Package ortus.boxlang.runtime.config.segments

Class SecurityConfig

java.lang.Object
ortus.boxlang.runtime.config.segments.SecurityConfig
All Implemented Interfaces:
IConfigSegment
public class SecurityConfig extends Object implements IConfigSegment
The SecurityConfig class is a configuration segment that is used to define the security settings for the BoxLang runtime.

  • Field Details

    • disallowedImports

      public Set<String> disallowedImports
      A list of disallowed imports for the runtime These are a list of regular expressions that are used to match against the import statements in the code Ex: "disallowedImports": ["java\\.lang\\.(ProcessBuilder|Reflect", "java\\.io\\.(File|FileWriter)"]

    • disallowedBIFs

      public Set<String> disallowedBIFs
      Disallowed BIFs in the runtime Ex: "disallowedBifs": ["createObject", "systemExecute"]

    • disallowedComponents

      public Set<String> disallowedComponents
      Disallowed Components in the runtime Ex: "disallowedComponents": [ "execute", "http" ]

    • allowedFileOperationExtensions

      public List<String> allowedFileOperationExtensions
      File extensions which are disallowed for file operations. The allowed array overrides any items in the disallow list.

    • disallowedFileOperationExtensions

      public List<String> disallowedFileOperationExtensions

    • allowedBIFsLookup

      public Map<String,Boolean> allowedBIFsLookup
      Maps of allowed BIFs so lookups get faster as we go

    • allowedComponentsLookup

      public Map<String,Boolean> allowedComponentsLookup

    • allowedImportsLookup

      public Map<String,Boolean> allowedImportsLookup

  • Constructor Details

    • SecurityConfig

      public SecurityConfig()
      Default empty constructor

  • Method Details

    • isBIFAllowed

      public boolean isBIFAllowed(String name)
      This function takes in the name of a BIF to test if it is disallowed. The search is case-insensitive. If it's disallowed, it will throw a SecurityException, else it will return true

    • isComponentAllowed

      public boolean isComponentAllowed(String name)
      This function takes in the name of a Component to test if it is disallowed. The search is case-insensitive. If it's disallowed, it will throw a SecurityException, else it will return true

    • isClassAllowed

      public boolean isClassAllowed(String name)
      This function takes in a fully qualified class name and tests if it is disallowed. The search is case-insensitive. If it's disallowed, it will throw a SecurityException, else it will return true

    • isFileOperationAllowed

      public boolean isFileOperationAllowed(String file)
      Determines whether a file operation is allowed or not based on the file extension.
      Parameters:
      file -
      Returns:

    • isExtensionAllowed

      public boolean isExtensionAllowed(String extension)
      Determines whether a file extension is allowed or not.
      Parameters:
      extension -
      Returns:

    • process

      public IConfigSegment process(IStruct config)
      Processes the configuration struct. Each segment is processed individually from the initial configuration struct.
      Specified by:
      process in interface IConfigSegment
      Parameters:
      config - the configuration struct
      Returns:
      the configuration

    • asStruct

      public IStruct asStruct()
      Description copied from interface: IConfigSegment
      Returns the configuration as a struct
      Specified by:
      asStruct in interface IConfigSegment
      Returns:
      A struct representation of the configuration segment