aboutsummaryrefslogtreecommitdiffstats
path: root/sonar-application/src/main/assembly/elasticsearch/modules/lang-groovy/plugin-security.policy
diff options
context:
space:
mode:
Diffstat (limited to 'sonar-application/src/main/assembly/elasticsearch/modules/lang-groovy/plugin-security.policy')
-rw-r--r--sonar-application/src/main/assembly/elasticsearch/modules/lang-groovy/plugin-security.policy59
1 files changed, 59 insertions, 0 deletions
diff --git a/sonar-application/src/main/assembly/elasticsearch/modules/lang-groovy/plugin-security.policy b/sonar-application/src/main/assembly/elasticsearch/modules/lang-groovy/plugin-security.policy
new file mode 100644
index 00000000000..13d00d6d17c
--- /dev/null
+++ b/sonar-application/src/main/assembly/elasticsearch/modules/lang-groovy/plugin-security.policy
@@ -0,0 +1,59 @@
+/*
+ * Licensed to Elasticsearch under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+grant {
+ // needed to generate runtime classes
+ permission java.lang.RuntimePermission "createClassLoader";
+ // needed by IndyInterface
+ permission java.lang.RuntimePermission "getClassLoader";
+ // needed by groovy engine
+ permission java.lang.RuntimePermission "accessDeclaredMembers";
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect";
+ permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.reflect";
+ // Allow executing groovy scripts with codesource of /untrusted
+ permission groovy.security.GroovyCodeSourcePermission "/untrusted";
+
+ // Standard set of classes
+ permission org.elasticsearch.script.ClassPermission "<<STANDARD>>";
+ // groovy runtime (TODO: clean these up if possible)
+ permission org.elasticsearch.script.ClassPermission "groovy.grape.GrabAnnotationTransformation";
+ permission org.elasticsearch.script.ClassPermission "groovy.lang.Binding";
+ permission org.elasticsearch.script.ClassPermission "groovy.lang.GroovyObject";
+ permission org.elasticsearch.script.ClassPermission "groovy.lang.GString";
+ permission org.elasticsearch.script.ClassPermission "groovy.lang.Script";
+ permission org.elasticsearch.script.ClassPermission "groovy.util.GroovyCollections";
+ permission org.elasticsearch.script.ClassPermission "org.codehaus.groovy.ast.builder.AstBuilderTransformation";
+ permission org.elasticsearch.script.ClassPermission "org.codehaus.groovy.reflection.ClassInfo";
+ permission org.elasticsearch.script.ClassPermission "org.codehaus.groovy.runtime.GStringImpl";
+ permission org.elasticsearch.script.ClassPermission "org.codehaus.groovy.runtime.powerassert.ValueRecorder";
+ permission org.elasticsearch.script.ClassPermission "org.codehaus.groovy.runtime.powerassert.AssertionRenderer";
+ permission org.elasticsearch.script.ClassPermission "org.codehaus.groovy.runtime.ScriptBytecodeAdapter";
+ permission org.elasticsearch.script.ClassPermission "org.codehaus.groovy.runtime.typehandling.DefaultTypeTransformation";
+ permission org.elasticsearch.script.ClassPermission "org.codehaus.groovy.vmplugin.v7.IndyInterface";
+ permission org.elasticsearch.script.ClassPermission "sun.reflect.ConstructorAccessorImpl";
+ permission org.elasticsearch.script.ClassPermission "sun.reflect.MethodAccessorImpl";
+ permission org.elasticsearch.script.ClassPermission "jdk.internal.reflect.ConstructorAccessorImpl";
+ permission org.elasticsearch.script.ClassPermission "jdk.internal.reflect.MethodAccessorImpl";
+
+ permission org.elasticsearch.script.ClassPermission "groovy.lang.Closure";
+ permission org.elasticsearch.script.ClassPermission "org.codehaus.groovy.runtime.GeneratedClosure";
+ permission org.elasticsearch.script.ClassPermission "groovy.lang.MetaClass";
+ permission org.elasticsearch.script.ClassPermission "groovy.lang.Range";
+ permission org.elasticsearch.script.ClassPermission "groovy.lang.Reference";
+};
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-08 19:38:57 +0000