diff --git a/README.md b/README.md
index 5cb60ac..1166491 100644
--- a/README.md
+++ b/README.md
@@ -17,7 +17,7 @@ For adding a library only:
com.instancify.scriptify
core
- 1.3.1-SNAPSHOT
+ 1.3.3-SNAPSHOT
```
@@ -26,12 +26,12 @@ For adding a library with JS for Rhino or GraalVM:
com.instancify.scriptify
script-js-rhino
- 1.3.1-SNAPSHOT
+ 1.3.3-SNAPSHOT
com.instancify.scriptify
script-js-graalvm
- 1.3.1-SNAPSHOT
+ 1.3.3-SNAPSHOT
```
## Gradle
@@ -45,11 +45,11 @@ maven {
For adding a library only:
```groovy
-implementation "com.instancify.scriptify:core:1.3.1-SNAPSHOT"
+implementation "com.instancify.scriptify:core:1.3.3-SNAPSHOT"
```
For adding a library with JS for Rhino or GraalVM:
```groovy
-implementation "com.instancify.scriptify:script-js-rhino:1.3.1-SNAPSHOT"
-implementation "com.instancify.scriptify:script-js-graalvm:1.3.1-SNAPSHOT"
+implementation "com.instancify.scriptify:script-js-rhino:1.3.3-SNAPSHOT"
+implementation "com.instancify.scriptify:script-js-graalvm:1.3.3-SNAPSHOT"
```
\ No newline at end of file
diff --git a/build.gradle.kts b/build.gradle.kts
index e7a022c..5e222ec 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -12,7 +12,7 @@ java {
allprojects {
group = "com.instancify.scriptify"
- version = "1.3.2-SNAPSHOT"
+ version = "1.3.3-SNAPSHOT"
}
subprojects {
diff --git a/script-js-graalvm/src/main/java/com/instancify/scriptify/script/JsScript.java b/script-js-graalvm/src/main/java/com/instancify/scriptify/script/JsScript.java
index 041ce37..5c53326 100644
--- a/script-js-graalvm/src/main/java/com/instancify/scriptify/script/JsScript.java
+++ b/script-js-graalvm/src/main/java/com/instancify/scriptify/script/JsScript.java
@@ -7,12 +7,13 @@
import com.instancify.scriptify.api.script.function.ScriptFunction;
import com.instancify.scriptify.api.script.function.ScriptFunctionManager;
import com.instancify.scriptify.api.script.security.ScriptSecurityManager;
+import com.instancify.scriptify.api.script.security.exclude.ClassSecurityExclude;
+import com.instancify.scriptify.api.script.security.exclude.SecurityExclude;
import com.instancify.scriptify.core.script.security.StandardSecurityManager;
import org.graalvm.polyglot.*;
public class JsScript implements Script {
- private final Context context = Context.create();
private final ScriptSecurityManager securityManager = new StandardSecurityManager();
private ScriptFunctionManager functionManager;
private ScriptConstantManager constantManager;
@@ -44,6 +45,25 @@ public void setConstantManager(ScriptConstantManager constantManager) {
@Override
public Value eval(String script) throws ScriptException {
+ Context.Builder builder = Context.newBuilder("js")
+ .allowHostAccess(HostAccess.ALL);
+
+ // If security mode is enabled, search all exclusions
+ // and add the classes that were excluded to JsSecurityClassAccessor
+ if (securityManager.getSecurityMode()) {
+ JsSecurityClassAccessor classAccessor = new JsSecurityClassAccessor();
+ for (SecurityExclude exclude : securityManager.getExcludes()) {
+ if (exclude instanceof ClassSecurityExclude classExclude) {
+ classAccessor.addAllowedClass(classExclude.getValue());
+ }
+ }
+ builder.allowHostClassLookup(classAccessor);
+ } else {
+ builder.allowHostClassLookup(className -> true);
+ }
+
+ Context context = builder.build();
+
Value bindings = context.getBindings("js");
if (functionManager != null) {
@@ -62,6 +82,8 @@ public Value eval(String script) throws ScriptException {
return context.eval("js", script);
} catch (Exception e) {
throw new ScriptException(e);
+ } finally {
+ context.close();
}
}
}
diff --git a/script-js-graalvm/src/main/java/com/instancify/scriptify/script/JsSecurityClassAccessor.java b/script-js-graalvm/src/main/java/com/instancify/scriptify/script/JsSecurityClassAccessor.java
new file mode 100644
index 0000000..23b4427
--- /dev/null
+++ b/script-js-graalvm/src/main/java/com/instancify/scriptify/script/JsSecurityClassAccessor.java
@@ -0,0 +1,32 @@
+package com.instancify.scriptify.script;
+
+import com.instancify.scriptify.api.script.security.SecurityClassAccessor;
+import org.graalvm.polyglot.PolyglotException;
+
+import java.util.HashSet;
+import java.util.Set;
+import java.util.function.Predicate;
+
+public class JsSecurityClassAccessor implements Predicate, SecurityClassAccessor {
+
+ private final Set allowedClasses = new HashSet<>();
+
+ public JsSecurityClassAccessor() {
+ this.allowedClasses.add(PolyglotException.class.getName());
+ }
+
+ @Override
+ public Set getAllowedClasses() {
+ return allowedClasses;
+ }
+
+ @Override
+ public void addAllowedClass(String allowedClass) {
+ this.allowedClasses.add(allowedClass);
+ }
+
+ @Override
+ public boolean test(String className) {
+ return this.allowedClasses.contains(className);
+ }
+}
diff --git a/script-js-rhino/src/main/java/com/instancify/scriptify/script/JsScript.java b/script-js-rhino/src/main/java/com/instancify/scriptify/script/JsScript.java
index 031b80f..c984146 100644
--- a/script-js-rhino/src/main/java/com/instancify/scriptify/script/JsScript.java
+++ b/script-js-rhino/src/main/java/com/instancify/scriptify/script/JsScript.java
@@ -50,7 +50,7 @@ public Object eval(String script) throws ScriptException {
ScriptableObject scope = context.initStandardObjects();
// If security mode is enabled, search all exclusions
- // and add the classes that were excluded to JsSafeClassShutter
+ // and add the classes that were excluded to JsSecurityClassAccessor
if (securityManager.getSecurityMode()) {
JsSecurityClassAccessor classAccessor = new JsSecurityClassAccessor();
for (SecurityExclude exclude : securityManager.getExcludes()) {