OServerSideScriptInterpreter.java example

Explorer
orientdb-master
/*
  *
  *  *  Copyright 2014 Orient Technologies LTD (info(at)orientechnologies.com)
  *  *
  *  *  Licensed under the Apache License, Version 2.0 (the "License");
  *  *  you may not use this file except in compliance with the License.
  *  *  You may obtain a copy of the License at
  *  *
  *  *       http://www.apache.org/licenses/LICENSE-2.0
  *  *
  *  *  Unless required by applicable law or agreed to in writing, software
  *  *  distributed under the License is distributed on an "AS IS" BASIS,
  *  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  *  *  See the License for the specific language governing permissions and
  *  *  limitations under the License.
  *  *
  *  * For more information: http://www.orientechnologies.com
  *
  */
package com.orientechnologies.orient.server.handler;

import com.orientechnologies.common.log.OLogManager;
import com.orientechnologies.common.util.OCallable;
import com.orientechnologies.orient.core.command.OCommandManager;
import com.orientechnologies.orient.core.command.OCommandRequest;
import com.orientechnologies.orient.core.command.script.OCommandExecutorScript;
import com.orientechnologies.orient.core.command.script.OCommandScript;
import com.orientechnologies.orient.core.exception.OSecurityException;
import com.orientechnologies.orient.server.OServer;
import com.orientechnologies.orient.server.config.OServerParameterConfiguration;
import com.orientechnologies.orient.server.plugin.OServerPluginAbstract;

import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;

/**
 * Allow the execution of server-side scripting. This could be a security hole in your configuration if users have access to the
 * database and can execute any kind of code.
 * 
 * @author Luca
 * 
 */
public class OServerSideScriptInterpreter extends OServerPluginAbstract {
  protected boolean     enabled          = false;
  protected Set<String> allowedLanguages = new HashSet<String>();

  @Override
  public void config(final OServer iServer, OServerParameterConfiguration[] iParams) {
    for (OServerParameterConfiguration param : iParams) {
      if (param.name.equalsIgnoreCase("enabled")) {
        if (Boolean.parseBoolean(param.value))
          // ENABLE IT
          enabled = true;
      } else if (param.name.equalsIgnoreCase("allowedLanguages")) {
        allowedLanguages = new HashSet<String>(Arrays.asList(param.value.toLowerCase().split(",")));
      }
    }
  }

  @Override
  public String getName() {
    return "script-interpreter";
  }

  @Override
  public void startup() {
    OCommandManager.instance().unregisterExecutor(OCommandScript.class);

    if (!enabled)
      return;

    OCommandManager.instance().registerExecutor(OCommandScript.class, OCommandExecutorScript.class,
        new OCallable<Void, OCommandRequest>() {
          @Override
          public Void call(OCommandRequest iArgument) {
            final String language = ((OCommandScript) iArgument).getLanguage().toLowerCase();

            if (!allowedLanguages.contains(language))
              throw new OSecurityException("Language '" + language + "' is not allowed to be executed");

            return null;
          }
        });

    OLogManager.instance().warn(this,
        "Authenticated clients can execute any kind of code into the server by using the following allowed languages: "
            + allowedLanguages);
  }

  @Override
  public void shutdown() {
    if (!enabled)
      return;

    OCommandManager.instance().unregisterExecutor(OCommandScript.class);
  }
}