• Home
• org.molgenis
• molgenis-js
• 1.19.0
• source code
• SandboxNativeJavaObject.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.molgenis.js.sandbox.SandboxNativeJavaObject Maven / Gradle / Ivy

package org.molgenis.js.sandbox;

import java.lang.reflect.Method;
import java.util.Set;

import org.mozilla.javascript.NativeJavaObject;
import org.mozilla.javascript.Scriptable;

import com.google.common.collect.ImmutableSet;

/**
 * A sandboxed {@link NativeJavaObject} that prevents using reflection to escape a sandbox.
 */
public class SandboxNativeJavaObject extends NativeJavaObject
{
	private static final long serialVersionUID = 7690142963749803499L;
	private static final Set EXCLUDED_METHODS = ImmutableSet.of("wait", "toString", "getClass", "equals",
			"hashCode", "notify", "notifyAll");

	public SandboxNativeJavaObject(Scriptable scope, Object javaObject, Class staticType)
	{
		super(scope, javaObject, staticType);
	}

	@Override
	public Object get(String name, Scriptable start)
	{
		if (EXCLUDED_METHODS.contains(name))
		{
			return NOT_FOUND;
		}

		return super.get(name, start);
	}

	public static Set getJavascriptMethods(Class clazz)
	{
		ImmutableSet.Builder builder = ImmutableSet.builder();

		for (Method method : clazz.getMethods())
		{
			String methodName = method.getName();

			if (!EXCLUDED_METHODS.contains(methodName))
			{
				builder.add(method);
			}
		}

		return builder.build();
	}
}