Permalink
Browse files

Change WrapPackage into a general wrapping type and wrap classes as w…

…ell.
  • Loading branch information...
1 parent 764e3a0 commit 3e618e0d3581e04e5aeba7a38302fc537f8050f7 @Raynes Raynes committed Sep 4, 2012
Showing with 42 additions and 26 deletions.
  1. +31 −25 src/clojail/testers.clj
  2. +11 −1 test/clojail/core_test.clj
@@ -5,18 +5,20 @@
(:require [bultitude.core :as nses]
[serializable.fn :as sfn]))
-(deftype ClojailPackage [package])
+(deftype ClojailWrapper [object])
-(defmethod print-method ClojailPackage
+(defmethod print-method ClojailWrapper
[p out]
- (.write out (str "#=(clojail.testers/->ClojailPackage \""
- (.package p)
- "\")")))
+ (.write out (str "#=(clojail.testers/->ClojailWrapper "
+ (binding [*print-dup* true] (pr-str (.object p)))
+ ")")))
-(defn p
- "Create package objects for putting in a tester."
- [& packages]
- (map #(->ClojailPackage %) packages))
+(defn wrap-object
+ "Wraps an object in the ClojailWrapper type to be passed into the tester."
+ [object]
+ (if (instance? ClojailWrapper object)
+ object
+ (->ClojailWrapper object)))
(defn blacklist-nses
"Blacklist Clojure namespaces. nses should be a collection of namespaces."
@@ -37,23 +39,27 @@
symbols)))))
(defn blacklist-packages
- "Blacklist packages. packages should be a collection of ClojailPackage objects.
- These can be created with the p function."
+ "Blacklist packages. Packages should be a list of strings corresponding to
+ packages."
[packages]
- (sfn/fn [obj]
- (let [obj (if (= Class (type obj))
- (.getPackage obj)
- obj)]
- (when obj
- (first (filter #(let [pack (.package %)]
- (or (= obj (Package/getPackage pack))
- (= obj (symbol pack))))
- packages))))))
+ (let [packages (map wrap-object packages)]
+ (sfn/fn [obj]
+ (let [obj (if (= Class (type obj))
+ (.getPackage obj)
+ obj)]
+ (when obj
+ (first (filter #(let [pack (.object %)]
+ (or (= obj (Package/getPackage pack))
+ (= obj (symbol pack))))
+ packages)))))))
(defn blacklist-objects
"Blacklist some objects. objs should be a collection of things."
[objs]
- (sfn/fn [s] (first (filter #(= s %) objs))))
+ (let [objs (map wrap-object objs)]
+ (sfn/fn [s]
+ (when-let [result (first (filter #(= s (.object %)) objs))]
+ (.object result)))))
(defn blanket
"Takes a tester and some namespace prefixes as strings. Looks up
@@ -66,10 +72,10 @@
secure-tester-without-def
[(blacklist-objects [clojure.lang.Compiler clojure.lang.Ref clojure.lang.Reflector
clojure.lang.Namespace clojure.lang.Var clojure.lang.RT])
- (blacklist-packages (p "java.lang.reflect"
- "java.security"
- "java.util.concurrent"
- "java.awt"))
+ (blacklist-packages ["java.lang.reflect"
+ "java.security"
+ "java.util.concurrent"
+ "java.awt"])
(blacklist-symbols
'#{alter-var-root intern eval catch
load-string load-reader addMethod ns-resolve resolve find-var
@@ -133,4 +133,14 @@
(deftest blacklist-symbol-classes
(let [sb (sandbox [(blacklist-symbols '#{eval})])]
(is (thrown? SecurityException
- (sb '(.invoke (clojure.core$eval.) '(+ 3 3)))))))
+ (sb '(.invoke (clojure.core$eval.) '(+ 3 3)))))))
+
+(deftest class-blacklist
+ (let [sb (sandbox secure-tester)]
+ (is (thrown-with-msg? java.util.concurrent.ExecutionException #"Namespace"
+ (sb '(((.getMappings
+ (first
+ (filter #(= (.name %) 'clojure.core)
+ (all-ns))))
+ (symbol "eval"))
+ (read-string "(+ 1 2)")))))))

0 comments on commit 3e618e0

Please sign in to comment.