delight.nashornsandbox.internal

Class NashornSandboxImpl

java.lang.Object

delight.nashornsandbox.internal.NashornSandboxImpl

All Implemented Interfaces:

NashornSandbox

public class NashornSandboxImpl
extends Object
implements NashornSandbox

Nashorn sandbox implementation.

Created on 2015-08-07

Version:

$Id$

Author:

mxro, Marco Ellwanger, Youness SAHOUANE, Eduardo Velasques, philipborg, Marcin Golebski

Field Summary

Fields

Modifier and Type	Field and Description
protected boolean	allowExitFunctions
protected boolean	allowGlobalsObjects
protected boolean	allowLoadFunctions
protected boolean	allowNoBraces
protected boolean	allowPrintFunctions
protected boolean	allowReadFunctions
protected boolean	engineAsserted
protected delight.nashornsandbox.internal.JsEvaluator	evaluator
protected ExecutorService	executor
protected Invocable	lazyInvocable
protected long	maxCPUTime Maximum CPU time in milliseconds.
protected long	maxMemory Maximum memory of executor thread used.
protected int	maxPreparedStatements The size of the LRU cache of prepared statemensts.
protected delight.nashornsandbox.internal.SandboxClassFilter	sandboxClassFilter
protected delight.nashornsandbox.internal.JsSanitizer	sanitizer
protected ScriptEngine	scriptEngine

Constructor Summary

Constructors

Constructor and Description
NashornSandboxImpl()
NashornSandboxImpl(String... params)

Method Summary

Modifier and Type	Method and Description
void	allow(Class<?> clazz) Add a new class to the list of allowed classes.
void	allowExitFunctions(boolean v) Allow Nashorn quit and exit functions.
void	allowGlobalsObjects(boolean v) Allow Nashorn globals object $ARG, $ENV, $EXEC, $OPTIONS, $OUT, $ERR and $EXIT.
void	allowLoadFunctions(boolean v) Allow Nashorn load and loadWithNewGlobal functions.
void	allowNoBraces(boolean v) Force, to check if all blocks are enclosed with curly braces "{}".
void	allowPrintFunctions(boolean v) Allow Nashorn print and echo functions.
void	allowReadFunctions(boolean v) Allow Nashorn readLine and readFully functions.
Bindings	createBindings() Create new bindings used to replace the state of the current script engine
void	disallow(Class<?> clazz) Remove a class from the list of allowed classes.
void	disallowAllClasses() Remove all classes from the list of allowed classes.
Object	eval(String js) Evaluates the JavaScript string.
Object	eval(String js, ScriptContext scriptContext) Evaluates the JavaScript string for a given script context
Object	get(String variableName) Obtains the value of the specified JavaScript variable.
ExecutorService	getExecutor() Gets the current executor service.
Invocable	getSandboxedInvocable() Returns an Invocable instance, so that method invocations are also sandboxed.
void	inject(String variableName, Object object) Will add a global variable available to all scripts executed with this sandbox.
boolean	isAllowed(Class<?> clazz) Check if a class is in the list of allowed classes.
void	setExecutor(ExecutorService executor) Specifies the executor service which is used to run scripts when a CPU time limit is specified.
void	setMaxCPUTime(long limit) Sets the maximum CPU time in milliseconds allowed for script execution.
void	setMaxMemory(long limit) Sets the maximum memory in Bytes which JS executor thread can allocate.
void	setMaxPreparedStatements(int max) The size of prepared statements LRU cache.
void	setWriter(Writer writer) Sets the writer, whem want to have output from writer function called in JS script

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

sandboxClassFilter

protected final delight.nashornsandbox.internal.SandboxClassFilter sandboxClassFilter

scriptEngine

protected final ScriptEngine scriptEngine

maxCPUTime

protected long maxCPUTime

Maximum CPU time in milliseconds.

maxMemory

protected long maxMemory

Maximum memory of executor thread used.

executor

protected ExecutorService executor

allowPrintFunctions

protected boolean allowPrintFunctions

allowReadFunctions

protected boolean allowReadFunctions

allowLoadFunctions

protected boolean allowLoadFunctions

allowExitFunctions

protected boolean allowExitFunctions

allowGlobalsObjects

protected boolean allowGlobalsObjects

allowNoBraces

protected boolean allowNoBraces

evaluator

protected delight.nashornsandbox.internal.JsEvaluator evaluator

sanitizer

protected delight.nashornsandbox.internal.JsSanitizer sanitizer

engineAsserted

protected boolean engineAsserted

lazyInvocable

protected Invocable lazyInvocable

maxPreparedStatements

protected int maxPreparedStatements

The size of the LRU cache of prepared statemensts.

Constructor Detail

NashornSandboxImpl

public NashornSandboxImpl()

NashornSandboxImpl

public NashornSandboxImpl(String... params)

Method Detail

eval

public Object eval(String js)
            throws ScriptCPUAbuseException,
                   ScriptException

Description copied from interface: NashornSandbox

Evaluates the JavaScript string.

Specified by:

eval in interface NashornSandbox

Parameters:

js - the JavaScript script to be evaluated

Throws:

ScriptCPUAbuseException - when execution time exceeded (when greater than 0 is set

ScriptException - when script syntax error occurs

See Also:

NashornSandbox.setMaxCPUTime(long)

eval

public Object eval(String js,
                   ScriptContext scriptContext)
            throws ScriptCPUAbuseException,
                   ScriptException

Description copied from interface: NashornSandbox

Evaluates the JavaScript string for a given script context

Specified by:

eval in interface NashornSandbox

Parameters:

js - the JavaScript script to be evaluated

scriptContext - the ScriptContext exposing sets of attributes in different scopes.

Throws:

ScriptCPUAbuseException - when execution time exceeded (when greater than 0 is set

ScriptException - when script syntax error occurs

See Also:

NashornSandbox.setMaxCPUTime(long)

setMaxCPUTime

public void setMaxCPUTime(long limit)

Description copied from interface: NashornSandbox

Sets the maximum CPU time in milliseconds allowed for script execution.

Note, ExecutorService should be also set when time is set greater than 0.

Specified by:

setMaxCPUTime in interface NashornSandbox

Parameters:

limit - time limit in miliseconds

See Also:

NashornSandbox.setExecutor(ExecutorService)

setMaxMemory

public void setMaxMemory(long limit)

Description copied from interface: NashornSandbox

Sets the maximum memory in Bytes which JS executor thread can allocate.

Note, thread memory usage is only approximation.

Note, ExecutorService should be also set when memory limit is set greater than 0. Nashorn takes some memory at start, be generous and give at least 1MB.

Current implementation of this limit works only on Sun/Oracle JVM.

Specified by:

setMaxMemory in interface NashornSandbox

Parameters:

limit - limit in bytes

See Also:

ThreadMXBean.getThreadAllocatedBytes(long)

allow

public void allow(Class<?> clazz)

Description copied from interface: NashornSandbox

Add a new class to the list of allowed classes.

Specified by:

allow in interface NashornSandbox

disallow

public void disallow(Class<?> clazz)

Description copied from interface: NashornSandbox

Remove a class from the list of allowed classes.

Specified by:

disallow in interface NashornSandbox

isAllowed

public boolean isAllowed(Class<?> clazz)

Description copied from interface: NashornSandbox

Check if a class is in the list of allowed classes.

Specified by:

isAllowed in interface NashornSandbox

disallowAllClasses

public void disallowAllClasses()

Description copied from interface: NashornSandbox

Remove all classes from the list of allowed classes.

Specified by:

disallowAllClasses in interface NashornSandbox

inject

public void inject(String variableName,
                   Object object)

Description copied from interface: NashornSandbox

Will add a global variable available to all scripts executed with this sandbox.

Specified by:

inject in interface NashornSandbox

Parameters:

variableName - the name of the variable

object - the value, can be null

setExecutor

public void setExecutor(ExecutorService executor)

Description copied from interface: NashornSandbox

Specifies the executor service which is used to run scripts when a CPU time limit is specified.

Specified by:

setExecutor in interface NashornSandbox

Parameters:

executor - the executor service

See Also:

NashornSandbox.setMaxCPUTime(long)

getExecutor

public ExecutorService getExecutor()

Description copied from interface: NashornSandbox

Gets the current executor service.

Specified by:

getExecutor in interface NashornSandbox

Returns:

current executor service

get

public Object get(String variableName)

Description copied from interface: NashornSandbox

Obtains the value of the specified JavaScript variable.

Specified by:

get in interface NashornSandbox

allowPrintFunctions

public void allowPrintFunctions(boolean v)

Description copied from interface: NashornSandbox

Allow Nashorn print and echo functions.

Only before first NashornSandbox.eval(String) call cause effect.

Specified by:

allowPrintFunctions in interface NashornSandbox

allowReadFunctions

public void allowReadFunctions(boolean v)

Description copied from interface: NashornSandbox

Allow Nashorn readLine and readFully functions.

Only before first NashornSandbox.eval(String) call cause effect.

Specified by:

allowReadFunctions in interface NashornSandbox

allowLoadFunctions

public void allowLoadFunctions(boolean v)

Description copied from interface: NashornSandbox

Allow Nashorn load and loadWithNewGlobal functions.

Only before first NashornSandbox.eval(String) call cause effect.

Specified by:

allowLoadFunctions in interface NashornSandbox

allowExitFunctions

public void allowExitFunctions(boolean v)

Description copied from interface: NashornSandbox

Allow Nashorn quit and exit functions.

Only before first NashornSandbox.eval(String) call cause efect.

Specified by:

allowExitFunctions in interface NashornSandbox

allowGlobalsObjects

public void allowGlobalsObjects(boolean v)

Description copied from interface: NashornSandbox

Allow Nashorn globals object $ARG, $ENV, $EXEC, $OPTIONS, $OUT, $ERR and $EXIT.

Only before first NashornSandbox.eval(String) call cause effect.

Specified by:

allowGlobalsObjects in interface NashornSandbox

allowNoBraces

public void allowNoBraces(boolean v)

Description copied from interface: NashornSandbox

Force, to check if all blocks are enclosed with curly braces "{}".

Explanation: all loops (for, do-while, while, and if-else, and functions should use braces, because poison_pill() function will be inserted after each open brace "{", to ensure interruption checking. Otherwise simple code like:

     while(true) while(true) {
       // do nothing
     }
   

or even:

     while(true)
   

cause unbreakable loop, which force this sandbox to use Thread.stop() which make JVM unstable.

Properly writen code (even in bad intention) like:

     while(true) { while(true) {
       // do nothing
     }}
   

will be changed into:

     while(true) {poison_pill(); 
       while(true) {poison_pill();
         // do nothing
       }
     }
   

which finish nicely when interrupted.

For legacy code, this check can be turned off, but with no guarantee, the JS thread will gracefully finish when interrupted.

Specified by:

allowNoBraces in interface NashornSandbox

Parameters:

v - true when sandbox should check if all required braces are placed into JS code, false when no check should be performed

setWriter

public void setWriter(Writer writer)

Description copied from interface: NashornSandbox

Sets the writer, whem want to have output from writer function called in JS script

Specified by:

setWriter in interface NashornSandbox

Parameters:

writer - the writer, eg.

setMaxPreparedStatements

public void setMaxPreparedStatements(int max)

Description copied from interface: NashornSandbox

The size of prepared statements LRU cache. Default 0 (disabled).

Each statements when NashornSandbox.setMaxCPUTime(long) is set is prepared to quit itself when time exceeded. To execute only once this procedure per statment set this value.

When NashornSandbox.setMaxCPUTime(long) is set 0, this value is ignored.

Specified by:

setMaxPreparedStatements in interface NashornSandbox

Parameters:

max - the maximum number of statements in the LRU cache

createBindings

public Bindings createBindings()

Description copied from interface: NashornSandbox

Create new bindings used to replace the state of the current script engine

This can be typically used to override ECMAScript "global" properties

Specified by:

createBindings in interface NashornSandbox

Returns:

getSandboxedInvocable

public Invocable getSandboxedInvocable()

Description copied from interface: NashornSandbox

Returns an Invocable instance, so that method invocations are also sandboxed.

Specified by:

getSandboxedInvocable in interface NashornSandbox

Returns: