Hi folks, I added a (very) draft GEP that would allow Groovy to have extra checking around tainted data, like Ballerina does. We currently provide a fixed set of specialised mechanisms, e.g. like GStrings for SQL, to handle common cases. However, we lack a general mechanism.
Such a checker is more for us to maintain, and makes the security surface area larger in the sense that the only thing worse than not providing a taint handling mechanism is providing one that gives false positives too frequently, or has holes that give folks a false sense of security. Having said that, the IT industry seems to be placing more emphasis on security matters, and scrutiny of Groovy by AI agents seems likely to only increase, so I think preparing ourselves to have such a feature in case circumstances demand it down the track, is a worthy task. Feedback welcome. Cheers, Paul.
