2

I am thinking of using Rhino as a scripting language but would like to add a layer to prevent scripts from doing anything and everything.

In java one could verify classes and complain if one spots an api that we wish to prevent. Eg if you dnot want users to touch the filesystem complain if one spots calls to java.io.File etc.

Class file verification equivalent

  • Is there a phase where one can verify a script once it has been loaded but before it is executed ?
  • Is the same callback called when eval is given a String ?

This would be preferred as each script or scriptlet is only checked once and after that it is trusted.

Runtime interception of all java method calls

  • Does Rhino call some callback with each attempt to execute a function call ?
  • Is it possible to only install this checker on certain apis such as when one is attempting to access a java class.

This would allow other true javascript objects to execute without the barrier...

Is there some other way of preventing calls to java objects to do stuff that i wish to sandbox ?

Rhino SecurityController

Im not quite sure and will have to try the callWithDomain() method.

mP.
  • 18,002
  • 10
  • 71
  • 105
  • There's some overlap with this question: [How can you run Javascript using Rhino for Java in a sandbox?](http://stackoverflow.com/questions/93911) – McDowell Jun 19 '11 at 10:16
  • @mP: "Is it possible to implement a security manager like facility to intercept calls to java objects in Rhino" This sounds like a job for ..a custom **`SecurityManager`.** Or to put that another way, why aren't just doing the (obvious) thing of implementing a security manager suitable to your needs? – Andrew Thompson Jun 19 '11 at 10:23
  • @AM Because a SM is global, i only want to do the checks on js running in Rhino itself. Seconldy a SM only guards stuff like java.io.File it does not guard other classes. I dont want to start adding SM calls to all my "other classes" just so i can deny them to Rhino. – mP. Jun 19 '11 at 23:01

1 Answers1

0

The support approach to solve my problem is to register a ClassShutter.

mP.
  • 18,002
  • 10
  • 71
  • 105