From d86091c3aa9a55977b4c0121a7f56ab84b2b742f Mon Sep 17 00:00:00 2001 From: Reinhard Pointner Date: Thu, 29 Dec 2011 07:28:33 +0000 Subject: [PATCH] * cache remote scripts * allow access to tmpdir and cachedir --- .../filebot/cli/ArgumentProcessor.java | 5 +-- .../sourceforge/filebot/cli/ScriptShell.java | 38 ++++++++++++++++++- .../filebot/format/ExpressionFormat.java | 5 ++- 3 files changed, 41 insertions(+), 7 deletions(-) diff --git a/source/net/sourceforge/filebot/cli/ArgumentProcessor.java b/source/net/sourceforge/filebot/cli/ArgumentProcessor.java index c95fb16c..4b56bd04 100644 --- a/source/net/sourceforge/filebot/cli/ArgumentProcessor.java +++ b/source/net/sourceforge/filebot/cli/ArgumentProcessor.java @@ -7,7 +7,6 @@ import static net.sourceforge.tuned.ExceptionUtilities.*; import static net.sourceforge.tuned.FileUtilities.*; import java.io.File; -import java.io.InputStreamReader; import java.security.AccessController; import java.util.LinkedHashSet; import java.util.Set; @@ -84,14 +83,12 @@ public class ArgumentProcessor { } } else { // execute user script - String script = readAll(new InputStreamReader(args.getScriptLocation().openStream(), "UTF-8")); - Bindings bindings = new SimpleBindings(); bindings.put("args", args.getFiles(false)); Analytics.trackEvent("CLI", "ExecuteScript", args.getScriptLocation().getProtocol()); ScriptShell shell = new ScriptShell(cli, args, args.trustScript, AccessController.getContext()); - shell.evaluate(script, bindings); + shell.run(args.getScriptLocation(), bindings); } CLILogger.finest("Done ヾ(@⌒ー⌒@)ノ"); diff --git a/source/net/sourceforge/filebot/cli/ScriptShell.java b/source/net/sourceforge/filebot/cli/ScriptShell.java index 9e16b258..0d5f9b4b 100644 --- a/source/net/sourceforge/filebot/cli/ScriptShell.java +++ b/source/net/sourceforge/filebot/cli/ScriptShell.java @@ -3,11 +3,16 @@ package net.sourceforge.filebot.cli; import static net.sourceforge.filebot.cli.CLILogging.*; +import static net.sourceforge.tuned.FileUtilities.*; import java.io.File; +import java.io.FileInputStream; import java.io.FilePermission; import java.io.InputStreamReader; import java.net.SocketPermission; +import java.net.URL; +import java.nio.ByteBuffer; +import java.nio.charset.Charset; import java.security.AccessControlContext; import java.security.AccessController; import java.security.Permissions; @@ -30,6 +35,7 @@ import net.sourceforge.filebot.WebServices; import net.sourceforge.filebot.format.AssociativeScriptObject; import net.sourceforge.filebot.format.ExpressionFormat; import net.sourceforge.filebot.format.PrivilegedInvocation; +import net.sourceforge.filebot.web.CachedResource; import net.sourceforge.filebot.web.EpisodeListProvider; import net.sourceforge.filebot.web.MovieIdentificationService; @@ -86,6 +92,29 @@ class ScriptShell { } + public Object run(URL scriptLocation, Bindings bindings) throws Exception { + if (scriptLocation.getProtocol().equals("file")) { + return run(new File(scriptLocation.toURI()), bindings); + } + + // fetch remote script only if modified + CachedResource script = new CachedResource(scriptLocation.toString(), String.class, 0) { + + @Override + public String process(ByteBuffer data) { + return Charset.forName("UTF-8").decode(data).toString(); + } + }; + return evaluate(script.get(), bindings); + } + + + public Object run(File scriptFile, Bindings bindings) throws Exception { + String script = readAll(new InputStreamReader(new FileInputStream(scriptFile), "UTF-8")); + return evaluate(script, bindings); + } + + public Object evaluate(final String script, final Bindings bindings) throws Exception { if (trustScript) { return engine.eval(script, bindings); @@ -109,13 +138,18 @@ class ScriptShell { Permissions permissions = new Permissions(); permissions.add(new RuntimePermission("createClassLoader")); - permissions.add(new RuntimePermission("accessDeclaredMembers")); // this is probably a security problem but nevermind permissions.add(new FilePermission("<>", "read")); - permissions.add(new FilePermission(new File(System.getProperty("java.io.tmpdir")).getAbsolutePath() + File.separator, "write")); permissions.add(new SocketPermission("*", "connect")); permissions.add(new PropertyPermission("*", "read")); permissions.add(new RuntimePermission("getenv.*")); + // write permissions for temp and cache folders + permissions.add(new FilePermission(new File(System.getProperty("ehcache.disk.store.dir")).getAbsolutePath() + File.separator, "write")); + permissions.add(new FilePermission(new File(System.getProperty("java.io.tmpdir")).getAbsolutePath() + File.separator, "write")); + + // this is probably a security problem but nevermind + permissions.add(new RuntimePermission("accessDeclaredMembers")); + return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, permissions) }); } diff --git a/source/net/sourceforge/filebot/format/ExpressionFormat.java b/source/net/sourceforge/filebot/format/ExpressionFormat.java index 4a4ff82f..6c5fba1c 100644 --- a/source/net/sourceforge/filebot/format/ExpressionFormat.java +++ b/source/net/sourceforge/filebot/format/ExpressionFormat.java @@ -243,11 +243,14 @@ public class ExpressionFormat extends Format { permissions.add(new RuntimePermission("createClassLoader")); permissions.add(new FilePermission("<>", "read")); - permissions.add(new FilePermission(new File(System.getProperty("java.io.tmpdir")).getAbsolutePath() + File.separator, "write")); permissions.add(new SocketPermission("*", "connect")); permissions.add(new PropertyPermission("*", "read")); permissions.add(new RuntimePermission("getenv.*")); + // write permissions for temp and cache folders + permissions.add(new FilePermission(new File(System.getProperty("ehcache.disk.store.dir")).getAbsolutePath() + File.separator, "write")); + permissions.add(new FilePermission(new File(System.getProperty("java.io.tmpdir")).getAbsolutePath() + File.separator, "write")); + return permissions; }