/
Groovy macro

Groovy macro

Owned by Jonathan Nolen (Deactivated)
Last updated: Jul 18, 2025 by Nisha Shantilal



1 Description | 2 Documentation | 3 Parameters | 3.1 Pre-defined variables | 4 Usage | 4.1 classpath example | 4.2 Using the HTML markup builder | 5 Security | 6 User input validations | 7 Restrict script execution to trusted users or groups

Description

Java scripting using Groovy

Documentation

  • Help available in the notation guide.

Parameters

Pre-defined variables

Usage

{groovy} println("Hello world"); {groovy}
{groovy:output=wiki|script=#example.py|var1=test} {groovy}
{groovy:var1=hello|var2=world} print "Output parameter" print var1 + var2 out.println(var1 + var2) {groovy}

classpath example

{groovy:classpath=/sde/tools/gint-1.5.0.jar} ... {groovy}

Using the HTML markup builder

{groovy} def list = [['a', 'b', 'c'], ['d', 'e', 'f'], ['g', 'h', 'i']] html.table(class: 'confluenceTable') { tbody { list.each { row -> tr { row.each { column -> td(class: 'confluenceTd', column) } } } } } {groovy}

Security

To mitigate potential security risks and prevent unauthorized system-level access, the app performs user input validations and allows administrators to restrict script execution to trusted users or groups.

User input validations

Dynamic script execution is restricted to safe and validated input. The user inputs are sanitized across all dynamic code execution entry points.

The validation mechanisms are followed to:

  • Restrict the use of high-risk Java classes

    "java.io.File", "java.lang.Runtime", "java.nio.file.Files", "java.net.Socket",

  • Prevent the invocation of dangerous methods

    "getClass", // Prevents reflection "invokeMethod", // Meta-programming "exit", // System.exit "exec", // Runtime.exec "getenv", // System.getenv "readAllBytes", // Files.readAllBytes "newInstance", // Dangerous instantiation "loadClass" // ClassLoader tricks

  • Protect against misuse of critical system methods

    "setSecurityManager", // Rewrite security "load", // Native code "loadLibrary", // Native code "setProperties", // Replace all props "setProperty", // Change individual props "getenv", // Access secrets "console", // Console access "runFinalizersOnExit", // JVM shutdown behavior "gc" // Manual GC trigger

  • If the Groovy macro script includes the high-risk classes and methods, the app throws an error.

    Groovy macro error.png

Restrict script execution to trusted users or groups

The macro supports Macro Security for Confluence, allowing administrators to restrict script execution to trusted users or groups. This ensures that only authorized individuals can run scripts within the macro.

Need support? Create a request with our support team.

Copyright © 2005 - 2025 Appfire | All rights reserved.