In Nashorn engine we can do the following to selectively allow only for restricted set of classes which can be used inside of scripts:
val factory = NashornScriptEngineFactory()
val engine = factory.getScriptEngine(object : ClassFilter {
override fun exposeToScripts(className: String): Boolean = when (className) {
File::class.java.name -> false
else -> true
}
})
try {
engine.eval("""
var File = Java.type("java.io.File");
var file = new File("\\")
""")
} catch (e: RuntimeException) {
System.err.println(e.message) // java.lang.ClassNotFoundException: java.io.File
}
This approach can be used to create and use sandboxed scripts without exposing any unnecessary Java classes.
The question now is wherever something similar can be achieved in Kotlin Script Engine?