怎么阻止.@运营商？

Question

我在沙箱Groovy上工作,我想阻止.@运营商.我正在使用一个SecureASTCustomizer,我已经写了一个自定义SecureASTCustomizer.ExpressionChecker删除授权.

我的问题是:我找不到检测@运算符的方法.

Answer 1

你可以这样做:

import org.codehaus.groovy.control.CompilerConfiguration
import org.codehaus.groovy.control.customizers.SecureASTCustomizer
import org.codehaus.groovy.control.customizers.SecureASTCustomizer.ExpressionChecker as EC
import org.codehaus.groovy.ast.expr.AttributeExpression

def config = new CompilerConfiguration()
def secure = new SecureASTCustomizer()
secure.addExpressionCheckers ({ expr ->
    !(expr instanceof AttributeExpression)
} as SecureASTCustomizer.ExpressionChecker)
config.addCompilationCustomizers(secure)

def shell = new GroovyShell(config)
shell.evaluate '''
class A { int val }
def a = new A(val:123)
a.@val
'''