Class SecureASTCustomizer.SecuringCodeVisitor
java.lang.Object
org.codehaus.groovy.control.customizers.SecureASTCustomizer.SecuringCodeVisitor
- All Implemented Interfaces:
GroovyCodeVisitor
- Enclosing class:
- SecureASTCustomizer
This visitor directly implements the
GroovyCodeVisitor interface instead of using the CodeVisitorSupport class to make sure that future features of the language gets managed by this visitor. Thus,
adding a new feature would result in a compilation error if this visitor is not updated.-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected voidassertExpressionAuthorized(Expression expression) Checks that a given expression is either in the allowed list or not in the disallowed list.protected voidassertStatementAuthorized(Statement statement) Checks that a given statement is either in the allowed list or not in the disallowed list.protected voidassertTokenAuthorized(Token token) Checks that a given token is either in the allowed list or not in the disallowed list.protected ClassNodegetExpressionType(ClassNode objectExpressionType) Returns the effective receiver type for nested array expressions.voidvisitArgumentlistExpression(ArgumentListExpression expression) Validates an argument-list expression and then visits its elements.voidvisitArrayExpression(ArrayExpression expression) Validates an array expression and then visits its elements and size expressions.voidvisitAssertStatement(AssertStatement statement) Validates an assert statement and then visits its condition and message.voidvisitAttributeExpression(AttributeExpression expression) Validates an attribute expression and then visits its receiver and attribute.voidvisitBinaryExpression(BinaryExpression expression) Validates a binary expression, its operator token, and both operands.voidValidates a bitwise-negation expression and then visits its operand.voidValidates a block statement and then visits each nested statement.voidvisitBooleanExpression(BooleanExpression expression) Validates a boolean expression and then visits its wrapped expression.voidvisitBreakStatement(BreakStatement statement) Validates a break statement.voidvisitBytecodeExpression(BytecodeExpression expression) Validates a bytecode expression.voidvisitCaseStatement(CaseStatement statement) Validates a case statement and then visits its condition and body.voidvisitCastExpression(CastExpression expression) Validates a cast expression and then visits its operand.voidvisitCatchStatement(CatchStatement statement) Validates a catch block and then visits its body.voidvisitClassExpression(ClassExpression expression) Validates a class expression.voidvisitClosureExpression(ClosureExpression expression) Validates a closure expression and then visits its body when closures are allowed.voidvisitClosureListExpression(ClosureListExpression closureListExpression) Validates a closure-list expression and then visits its nested expressions.voidvisitConstantExpression(ConstantExpression expression) Validates a constant expression and its constant type.voidValidates a constructor call and then visits its arguments.voidvisitContinueStatement(ContinueStatement statement) Validates a continue statement.voidvisitDeclarationExpression(DeclarationExpression expression) Validates a declaration expression via binary-expression handling.voidValidates ado/whileloop and then visits its body and condition.voidvisitEmptyStatement(EmptyStatement statement) Ignores empty statements.voidvisitExpressionStatement(ExpressionStatement statement) Validates an expression statement and then visits its expression.voidvisitFieldExpression(FieldExpression expression) Validates a field expression.voidvisitForLoop(ForStatement forLoop) Validates aforloop and then visits its collection and body.voidvisitGStringExpression(GStringExpression expression) Validates a GString expression and then visits its string and value parts.voidvisitIfElse(IfStatement ifElse) Validates an if-else statement and then visits its condition and branches.voidvisitLambdaExpression(LambdaExpression expression) Delegates lambda-expression validation to closure-expression handling.voidvisitListExpression(ListExpression expression) Validates a list expression and then visits its elements.voidvisitMapEntryExpression(MapEntryExpression expression) Validates a map entry expression and then visits its key and value.voidvisitMapExpression(MapExpression expression) Validates a map expression and then visits its entries.voidValidates a method call and then visits its receiver, name, and arguments.voidvisitMethodPointerExpression(MethodPointerExpression expression) Validates a method-pointer expression and then visits its target and method name.voidDelegates method-reference validation to method-pointer handling.voidvisitNotExpression(NotExpression expression) Validates a logical-not expression and then visits its operand.voidvisitPostfixExpression(PostfixExpression expression) Validates a postfix expression and then visits its operand.voidvisitPrefixExpression(PrefixExpression expression) Validates a prefix expression and then visits its operand.voidvisitPropertyExpression(PropertyExpression expression) Validates a property expression and then visits its receiver and property.voidvisitRangeExpression(RangeExpression expression) Validates a range expression and then visits both endpoints.voidvisitReturnStatement(ReturnStatement statement) Validates a return statement and then visits its return value.voidvisitShortTernaryExpression(ElvisOperatorExpression expression) Validates an Elvis expression and then delegates to ternary-expression handling.voidvisitSpreadExpression(SpreadExpression expression) Validates a spread expression and then visits its nested expression.voidvisitSpreadMapExpression(SpreadMapExpression expression) Validates a spread-map expression and then visits its nested expression.voidValidates a static method call and then visits its arguments.voidvisitSwitch(SwitchStatement statement) Validates a switch statement and then visits its selector and branches.voidvisitSynchronizedStatement(SynchronizedStatement statement) Validates a synchronized statement and then visits its expression and body.voidvisitTernaryExpression(TernaryExpression expression) Validates a ternary expression and then visits all branches.voidvisitThrowStatement(ThrowStatement statement) Validates a throw statement and then visits the thrown expression.voidvisitTryCatchFinally(TryCatchStatement statement) Validates a try-catch-finally statement and then visits all nested blocks.voidvisitTupleExpression(TupleExpression expression) Validates a tuple expression and then visits its elements.voidvisitUnaryMinusExpression(UnaryMinusExpression expression) Validates a unary-minus expression and then visits its operand.voidvisitUnaryPlusExpression(UnaryPlusExpression expression) Validates a unary-plus expression and then visits its operand.voidvisitVariableExpression(VariableExpression expression) Validates a variable expression and its inferred type.voidvisitWhileLoop(WhileStatement loop) Validates awhileloop and then visits its condition and body.Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.codehaus.groovy.ast.GroovyCodeVisitor
visit, visit, visitEmptyExpression, visitListOfExpressions
-
Constructor Details
-
SecuringCodeVisitor
protected SecuringCodeVisitor()
-
-
Method Details
-
assertStatementAuthorized
Checks that a given statement is either in the allowed list or not in the disallowed list.- Parameters:
statement- the statement to be checked- Throws:
SecurityException- if usage of this statement class is forbidden
-
assertExpressionAuthorized
Checks that a given expression is either in the allowed list or not in the disallowed list.- Parameters:
expression- the expression to be checked- Throws:
SecurityException- if usage of this expression class is forbidden
-
getExpressionType
Returns the effective receiver type for nested array expressions.- Parameters:
objectExpressionType- the candidate receiver type- Returns:
- the component type for arrays, otherwise the original type
-
assertTokenAuthorized
Checks that a given token is either in the allowed list or not in the disallowed list.- Parameters:
token- the token to be checked- Throws:
SecurityException- if usage of this token is forbidden
-
visitBlockStatement
Validates a block statement and then visits each nested statement.- Specified by:
visitBlockStatementin interfaceGroovyCodeVisitor- Parameters:
block- the block statement to visit
-
visitForLoop
Validates aforloop and then visits its collection and body.- Specified by:
visitForLoopin interfaceGroovyCodeVisitor- Parameters:
forLoop- the loop to visit
-
visitWhileLoop
Validates awhileloop and then visits its condition and body.- Specified by:
visitWhileLoopin interfaceGroovyCodeVisitor- Parameters:
loop- the loop to visit
-
visitDoWhileLoop
Validates ado/whileloop and then visits its body and condition.- Specified by:
visitDoWhileLoopin interfaceGroovyCodeVisitor- Parameters:
loop- the loop to visit
-
visitIfElse
Validates an if-else statement and then visits its condition and branches.- Specified by:
visitIfElsein interfaceGroovyCodeVisitor- Parameters:
ifElse- the conditional statement to visit
-
visitExpressionStatement
Validates an expression statement and then visits its expression.- Specified by:
visitExpressionStatementin interfaceGroovyCodeVisitor- Parameters:
statement- the statement to visit
-
visitReturnStatement
Validates a return statement and then visits its return value.- Specified by:
visitReturnStatementin interfaceGroovyCodeVisitor- Parameters:
statement- the statement to visit
-
visitAssertStatement
Validates an assert statement and then visits its condition and message.- Specified by:
visitAssertStatementin interfaceGroovyCodeVisitor- Parameters:
statement- the statement to visit
-
visitTryCatchFinally
Validates a try-catch-finally statement and then visits all nested blocks.- Specified by:
visitTryCatchFinallyin interfaceGroovyCodeVisitor- Parameters:
statement- the statement to visit
-
visitEmptyStatement
Ignores empty statements.- Specified by:
visitEmptyStatementin interfaceGroovyCodeVisitor- Parameters:
statement- the empty statement
-
visitSwitch
Validates a switch statement and then visits its selector and branches.- Specified by:
visitSwitchin interfaceGroovyCodeVisitor- Parameters:
statement- the statement to visit
-
visitCaseStatement
Validates a case statement and then visits its condition and body.- Specified by:
visitCaseStatementin interfaceGroovyCodeVisitor- Parameters:
statement- the statement to visit
-
visitBreakStatement
Validates a break statement.- Specified by:
visitBreakStatementin interfaceGroovyCodeVisitor- Parameters:
statement- the statement to visit
-
visitContinueStatement
Validates a continue statement.- Specified by:
visitContinueStatementin interfaceGroovyCodeVisitor- Parameters:
statement- the statement to visit
-
visitThrowStatement
Validates a throw statement and then visits the thrown expression.- Specified by:
visitThrowStatementin interfaceGroovyCodeVisitor- Parameters:
statement- the statement to visit
-
visitSynchronizedStatement
Validates a synchronized statement and then visits its expression and body.- Specified by:
visitSynchronizedStatementin interfaceGroovyCodeVisitor- Parameters:
statement- the statement to visit
-
visitCatchStatement
Validates a catch block and then visits its body.- Specified by:
visitCatchStatementin interfaceGroovyCodeVisitor- Parameters:
statement- the statement to visit
-
visitMethodCallExpression
Validates a method call and then visits its receiver, name, and arguments.- Specified by:
visitMethodCallExpressionin interfaceGroovyCodeVisitor- Parameters:
call- the method call expression to visit
-
visitStaticMethodCallExpression
Validates a static method call and then visits its arguments.- Specified by:
visitStaticMethodCallExpressionin interfaceGroovyCodeVisitor- Parameters:
call- the static method call to visit
-
visitConstructorCallExpression
Validates a constructor call and then visits its arguments.- Specified by:
visitConstructorCallExpressionin interfaceGroovyCodeVisitor- Parameters:
call- the constructor call to visit
-
visitTernaryExpression
Validates a ternary expression and then visits all branches.- Specified by:
visitTernaryExpressionin interfaceGroovyCodeVisitor- Parameters:
expression- the ternary expression to visit
-
visitShortTernaryExpression
Validates an Elvis expression and then delegates to ternary-expression handling.- Specified by:
visitShortTernaryExpressionin interfaceGroovyCodeVisitor- Parameters:
expression- the Elvis expression to visit
-
visitBinaryExpression
Validates a binary expression, its operator token, and both operands.- Specified by:
visitBinaryExpressionin interfaceGroovyCodeVisitor- Parameters:
expression- the binary expression to visit
-
visitPrefixExpression
Validates a prefix expression and then visits its operand.- Specified by:
visitPrefixExpressionin interfaceGroovyCodeVisitor- Parameters:
expression- the prefix expression to visit
-
visitPostfixExpression
Validates a postfix expression and then visits its operand.- Specified by:
visitPostfixExpressionin interfaceGroovyCodeVisitor- Parameters:
expression- the postfix expression to visit
-
visitBooleanExpression
Validates a boolean expression and then visits its wrapped expression.- Specified by:
visitBooleanExpressionin interfaceGroovyCodeVisitor- Parameters:
expression- the boolean expression to visit
-
visitClosureExpression
Validates a closure expression and then visits its body when closures are allowed.- Specified by:
visitClosureExpressionin interfaceGroovyCodeVisitor- Parameters:
expression- the closure expression to visit
-
visitLambdaExpression
Delegates lambda-expression validation to closure-expression handling.- Specified by:
visitLambdaExpressionin interfaceGroovyCodeVisitor- Parameters:
expression- the lambda expression to visit
-
visitTupleExpression
Validates a tuple expression and then visits its elements.- Specified by:
visitTupleExpressionin interfaceGroovyCodeVisitor- Parameters:
expression- the tuple expression to visit
-
visitMapExpression
Validates a map expression and then visits its entries.- Specified by:
visitMapExpressionin interfaceGroovyCodeVisitor- Parameters:
expression- the map expression to visit
-
visitMapEntryExpression
Validates a map entry expression and then visits its key and value.- Specified by:
visitMapEntryExpressionin interfaceGroovyCodeVisitor- Parameters:
expression- the map entry expression to visit
-
visitListExpression
Validates a list expression and then visits its elements.- Specified by:
visitListExpressionin interfaceGroovyCodeVisitor- Parameters:
expression- the list expression to visit
-
visitRangeExpression
Validates a range expression and then visits both endpoints.- Specified by:
visitRangeExpressionin interfaceGroovyCodeVisitor- Parameters:
expression- the range expression to visit
-
visitPropertyExpression
Validates a property expression and then visits its receiver and property.- Specified by:
visitPropertyExpressionin interfaceGroovyCodeVisitor- Parameters:
expression- the property expression to visit
-
visitAttributeExpression
Validates an attribute expression and then visits its receiver and attribute.- Specified by:
visitAttributeExpressionin interfaceGroovyCodeVisitor- Parameters:
expression- the attribute expression to visit
-
visitFieldExpression
Validates a field expression.- Specified by:
visitFieldExpressionin interfaceGroovyCodeVisitor- Parameters:
expression- the field expression to visit
-
visitMethodPointerExpression
Validates a method-pointer expression and then visits its target and method name.- Specified by:
visitMethodPointerExpressionin interfaceGroovyCodeVisitor- Parameters:
expression- the method-pointer expression to visit
-
visitMethodReferenceExpression
Delegates method-reference validation to method-pointer handling.- Specified by:
visitMethodReferenceExpressionin interfaceGroovyCodeVisitor- Parameters:
expression- the method-reference expression to visit
-
visitConstantExpression
Validates a constant expression and its constant type.- Specified by:
visitConstantExpressionin interfaceGroovyCodeVisitor- Parameters:
expression- the constant expression to visit
-
visitClassExpression
Validates a class expression.- Specified by:
visitClassExpressionin interfaceGroovyCodeVisitor- Parameters:
expression- the class expression to visit
-
visitVariableExpression
Validates a variable expression and its inferred type.- Specified by:
visitVariableExpressionin interfaceGroovyCodeVisitor- Parameters:
expression- the variable expression to visit
-
visitDeclarationExpression
Validates a declaration expression via binary-expression handling.- Specified by:
visitDeclarationExpressionin interfaceGroovyCodeVisitor- Parameters:
expression- the declaration expression to visit
-
visitGStringExpression
Validates a GString expression and then visits its string and value parts.- Specified by:
visitGStringExpressionin interfaceGroovyCodeVisitor- Parameters:
expression- the GString expression to visit
-
visitArrayExpression
Validates an array expression and then visits its elements and size expressions.- Specified by:
visitArrayExpressionin interfaceGroovyCodeVisitor- Parameters:
expression- the array expression to visit
-
visitSpreadExpression
Validates a spread expression and then visits its nested expression.- Specified by:
visitSpreadExpressionin interfaceGroovyCodeVisitor- Parameters:
expression- the spread expression to visit
-
visitSpreadMapExpression
Validates a spread-map expression and then visits its nested expression.- Specified by:
visitSpreadMapExpressionin interfaceGroovyCodeVisitor- Parameters:
expression- the spread-map expression to visit
-
visitNotExpression
Validates a logical-not expression and then visits its operand.- Specified by:
visitNotExpressionin interfaceGroovyCodeVisitor- Parameters:
expression- the not expression to visit
-
visitUnaryMinusExpression
Validates a unary-minus expression and then visits its operand.- Specified by:
visitUnaryMinusExpressionin interfaceGroovyCodeVisitor- Parameters:
expression- the unary-minus expression to visit
-
visitUnaryPlusExpression
Validates a unary-plus expression and then visits its operand.- Specified by:
visitUnaryPlusExpressionin interfaceGroovyCodeVisitor- Parameters:
expression- the unary-plus expression to visit
-
visitBitwiseNegationExpression
Validates a bitwise-negation expression and then visits its operand.- Specified by:
visitBitwiseNegationExpressionin interfaceGroovyCodeVisitor- Parameters:
expression- the bitwise-negation expression to visit
-
visitCastExpression
Validates a cast expression and then visits its operand.- Specified by:
visitCastExpressionin interfaceGroovyCodeVisitor- Parameters:
expression- the cast expression to visit
-
visitArgumentlistExpression
Validates an argument-list expression and then visits its elements.- Specified by:
visitArgumentlistExpressionin interfaceGroovyCodeVisitor- Parameters:
expression- the argument-list expression to visit
-
visitClosureListExpression
Validates a closure-list expression and then visits its nested expressions.- Specified by:
visitClosureListExpressionin interfaceGroovyCodeVisitor- Parameters:
closureListExpression- the closure-list expression to visit
-
visitBytecodeExpression
Validates a bytecode expression.- Specified by:
visitBytecodeExpressionin interfaceGroovyCodeVisitor- Parameters:
expression- the bytecode expression to visit
-