开发者

Clj-Sandbox bug?

问答 作者:

I am trying to get clj-sandbox to allow def and defn.

I didn't have any trouble getting def working:

(use 'net.licenser.sandbox
     'net.licenser.sandbox.tester
     'net.licenser.sandbox.matcher) 

(def my-tester
  (extend-tester secure-tester  (whitelist (functio开发者_JAVA百科n-matcher 'def))))
(def my-sandbox
  (stringify-sandbox (new-sandbox :tester my-tester)))

(my-sandbox
  "(def a (clojure.core/fn a ([b] (inc b))))")
(println (my-sandbox "(a 5)"))

However, defn is giving me problems. It looks like my code passes the sandbox guidelines, but then fails during execution:

; (macroexpand '(defn y [z] (inc z)))
(my-sandbox 
  "(def y (.withMeta (clojure.core/fn y ([z] (inc z))) (.meta (var y))))")
; java.lang.SecurityException: Exception in sandboxed code.

Is this a bug, or am I doing something wrong?

clj-sandbox is a bit of a buggy mess. There were some design decisions made that, in the long run, ended up being bad ideas.

Alan Malloy and I wrote a new sandbox library called clojail to replace clj-sandbox in our own projects. I'm not sure there are any projects still using clj-sandbox in production, and it isn't maintained anymore.

Unfortunately, clojail doesn't have the support for def/defn that clj-sandbox has. Meaning, you can allow def/defn, but they wont be sandboxed at all. They can be used to force out of memory errors. http://try-clojure.org doesn't have that problem because it has to have it's own little def/defn sandbox anyways (that's stored in a cookie). You should be able to mostly copy/paste from try-clojure's version if you need this sort of behavior.

In any case, I actually forgot about how def/defn behaves in clj-sandbox, and that's probably why we haven't added it to clojail yet. I'll make an issue for it later and implement it as soon as possible.

Anyways, clojail is the only actively maintained sandboxing library that I know of right now. It's used in sexpbot and try-clojure, and we have a channel for it and other sexpbot-related projects on Freenode. Hop in #sexpbot if you need any help!

继续阅读:clojuresandbox

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9