Menu

#125 Add support for groovy language in xml tags

3.0
closed
Timothy Anyona
features (84)
2017-07-11
2013-11-15
Timothy Anyona
No

Among a couple of improvement suggestions on the forum, [discussion:eeedc9e2]

  • Allow groovy expressions in the sql query text e.g. in marked blocks e.g. g{...}
  • Allow groovy expressions in other places that can benefit from use of expressions e.g. parameter default values. Expression use indicated by starting the value with "=". Or have separate boolean field, Is Expression? And additional field for language in case other scripting languages will be supported e.g. java, javascript?
  • Use Apache BSF?, https://commons.apache.org/proper/commons-bsf/
  • Have an option in application config to enable/disable this e.g. allowGroovyExpressions (default to false)
  • Must have some kind of measures to mitigate security risks e.g. see the following

https://stackoverflow.com/questions/10219870/untrusted-groovy-script-security-in-java
http://kohsuke.org/2012/04/27/groovy-secureastcustomizer-is-harmful/
http://groovy-sandbox.kohsuke.org/
https://github.com/kohsuke/groovy-sandbox
http://blog.datenwerke.net/p/the-java-sandbox.html

http://www.chrismoos.com/2010/03/24/groovy-scripts-and-jvm-security/

Related

Discussion: eeedc9e2
Discussion: ART improvment
Tickets: #132

Discussion

  • Timothy Anyona

    Timothy Anyona - 2014-08-24
    • Description has changed:

    Diff:

    --- old
+++ new
@@ -1 +1,16 @@
 Among a couple of improvement suggestions on the forum, [discussion:eeedc9e2]
+
+--------
+
+* Allow groovy expressions in the sql query text e.g. in marked blocks e.g. g{...}
+* Allow groovy expressions in other places that can benefit from use of expressions e.g. parameter default values. Expression use indicated by starting the value with "=". Or have separate boolean field, Is Expression? And additional field for language in case other scripting languages will be supported e.g. java, javascript?
+* Use Apache BSF?, https://commons.apache.org/proper/commons-bsf/
+* Must have some kind of measures to mitigate security risks e.g. see the following
+
+https://stackoverflow.com/questions/10219870/untrusted-groovy-script-security-in-java
+http://kohsuke.org/2012/04/27/groovy-secureastcustomizer-is-harmful/
+http://groovy-sandbox.kohsuke.org/
+https://github.com/kohsuke/groovy-sandbox
+http://blog.datenwerke.net/p/the-java-sandbox.html
+
+http://www.chrismoos.com/2010/03/24/groovy-scripts-and-jvm-security/
     

  • Timothy Anyona

    Timothy Anyona - 2014-08-24
    • Description has changed:

    Diff:

    --- old
+++ new
@@ -5,6 +5,7 @@
 * Allow groovy expressions in the sql query text e.g. in marked blocks e.g. g{...}
 * Allow groovy expressions in other places that can benefit from use of expressions e.g. parameter default values. Expression use indicated by starting the value with "=". Or have separate boolean field, Is Expression? And additional field for language in case other scripting languages will be supported e.g. java, javascript?
 * Use Apache BSF?, https://commons.apache.org/proper/commons-bsf/
+* Have an option in application config to enable/disable this e.g. allowGroovyExpressions (default to false)
 * Must have some kind of measures to mitigate security risks e.g. see the following

 https://stackoverflow.com/questions/10219870/untrusted-groovy-script-security-in-java
     

  • Timothy Anyona

    Timothy Anyona - 2017-07-11
    • status: open --> closed
    • Milestone: x.y --> 3.0
     

Log in to post a comment.