I think this is a good idea. I think we can also do it in a way that
satisfies the security conscious.
For example, we have add a new setting on the packager resolver e.g.
restricted="true/false" that would either restrict the ant operations to the
ones allowed now (if true), otherwise allow all ant operations (if false).
What do others think? I've attached a patch that implements this.
-Archie
On Mon, Jan 5, 2009 at 2:21 PM, Mark Thomas <spatialguru....@gmail.com>wrote:
> I've come across a problem in using the packager resolver in that the
> "allowed" ant tasks are too limited for certain. For example, many
> open-source Java software is no longer including the javadocs in the
> archive(s) in order to limit download size (e.g. jcommon, hibernate 3.3+),
> but they do provide an ant or maven file to generate the javadocs from
> source. This could be done easily using the <ant/> ant task; however, this
> task is not allowed by packager.xsl. I propose relaxing the restrictions on
> the allowable ant tasks in order to overcome this limitation.
>
> Regards,
>
> Mark Thomas
> spatialguru....@gmail.com
> 205.529.9013
>
> "Commit to the Lord whatever you do,
> and your plans will succeed." - Proverbs 16:3
>
--
Archie L. Cobbs
Index: src/java/org/apache/ivy/plugins/resolver/packager/PackagerResolver.java
===================================================================
--- src/java/org/apache/ivy/plugins/resolver/packager/PackagerResolver.java
(revision 731981)
+++ src/java/org/apache/ivy/plugins/resolver/packager/PackagerResolver.java
(working copy)
@@ -57,6 +57,7 @@
private boolean validate = true;
private boolean preserve;
+ private boolean restricted;
private boolean verbose;
private boolean quiet;
@@ -134,6 +135,13 @@
}
/**
+ * Set whether to enable restricted mode. Default is false.
+ */
+ public void setRestricted(boolean restricted) {
+ this.restricted = restricted;
+ }
+
+ /**
* Set whether to run ant with the -verbose flag. Default is false.
*/
public void setVerbose(boolean verbose) {
@@ -216,7 +224,8 @@
return null;
}
entry = new PackagerCacheEntry(mr, this.buildRoot,
this.resourceCache,
- this.resourceURL, this.validate, this.preserve, this.verbose,
this.quiet);
+ this.resourceURL, this.validate, this.preserve, this.restricted,
+ this.verbose, this.quiet);
try {
entry.build(packager.getResource(), properties);
} catch (IOException e) {
Index: src/java/org/apache/ivy/plugins/resolver/packager/packager.xsl
===================================================================
--- src/java/org/apache/ivy/plugins/resolver/packager/packager.xsl
(revision 731981)
+++ src/java/org/apache/ivy/plugins/resolver/packager/packager.xsl
(working copy)
@@ -20,6 +20,7 @@
<xsl:output encoding="UTF-8" method="xml" indent="yes"
media-type="text/xml"/>
<xsl:param name="resourceURL"/>
+ <xsl:param name="restricted"/>
<xsl:variable name="maven2repo" select="'http://repo1.maven.org/maven2/'"/>
@@ -59,7 +60,7 @@
<xsl:copy-of select="."/>
</xsl:template>
- <!-- The allowed build actions -->
+ <!-- The allowed build actions in restricted mode -->
<xsl:template match="/packager-module/build/copy"><xsl:copy-of
select="."/></xsl:template>
<xsl:template match="/packager-module/build/jar"><xsl:copy-of
select="."/></xsl:template>
<xsl:template match="/packager-module/build/mkdir"><xsl:copy-of
select="."/></xsl:template>
@@ -72,6 +73,18 @@
<xsl:template match="/packager-module/build/war"><xsl:copy-of
select="."/></xsl:template>
<xsl:template match="/packager-module/build/zip"><xsl:copy-of
select="."/></xsl:template>
+ <!-- Allow other build actions when restricted="false", otherwise generate
error -->
+ <xsl:template match="/packager-module/build/*">
+ <xsl:choose>
+ <xsl:when test="$restricted = 'false'">
+ <xsl:copy-of select="."/>
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:message terminate="yes">build tag <<xsl:value-of
select="name()"/>> not allowed in restricted mode</xsl:message>
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:template>
+
<!-- Resource definitions -->
<xsl:template match="/packager-module/resource">
Index: src/java/org/apache/ivy/plugins/resolver/packager/PackagerCacheEntry.java
===================================================================
--- src/java/org/apache/ivy/plugins/resolver/packager/PackagerCacheEntry.java
(revision 731981)
+++ src/java/org/apache/ivy/plugins/resolver/packager/PackagerCacheEntry.java
(working copy)
@@ -48,6 +48,7 @@
private final String resourceURL;
private final boolean validate;
private final boolean preserve;
+ private final boolean restricted;
private final boolean verbose;
private final boolean quiet;
@@ -56,13 +57,14 @@
// CheckStyle:ParameterNumber OFF
public PackagerCacheEntry(ModuleRevisionId mr, File rootDir,
File resourceCache, String resourceURL, boolean validate,
- boolean preserve, boolean verbose, boolean quiet) {
+ boolean preserve, boolean restricted, boolean verbose, boolean quiet) {
this.mr = mr;
this.dir = getSubdir(rootDir, this.mr);
this.resourceCache = resourceCache;
this.resourceURL = resourceURL;
this.validate = validate;
this.preserve = preserve;
+ this.restricted = restricted;
this.verbose = verbose;
this.quiet = quiet;
}
@@ -143,6 +145,7 @@
if (this.validate) {
project.setUserProperty("ivy.packager.validate", "true");
}
+ project.setUserProperty("ivy.packager.restricted", "" +
this.restricted);
if (properties != null) {
for (Iterator it = properties.entrySet().iterator();
it.hasNext();) {
Entry entry = (Entry) it.next();
Index: src/java/org/apache/ivy/plugins/resolver/packager/build.xml
===================================================================
--- src/java/org/apache/ivy/plugins/resolver/packager/build.xml (revision
731981)
+++ src/java/org/apache/ivy/plugins/resolver/packager/build.xml (working copy)
@@ -44,6 +44,7 @@
<target name="style">
<xslt style="packager.xsl" in="packager.xml" out="packager-output.xml">
<param name="resourceURL" expression="${resourceURL}"/>
+ <param name="restricted" expression="${ivy.packager.restricted}"/>
</xslt>
</target>
Index: doc/resolver/packager.html
===================================================================
--- doc/resolver/packager.html (revision 731981)
+++ doc/resolver/packager.html (working copy)
@@ -90,6 +90,11 @@
<td>No; defaults to none</td>
</tr>
<tr>
+ <td>restricted</td>
+ <td>True if this resolver should only allow "safe" ant tasks in the
packaging instructions</td>
+ <td>No; defaults to false</td>
+ </tr>
+ <tr>
<td>verbose</td>
<td>True to run ant with the -verbose flag</td>
<td>No; defaults to false</td>
@@ -255,11 +260,13 @@
</tr>
<tr>
<td>build</td>
- <td>Specify move, copy, and/or archiving ant tasks that ultimately result
in each artifact being placed into artifacts/[type]s/[artifact].[ext]</td>
+ <td>Specify ant tasks that ultimately result in each artifact being placed
into artifacts/[type]s/[artifact].[ext]</td>
<td>0..1</td>
</tr>
</tbody>
</table>
+<br />
+Which ant tasks are allowed within the build tag is controlled by the <span
class="ivy-att">restricted</span> configuration attribute. When false (the
default), all ant tasks are allowed. When true, only the following ant tasks
are allowed: copy, jar, mkdir, move, tar, unjar, untar, unwar, unzip, war, and
zip. This provides additional security when using untrusted repositories.
<h1>Resource XML Elements</h1>
The resource XML tag supports the following attributes:
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org
For additional commands, e-mail: dev-h...@ant.apache.org
