View Javadoc
1   package io.jawk.jrt;
2   
3   /*-
4    * ╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲
5    * Jawk
6    * ჻჻჻჻჻჻
7    * Copyright (C) 2006 - 2026 MetricsHub
8    * ჻჻჻჻჻჻
9    * This program is free software: you can redistribute it and/or modify
10   * it under the terms of the GNU Lesser General Public License as
11   * published by the Free Software Foundation, either version 3 of the
12   * License, or (at your option) any later version.
13   *
14   * This program is distributed in the hope that it will be useful,
15   * but WITHOUT ANY WARRANTY; without even the implied warranty of
16   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17   * GNU General Lesser Public License for more details.
18   *
19   * You should have received a copy of the GNU General Lesser Public
20   * License along with this program.  If not, see
21   * <http://www.gnu.org/licenses/lgpl-3.0.html>.
22   * ╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱╲╱
23   */
24  
25  import java.io.IOException;
26  import java.io.PrintStream;
27  import java.util.Locale;
28  import io.jawk.AwkSandboxException;
29  
30  /**
31   * Runtime component that raises {@link AwkSandboxException} when sandboxed code
32   * attempts operations that would escape the sandbox.
33   */
34  public class SandboxedJRT extends JRT {
35  
36  	/**
37  	 * Creates a sandboxed runtime facade with explicit default output settings.
38  	 *
39  	 * @param vm Variable manager used by the sandboxed runtime
40  	 * @param locale locale to use for runtime formatting
41  	 * @param awkSink default output sink
42  	 * @param error error stream for spawned-process stderr
43  	 */
44  	public SandboxedJRT(VariableManager vm, Locale locale, AwkSink awkSink, PrintStream error) {
45  		super(vm, locale, awkSink, error);
46  	}
47  
48  	@Override
49  	protected AwkSink getFileAwkSink(String filename, boolean append) {
50  		return sandboxViolation("Output redirection is disabled in sandbox mode");
51  	}
52  
53  	@Override
54  	protected AwkSink getPipeAwkSink(String cmd) {
55  		return sandboxViolation("Command execution through pipelines is disabled in sandbox mode");
56  	}
57  
58  	@Override
59  	public PrintStream jrtGetPrintStream(String filename, boolean append) {
60  		return sandboxViolation("Output redirection is disabled in sandbox mode");
61  	}
62  
63  	@Override
64  	public PrintStream jrtSpawnForOutput(String cmd) {
65  		return sandboxViolation("Command execution through pipelines is disabled in sandbox mode");
66  	}
67  
68  	@Override
69  	public boolean jrtConsumeFileInput(String filename) throws IOException {
70  		return sandboxViolation("Input redirection is disabled in sandbox mode");
71  	}
72  
73  	@Override
74  	public boolean jrtConsumeCommandInput(String cmd) throws IOException {
75  		return sandboxViolation("Command execution through pipelines is disabled in sandbox mode");
76  	}
77  
78  	@Override
79  	public Integer jrtSystem(String cmd) {
80  		return sandboxViolation("system() is disabled in sandbox mode");
81  	}
82  
83  	private static <T> T sandboxViolation(String message) {
84  		throw new AwkSandboxException(message);
85  	}
86  }