[
https://issues.apache.org/jira/browse/SYNCOPE-1907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18016952#comment-18016952
]
ASF subversion and git services commented on SYNCOPE-1907:
----------------------------------------------------------
Commit 8b08c4d5785599a0e38830dcff89738b93f02a16 in syncope's branch
refs/heads/4_0_X from Francesco Chicchiriccò
[ https://gitbox.apache.org/repos/asf?p=syncope.git;h=8b08c4d578 ]
[SYNCOPE-1907] Groovy sandbox (#1162)
> Run Groovy code in a sandbox
> ----------------------------
>
> Key: SYNCOPE-1907
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1907
> Project: Syncope
> Issue Type: Improvement
> Components: core
> Reporter: Francesco Chicchiriccò
> Assignee: Francesco Chicchiriccò
> Priority: Major
> Fix For: 3.0.14, 4.0.2, 4.1.0
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> With reference to Implementations of Syncope interfaces in the context of a
> given deployment:
> * Java Implementations are normally managed along with the rest of the code,
> thus are supposed to go through a review process before getting effectively
> deployed
> * Groovy Implementations are immediately loaded and potentially run by a
> delegated administrator, thus effectively skipping any superior review before
> being effective
> The effects of the latter could be controlled by requiring the Groovy code to
> run in a sandbox: see [this
> post|https://levelup.gitconnected.com/secure-groovy-script-execution-in-a-sandbox-ea39f80ee87]
> and [this library|https://github.com/Tirasa/groovy-security-sandbox].
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
