Task #841
closed
Fix script sandbox priviledges
100%
Description
When running script which calls another script (e.g. when script is referenced from attribute transformation), no additional allowed classes are populated to that script. This effectively forbids programmer to convert value to another data type (e.g. from String received from connector to byte array).
Example:
Using script bellow in attribute transformation results in error saying that script is using not allowed class [B even though that class is specified in script permissions.
if (!attributeValue) {
return null
}
return attributeValue.getBytes()
Updated by Ondřej Kopr over 6 years ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Ondřej Kopr to Peter Štrunc
- Target version set to Garnet (7.7.0)
- % Done changed from 0 to 90
Script permission aren't transfer to another permission, so I check you described behavior with getBytes() and add check for array and primitive type to GroovySandboxFilter
Commit: https://github.com/bcvsolutions/CzechIdMng/commit/78b42ff1e80224b17b6c093d91c60ab088caaf60
Please could you check your behavior and make review? Thank you.
Updated by Radek Tomiška about 6 years ago
- Status changed from Needs feedback to Closed
- Assignee changed from Peter Štrunc to Ondřej Kopr
- % Done changed from 90 to 100
I did test and review, it works, thx!