[jrubyscripting] Disallow exec (openhab#18394)

If a script (or a library it calls) accidentally calls Process.exec

Signed-off-by: Cody Cutrer <[email protected]>

Author: ccutrer

bundles/org.openhab.automation.jrubyscripting/src/main/java/org/openhab/automation/jrubyscripting/internal/JRubyScriptEngineConfiguration.java

@@ -300,6 +300,7 @@ public void configureRubyEnvironment(ScriptEngine scriptEngine) {
         });
 
         configureRubyLib(scriptEngine);
+        disallowExec(scriptEngine);
     }
 
     /**
@@ -322,6 +323,24 @@ private void configureRubyLib(ScriptEngine engine) {
         }
     }
 
+    private void disallowExec(ScriptEngine engine) {
+        try {
+            engine.eval("""
+                      def Process.exec(*)
+                        raise NotImplementedError, "You cannot call `exec` from within openHAB"
+                      end
+
+                      module Kernel
+                        module_function def exec(*)
+                          raise NotImplementedError, "You cannot call `exec` from within openHAB"
+                        end
+                      end
+                    """);
+        } catch (ScriptException exception) {
+            logger.warn("Error preventing exec", unwrap(exception));
+        }
+    }
+
     public List<String> getRubyLibPaths() {
         String rubyLib = get(RUBYLIB_CONFIG_KEY);
         if (rubyLib.isEmpty()) {