Uploaded image for project: '[Read Only] - Hippo Repository'
  1. [Read Only] - Hippo Repository
  2. REPO-1340

[backport 7.9] It's possible to call OS commands from Groovy script

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Normal
    • Resolution: Fixed
    • None
    • 2.26.17
    • None

    Description

      Backport of REPO-1339:

      While the GroovyUpdaterClassLoader applies some blacklisting and compilation checks to prevent very obvious mistakes and misuse, it is still (too) easy to workaround this.
      A bit more hardening against such easy workarounds can be applied.
      Note though that it is not intended nor assumed that the GroovyUpdaterClassLoader provides a full blown and trusted Groovy security sandbox, guarding against all possible misuse.
      Proper securing against misuse of the capabilities of Groovy in the context of Groovy Updater scripts relies on the usage and access to those scripts, e.g. to be limited to trusted developers and administrators only.

      Attachments

        Issue Links

          is a backport of

          Improvement - An improvement or enhancement to an existing feature or task. REPO-1339 It's possible to call OS commands from Groovy script

          • Normal - Normal priority, tasks to be done before next intermediate release
          • Closed

          Activity

            People

              Unassigned Unassigned
              adouma Ate Douma (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: