ZenUtils icon indicating copy to clipboard operation
ZenUtils copied to clipboard
Published 5 months ago verified publisher icon friendlyhj

Block sensitive java member access by usage instead of import

Open ZZZank opened this issue 6 months ago • 0 comments

Will be particularly useful for method overriding and mixin script.

A simple way of implementing this is:

  • For directly blocked class, mark all its members as invalid
  • For implementation class not in directly blocked package, mark member as invalid if
    • blocked in superclass and interfaces
    • contains blocked class in its used type(s)

(Actually I think the first rule is enough for replicating current behaviours, the second rule is for even better security)

Example:

import native.somepkg.BlockedClass; // allowed
import native.somepkg2.WithBlockedUsage;

function someFn(
    blocked as BlockedClass // allowed
) as BlockedClass { // allowed

    BlockedClass.doAnything(); // denied
    BlockedClass.getAnything; // denied

    blocked.doAnything(); // denied
    blocked.getAnything; // denied

    WithBlockedUsage.getBlocked; // denied if getBlocked is 'BlockedClass'
    WithBlockedUsage.foo = blocked; // denied because 'blocked' is used
    WithBlockedUsage.doBlocked(blocked); // denied because 'blocused is used
}

var impl as BlockedClassImpl;
impl.doAnything(); // denied, because it's denied in BlockedClass

ZZZank avatar Oct 24 '25 12:10 ZZZank