My attempt to write a sandboxing library for clojure to allow secure execution of untrusted code
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.



In Clojure 1.2 the :initial feature isn’t working at the moment!!!
h1. clj-sandbox

Why clj-sandbox?

Well the short story is, because it is cool. There are so many things you can do when sandboxing code is dead simple. That is what I hope clj-sandbox will do, allow clojure code to add sandboxing with less then 5 lines of code.

Of cause that is a idealistic view, to really customize the sandbox you might need 10 lines ;).

Long story? I need sandboxing for a project, and on #clojure hiredman, bsteuber and me got in a talk how nice it would be to have a simple sandbox library. So the next day I decided that I take it upon me to make it reality ;). Truth be told, hiredman did a very good job for clojurebot, I lot of code and ideas were pioneered by him :)


1) create a .java.policy file to grant your code rights.

Simple example

In your code this will give you a very simple sandbox without jvm sandboxing:

  (use 'net.licenser.sandbox)
  (def my-sandbox (stringify-sandbox (new-sandbox)))
  (my-sandbox "(+ 1 1)")

More advanced example

If you want more security and posibilties

  (use 'net.licenser.sandbox)
  (def sc (stringify-sandbox (new-sandbox-compiler)))
  (def my-really-secure-add (sc "(+ a b)" 'a 'b))
  (my-really-secure-add {} 23 19) ;=> 42

Real world examples.

What better example as what people actually do with the code?

  1. Of cause EPIC uses clj-sandbox to run user scripts
  2. defn’s walton tool uses clj-sandbox to get better answers for your questions.
  3. Raynes’s IRC-bot sexpbot uses clj-sandbox too let users evaluate and test code in the IRC.
  4. clicki, a crazy wiki that lets user define the entire webside (code and everything) within itself.

See even now there are very varity usages for a sandbox and I hope there will be many more.


Add the following to your project.clj in leiningen:

[clj-sandbox “0.3”]


Copyright © 2009 Heinz N. Gies and Anthony Simpson.

This code is published under the EPL, have fun! See LICENSE.html for the booring stuff.


Thanks to hiredman from #clojure for the patience with my question and the
code for the JVM jail :).
Also thanks to Raynes from #clojure for using and testing the library, spotting
evilish bugs, proofreading the comments and some improvements :D!