Project

General

Profile

Actions

Task #841

closed

Fix script sandbox priviledges

Added by Peter Štrunc about 7 years ago. Updated almost 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Ondřej Kopr
Category:
Scripts
Target version:
Start date:
11/20/2017
Due date:
% Done:

100%

Estimated time:
Owner:

Description

When running script which calls another script (e.g. when script is referenced from attribute transformation), no additional allowed classes are populated to that script. This effectively forbids programmer to convert value to another data type (e.g. from String received from connector to byte array).

Example:
Using script bellow in attribute transformation results in error saying that script is using not allowed class [B even though that class is specified in script permissions.

if (!attributeValue) {
    return null
}
return attributeValue.getBytes()
Actions #1

Updated by Ondřej Kopr almost 7 years ago

  • Status changed from New to In Progress
Actions #2

Updated by Ondřej Kopr almost 7 years ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Ondřej Kopr to Peter Štrunc
  • Target version set to Garnet (7.7.0)
  • % Done changed from 0 to 90

Script permission aren't transfer to another permission, so I check you described behavior with getBytes() and add check for array and primitive type to GroovySandboxFilter

Commit: https://github.com/bcvsolutions/CzechIdMng/commit/78b42ff1e80224b17b6c093d91c60ab088caaf60

Please could you check your behavior and make review? Thank you.

Actions #3

Updated by Radek Tomiška almost 7 years ago

  • Status changed from Needs feedback to Closed
  • Assignee changed from Peter Štrunc to Ondřej Kopr
  • % Done changed from 90 to 100

I did test and review, it works, thx!

Actions

Also available in: Atom PDF