Permalink
Browse files

Allow for blanket blacklisting of all namespaces under a prefix and f…

…ix a bug with checking packages.
  • Loading branch information...
Raynes committed Jun 20, 2012
1 parent 83356dc commit d4702b80aeb78a450cf6e2d9b4ec473cbdfa099d
Showing with 44 additions and 14 deletions.
  1. +2 −1 project.clj
  2. +1 −1 src/clojail/core.clj
  3. +25 −12 src/clojail/testers.clj
  4. +16 −0 test/clojail/core_test.clj
@@ -1,6 +1,7 @@
(defproject clojail "0.5.1"
:description "A sandboxing library."
:dependencies [[org.clojure/clojure "1.4.0"]]
:dependencies [[org.clojure/clojure "1.4.0"]
[bultitude "0.1.6"]]
:aliases {"test-all" ["with-profile" "dev,1.2:dev,1.3:dev" "test"]}
:profiles {:1.2 {:dependencies [[org.clojure/clojure "1.2.1"]]}
:1.3 {:dependencies [[org.clojure/clojure "1.3.0"]]}}
@@ -102,7 +102,7 @@
(let [[bottom] (map symbol (.split (str %) "/"))
resolved-s (safe-resolve bottom nspace)]
(if (class? resolved-s)
[resolved-s %]
[resolved-s (.getPackage resolved-s) %]
%))))
%)
(-> s macroexpand-most vector flatten-all)))))
@@ -1,25 +1,38 @@
(ns clojail.testers
"A set of predefined testers that you can use in your own sandboxes.
I'm not promising that any of these are really totally secure. I cannot
possibly test these for everything.")
possibly test these for everything."
(:require [bultitude.core :as nses]))
(defn p
"Create a package object for putting in a tester."
[s] (Package/getPackage s))
(defn blanket
"Takes a tester and some namespace prefixes as strings. Looks up
the prefixes with bultitude, getting a list of all namespaces on
the classpath matching those prefixes."
[tester & prefixes]
(into
tester
(mapcat (partial nses/namespaces-on-classpath :prefix) prefixes)))
(def ^{:doc "A tester that attempts to be secure, and allows def."}
secure-tester-without-def
#{'alter-var-root 'intern 'eval 'catch clojure.lang.Compiler
'load-string 'load-reader 'addMethod 'ns-resolve 'resolve 'find-var
'*read-eval* clojure.lang.Ref clojure.lang.Reflector 'ns-publics
'ns-unmap 'set! 'ns-map 'ns-interns 'the-ns clojure.lang.Namespace
'push-thread-bindings 'pop-thread-bindings 'future-call 'agent 'send
'send-off 'pmap 'pcalls 'pvals 'in-ns 'System/out 'System/in 'System/err
'with-redefs
clojure.lang.Var
(p "java.lang.reflect")
(p "java.util.concurrent")
(p "java.awt")})
(blanket
#{'alter-var-root 'intern 'eval 'catch clojure.lang.Compiler
'load-string 'load-reader 'addMethod 'ns-resolve 'resolve 'find-var
'*read-eval* clojure.lang.Ref clojure.lang.Reflector 'ns-publics
'ns-unmap 'set! 'ns-map 'ns-interns 'the-ns clojure.lang.Namespace
'push-thread-bindings 'pop-thread-bindings 'future-call 'agent 'send
'send-off 'pmap 'pcalls 'pvals 'in-ns 'System/out 'System/in 'System/err
'with-redefs
clojure.lang.Var
(p "java.lang.reflect")
(p "java.security")
(p "java.util.concurrent")
(p "java.awt")}
"clojail"))
(def ^{:doc "A somewhat secure tester. No promises."}
secure-tester
@@ -112,3 +112,19 @@
(deftest block-maps
(let [sb (sandbox secure-tester)]
(is (thrown? SecurityException (sb '{:foo (eval '(+ 3 3))})))))
(deftest blanket-test
(let [sb (sandbox (blanket #{} "clojail"))]
(is (thrown? SecurityException
(sb '(clojail.jvm/priv-action "this wont work anyways so why would I write something meaningful."))))))
(deftest meta-meta-meta-test
(let [sb (sandbox secure-tester)]
(is (thrown? SecurityException
(sb '(java.security.AccessController/doPrivileged
(reify java.security.PrivilegedExceptionAction
(run [_] (slurp (.getInputStream (.exec (Runtime/getRuntime) "whoami")))))))))
(is (thrown? SecurityException
(sb '(java.security.AccessController/doPrivileged
(reify java.security.PrivilegedAction
(run [_] (slurp (.getInputStream (.exec (Runtime/getRuntime) "whoami")))))))))))

0 comments on commit d4702b8

Please sign in to comment.