Browse files

Part of the way there on minimizing eval.

  • Loading branch information...
1 parent 69c828a commit 695b8aa24d44d898f3830864c0bdceda0f959fed @Raynes Raynes committed Jul 16, 2012
Showing with 22 additions and 7 deletions.
  1. +2 −2 src/clojail/core.clj
  2. +20 −5 src/clojail/testers.clj
@@ -162,7 +162,7 @@
(bad? [this obj] false))
(defn unsafe? [tester obj]
- (and (some #(bad? % obj) tester) obj))
+ (and (some #(bad? % obj) (mapcat val tester)) obj))
;; The clojail equivalent of motion detectors.
(defn check-form
@@ -183,7 +183,7 @@
(defmethod print-dup clojure.lang.Fn
[p out]
(if (= :serializable.fn/serializable-fn (type p))
- (.write out (str "#=(eval " (binding [*print-dup* false] (pr-str p)) ")"))
+ (.write out (binding [*print-dup* false] (pr-str p)))
(print-ctor p (fn [p out]) out)))
(defn security-exception [problem]
@@ -5,6 +5,16 @@
(:require [bultitude.core :as nses]
[serializable.fn :as sfn]))
+(defn ->map
+ "If if something other than a map is passed, return a map that
+ looks like {:objs s, :serializable-fns []}. If a map is passed,
+ return it."
+ [s]
+ (if (map? s)
+ s
+ {:objs s
+ :serializable-fns []}))
(defn p
"Create a package object for putting in a tester."
[s] (Package/getPackage s))
@@ -22,25 +32,30 @@
(defn blacklist-ns
"Blacklist a Clojure namespace."
[tester n]
- (conj tester n (prefix-checker n)))
+ (-> (->map tester)
+ (update-in [:objs] conj n)
+ (update-in [:serializable-fns] conj (prefix-checker n))))
(defn blacklist-symbols
"Blacklist symbols."
[tester & symbols]
- (into tester (concat symbols (map suffix-tester symbols))))
+ (-> (->map tester)
+ (update-in [:objs] into symbols)
+ (update-in [:serializable-fns] into (map suffix-tester symbols))))
(defn blacklist-packages
"Blacklist a bunch of Java packages at once."
[tester & packages]
- (into tester (map p packages)))
+ (update-in (->map tester) [:objs] into (map p packages)))
(defn blanket
"Takes a tester and some namespace prefixes as strings. Looks up
the prefixes with bultitude, getting a list of all namespaces on
the classpath matching those prefixes."
[tester & prefixes]
(reduce blacklist-ns tester
- (mapcat (partial nses/namespaces-on-classpath :prefix) prefixes)))
+ (mapcat (partial nses/namespaces-on-classpath :prefix)
+ prefixes)))
(def ^{:doc "A tester that attempts to be secure, and allows def."}
@@ -62,4 +77,4 @@
(def ^{:doc "A somewhat secure tester. No promises."}
- (conj secure-tester-without-def 'def))
+ (update-in secure-tester-without-def [:objs] conj 'def))

0 comments on commit 695b8aa

Please sign in to comment.