sonar-application/src/main/assembly/elasticsearch/modules/lang-groovy/plugin-security.policy


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59

/*
 * Licensed to Elasticsearch under one or more contributor
 * license agreements. See the NOTICE file distributed with
 * this work for additional information regarding copyright
 * ownership. Elasticsearch licenses this file to you under
 * the Apache License, Version 2.0 (the "License"); you may
 * not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

grant {
  // needed to generate runtime classes
  permission java.lang.RuntimePermission "createClassLoader";
  // needed by IndyInterface
  permission java.lang.RuntimePermission "getClassLoader";
  // needed by groovy engine
  permission java.lang.RuntimePermission "accessDeclaredMembers";
  permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect";
  permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.reflect";
  // Allow executing groovy scripts with codesource of /untrusted
  permission groovy.security.GroovyCodeSourcePermission "/untrusted";

  // Standard set of classes
  permission org.elasticsearch.script.ClassPermission "<<STANDARD>>";
  // groovy runtime (TODO: clean these up if possible)
  permission org.elasticsearch.script.ClassPermission "groovy.grape.GrabAnnotationTransformation";
  permission org.elasticsearch.script.ClassPermission "groovy.lang.Binding";
  permission org.elasticsearch.script.ClassPermission "groovy.lang.GroovyObject";
  permission org.elasticsearch.script.ClassPermission "groovy.lang.GString";
  permission org.elasticsearch.script.ClassPermission "groovy.lang.Script";
  permission org.elasticsearch.script.ClassPermission "groovy.util.GroovyCollections";
  permission org.elasticsearch.script.ClassPermission "org.codehaus.groovy.ast.builder.AstBuilderTransformation";
  permission org.elasticsearch.script.ClassPermission "org.codehaus.groovy.reflection.ClassInfo";
  permission org.elasticsearch.script.ClassPermission "org.codehaus.groovy.runtime.GStringImpl";
  permission org.elasticsearch.script.ClassPermission "org.codehaus.groovy.runtime.powerassert.ValueRecorder";
  permission org.elasticsearch.script.ClassPermission "org.codehaus.groovy.runtime.powerassert.AssertionRenderer";
  permission org.elasticsearch.script.ClassPermission "org.codehaus.groovy.runtime.ScriptBytecodeAdapter";
  permission org.elasticsearch.script.ClassPermission "org.codehaus.groovy.runtime.typehandling.DefaultTypeTransformation";
  permission org.elasticsearch.script.ClassPermission "org.codehaus.groovy.vmplugin.v7.IndyInterface";
  permission org.elasticsearch.script.ClassPermission "sun.reflect.ConstructorAccessorImpl";
  permission org.elasticsearch.script.ClassPermission "sun.reflect.MethodAccessorImpl";
  permission org.elasticsearch.script.ClassPermission "jdk.internal.reflect.ConstructorAccessorImpl";
  permission org.elasticsearch.script.ClassPermission "jdk.internal.reflect.MethodAccessorImpl";

  permission org.elasticsearch.script.ClassPermission "groovy.lang.Closure";
  permission org.elasticsearch.script.ClassPermission "org.codehaus.groovy.runtime.GeneratedClosure";
  permission org.elasticsearch.script.ClassPermission "groovy.lang.MetaClass";
  permission org.elasticsearch.script.ClassPermission "groovy.lang.Range";
  permission org.elasticsearch.script.ClassPermission "groovy.lang.Reference";
};