View Javadoc
1   package io.jawk.intermediate;
2   
3   /*-
4    * ╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲
5    * Jawk
6    * ჻჻჻჻჻჻
7    * Copyright (C) 2006 - 2026 MetricsHub
8    * ჻჻჻჻჻჻
9    * This program is free software: you can redistribute it and/or modify
10   * it under the terms of the GNU Lesser General Public License as
11   * published by the Free Software Foundation, either version 3 of the
12   * License, or (at your option) any later version.
13   *
14   * This program is distributed in the hope that it will be useful,
15   * but WITHOUT ANY WARRANTY; without even the implied warranty of
16   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17   * GNU General Lesser Public License for more details.
18   *
19   * You should have received a copy of the GNU General Lesser Public
20   * License along with this program.  If not, see
21   * <http://www.gnu.org/licenses/lgpl-3.0.html>.
22   * ╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱
23   */
24  
25  import io.jawk.AwkSandboxException;
26  
27  /**
28   * Variant of {@link AwkTuples} that rejects tuple generation for operations not
29   * permitted in sandbox mode.
30   */
31  public class SandboxedAwkTuples extends AwkTuples {
32  
33  	private static final long serialVersionUID = 1L;
34  
35  	private static void deny(String message) {
36  		throw new AwkSandboxException(message);
37  	}
38  
39  	@Override
40  	public void printToFile(int numExprs, boolean append) {
41  		deny("Output redirection is disabled in sandbox mode");
42  	}
43  
44  	@Override
45  	public void printToPipe(int numExprs) {
46  		deny("Command execution through pipelines is disabled in sandbox mode");
47  	}
48  
49  	@Override
50  	public void printfToFile(int numExprs, boolean append) {
51  		deny("Output redirection is disabled in sandbox mode");
52  	}
53  
54  	@Override
55  	public void printfToPipe(int numExprs) {
56  		deny("Command execution through pipelines is disabled in sandbox mode");
57  	}
58  
59  	@Override
60  	public void system() {
61  		deny("system() is disabled in sandbox mode");
62  	}
63  
64  	@Override
65  	public void useAsCommandInput() {
66  		deny("Command execution through pipelines is disabled in sandbox mode");
67  	}
68  
69  	@Override
70  	public void useAsFileInput() {
71  		deny("Input redirection is disabled in sandbox mode");
72  	}
73  
74  	/**
75  	 * In sandbox mode, ARGC is read-only. Block any script attempt to assign
76  	 * to ARGC at compile time.
77  	 */
78  	@Override
79  	public void assignARGC() {
80  		deny("Assigning to ARGC is disabled in sandbox mode");
81  	}
82  
83  	/**
84  	 * In sandbox mode, ARGC does not need to be materialized as a global
85  	 * variable because the script cannot alter it. The runtime falls back
86  	 * to the command-line argument count.
87  	 */
88  	@Override
89  	public void argcOffset(int offset) {
90  		// no-op: keep argcOffset at NULL_OFFSET; AVM.getARGC() returns the
91  		// command-line argument count when ARGC is not materialized.
92  	}
93  
94  	/**
95  	 * In sandbox mode, ARGV does not need to be materialized as a global
96  	 * variable because the script cannot alter it. The runtime falls back
97  	 * to a synthetic ARGV built from command-line arguments.
98  	 */
99  	@Override
100 	public void argvOffset(int offset) {
101 		// no-op: keep argvOffset at NULL_OFFSET; AVM.getARGV() returns a
102 		// synthetic AssocArray when ARGV is not materialized.
103 	}
104 }