[
https://issues.apache.org/jira/browse/SYNCOPE-1907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18017017#comment-18017017
]
ASF subversion and git services commented on SYNCOPE-1907:
----------------------------------------------------------
Commit 88c2b5b0be9e2ed66007d672e786165bc266e717 in syncope's branch
refs/heads/3_0_X from Francesco Chicchiriccò
[ https://gitbox.apache.org/repos/asf?p=syncope.git;h=88c2b5b0be ]
[SYNCOPE-1907] Groovy sandbox (#1166)
> Run Groovy code in a sandbox
> ----------------------------
>
> Key: SYNCOPE-1907
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1907
> Project: Syncope
> Issue Type: Improvement
> Components: core
> Reporter: Francesco Chicchiriccò
> Assignee: Francesco Chicchiriccò
> Priority: Major
> Fix For: 3.0.14, 4.0.2, 4.1.0
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
> With reference to Implementations of Syncope interfaces in the context of a
> given deployment:
> * Java Implementations are normally managed along with the rest of the code,
> thus are supposed to go through a review process before getting effectively
> deployed
> * Groovy Implementations are immediately loaded and potentially run by a
> delegated administrator, thus effectively skipping any superior review before
> being effective
> The effects of the latter could be controlled by requiring the Groovy code to
> run in a sandbox: see [this
> post|https://levelup.gitconnected.com/secure-groovy-script-execution-in-a-sandbox-ea39f80ee87]
> and [this library|https://github.com/Tirasa/groovy-security-sandbox].
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
