaultGroovyScriptServiceTest.java

• Check DefaultGroovyScriptService. Debug method evaluate and validateScript. Code is clean and easy to understand. Nice.
• Found accessible class in GroovySandboxFilter. Ok.
• FE component is nice and responsive
• Try with:
  

  def proc = 'systemctl suspend'.execute()
  
  import groovy.io.FileType
  
  def list = []
  
  def dir = new File("/etc")
  dir.eachFileRecurse (FileType.FILES) { file ->
    list << file
  }
  

Test OK :) fun with hacking our idm