001/* 002 * Stallion Core: A Modern Web Framework 003 * 004 * Copyright (C) 2015 - 2016 Stallion Software LLC. 005 * 006 * This program is free software: you can redistribute it and/or modify it under the terms of the 007 * GNU General Public License as published by the Free Software Foundation, either version 2 of 008 * the License, or (at your option) any later version. This program is distributed in the hope that 009 * it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of 010 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public 011 * License for more details. You should have received a copy of the GNU General Public License 012 * along with this program. If not, see <http://www.gnu.org/licenses/gpl-2.0.html>. 013 * 014 * 015 * 016 */ 017 018package io.stallion.plugins.javascript; 019 020import io.stallion.exceptions.UsageException; 021import io.stallion.utils.StallionClassLoader; 022 023import java.util.Set; 024 025import static io.stallion.utils.Literals.set; 026 027 028public class SandboxedClassLoader { 029 030 private Sandbox sandbox; 031 032 public SandboxedClassLoader(Sandbox box) { 033 this.sandbox = box; 034 } 035 036 public Class loadClass(String className) { 037 boolean allowed = false; 038 if (DEFAULT_WHITE_LIST.contains(className)) { 039 allowed = true; 040 } 041 if (sandbox.getWhitelist().getClasses().contains(className)) { 042 allowed = true; 043 } 044 if (allowed) { 045 return StallionClassLoader.loadClass(className); 046 } 047 throw new UsageException("Requested class " + className + "was not on white list"); 048 } 049 050 public static final Set<String> DEFAULT_WHITE_LIST = set( 051 "java.lang.Long", 052 "java.lang.Integer", 053 "java.lang.String", 054 "java.lang.Boolean", 055 "io.stallion.exceptions.ClientException", 056 "io.stallion.exceptions.UsageException", 057 "io.stallion.exceptions.WebException", 058 "io.stallion.exceptions.ConfigException", 059 "io.stallion.utils.json.JSON" 060 ); 061 062}