groovy
  1. groovy
  2. GROOVY-5092

Security Checks for MOP Operations

    Details

    • Type: Wish Wish
    • Status: Open Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: groovy-runtime
    • Labels:
      None
    • Number of attachments :
      0

      Description

      At the moment the excecution of groovy Scripts or the Usage of Groovy classes as Plugins (for example an groovy osgi bundle) can lead to security issues because of the MOP.
      For example:

      def sql = "select * from user where user.name="+ againstSqlInjectionCheckedName +";"

      If no a plugin or scripts override the plus method of String in its meta class, it can inject every SQL it whishes.
      It would be nice if their where an MetaClassModificationPermission, which would be checked before each MetaClass modification, to ensure the code has rights to change a class.
      even better would be if their are such permission for Class,Package, CodeDomains etc..., so we could protect hole domains, packages from modification by a script etc ...

        Activity

          People

          • Assignee:
            Unassigned
            Reporter:
            Markus Knecht
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated: