Some advanced reports might need to use additional Java library API to provide the requested functionality. As this might pose security risks, explicit whitelisting of such API is necessary. This can be done by providing a comma separated list of class names in the following configuration properties depending on the use case:
Admin Jobs: adminjob.script.class.whitelist
Reports: metrics.script.class.whitelist
e.g.
<property name="metrics.script.class.whitelist" value="java.text.SimpleDateFormat,java.time" />
File system access is also needs explicit permission via configuration.
Files to be accessible to Admin Jobs need to be stored in directories within $STAGES_ROOT/adminjob-data.
Files to be accessible to Reports need to be stored in directories within $STAGES_ROOT/report-data.
File read and/or write permissions are configured by the following configuration property. Please note that the file paths need to be specified relative to the base directory as shown above.
Admin Jobs:
adminjob.script.fileAccess.readlist
adminjob.script.fileAccess.writelist
Reports:
metrics.script.fileAccess.readlist
metrics.script.fileAccess.writelist
For file access the script needs to use the following API:
files.newInputStream(relativeFileName); files.newOutputStream(relativeFileName);