Permalink
Browse files

wip

  • Loading branch information...
1 parent 3e8d525 commit 8d1d44b83509d60615dabdd2a7c0649c11dc67f4 @hiredman committed Sep 18, 2010
Showing with 77 additions and 74 deletions.
  1. +2 −2 project.clj
  2. +3 −1 src/hiredman/clojurebot.clj
  3. +6 −3 src/hiredman/clojurebot/sb.clj
  4. +66 −68 src/hiredman/sandbox.clj
View
@@ -2,8 +2,8 @@
clojurebot "0.1.0-SNAPSHOT"
:repositories {"jboss" "http://repository.jboss.com/maven2/"}
:description "An IRC bot written in Clojure"
- :dependencies [[org.clojure/clojure "1.2.0-master-SNAPSHOT"]
- [org.clojure/clojure-contrib "1.0-SNAPSHOT"]
+ :dependencies [[org.clojure/clojure "1.2.0"]
+ [org.clojure/clojure-contrib "1.2.0"]
[org.clojars.snuxoll/clojureql "1.0.0"]
[pircbot/pircbot "1.4.2"]
[org.danlarkin/clojure-json "1.1-SNAPSHOT"]
@@ -39,7 +39,9 @@
;;set up sandbox namespace for evaling code
(binding [*ns* (create-ns (:sandbox-ns bot-attributes))]
(clojure.core/refer 'clojure.core)
- (import '(java.util Date)))
+ (import '(java.util Date))
+ (intern *ns* 'Thread (fn [& _] (throw (Exception. "DENIED"))))
+ (intern *ns* 'java.lang.Thread (fn [& _] (throw (Exception. "DENIED")))))
(defonce #^{:private true} bot
@@ -3,16 +3,19 @@
(hiredman sandbox)))
(defn naughty-forms? [strang]
- (let [nf #{"catch" "finally" "clojure.asm" "hiredman.clojurebot"}]
+ (let [nf #{"catch" "finally" "clojure.asm" "hiredman.clojurebot" "java.lang.Thread."}]
(some #(not= -1 %) (map #(.lastIndexOf strang %) nf))))
(defmethod responder ::code-sandbox [bot pojo]
(log (select-keys pojo [:sender :message]))
- (if (not (naughty-forms? (:message pojo)))
+ (if (and (not (naughty-forms? (:message pojo)))
+ (not= (:sender pojo) "itistoday")
+ (not= (:sender pojo) "Lajla"))
(let [result (try (eval-in-box (.replaceAll (:message pojo) "^," "")
(:sandbox-ns bot 'sandbox))
(catch Exception e
- (str "Eval-in-box threw an exception:" (.getMessage e))))]
+ (str "Eval-in-box threw an exception:"
+ (.getMessage e))))]
(if (vector? result)
(doseq [i (reverse result)]
(new-send-out bot :msg pojo (str i)))
View
@@ -1,94 +1,92 @@
(ns hiredman.sandbox
- (:require [hiredman.clojurebot.core :as core])
- (:import (java.util.concurrent FutureTask TimeUnit TimeoutException)
- (java.io File FileWriter PushbackReader StringReader)))
-
-;(def *bad-forms* #{'eval 'catch 'try 'def 'defn 'defmacro 'read 'Thread. 'send 'send-off 'clojure.asm.ClassWriter.})
+ (:require [hiredman.clojurebot.core :as core])
+ (:import (java.util.concurrent FutureTask TimeUnit TimeoutException)
+ (java.io File FileWriter PushbackReader StringReader)))
(def *bad-forms* #{'alter-var-root 'alterRoot 'intern 'eval 'def 'catch 'load-string 'load-reader 'clojure.core/addMethod 'hiredman.clojurebot/bot})
(def *default-timeout* 10) ; in seconds
(defn enable-security-manager []
- (System/setSecurityManager (SecurityManager.)))
+ (System/setSecurityManager (SecurityManager.)))
;;;;;;;; Chousuke
(defn thunk-timeout [thunk seconds]
- (let [task (FutureTask. thunk)
- thr (Thread. task)]
- (try
- (.start thr)
- (.get task seconds TimeUnit/SECONDS)
- (catch TimeoutException e
- (.cancel task true)
- (.stop thr (Exception. "Thread stopped!")) "Execution Timed Out"))))
-
-(defn wrap-exceptions
+ (let [task (FutureTask. thunk)
+ thr (Thread. task)]
+ (try
+ (.start thr)
+ (.get task seconds TimeUnit/SECONDS)
+ (catch TimeoutException e
+ (.cancel task true)
+ (.stop thr (Exception. "Thread stopped!")) "Execution Timed Out"))))
+
+(defn wrap-exceptions
([f]
- (wrap-exceptions f #(do
- (println (.printStackTrace %))
+ (wrap-exceptions f #(do
+ (println (.printStackTrace %))
(.getMessage %))))
([f exception-handler]
(try (f) (catch Exception e (exception-handler e)))))
;;;;;;;;;;;
(defn empty-perms-list []
- (doto (java.security.Permissions.)
- (.add (RuntimePermission. "accessDeclaredMembers"))))
+ (doto (java.security.Permissions.)
+ (.add (RuntimePermission. "accessDeclaredMembers"))))
(defn domain [perms]
- (java.security.ProtectionDomain.
- (java.security.CodeSource. nil
- (cast java.security.cert.Certificate nil))
- perms))
+ (java.security.ProtectionDomain.
+ (java.security.CodeSource. nil
+ (cast java.security.cert.Certificate nil))
+ perms))
(defn context [dom]
- (java.security.AccessControlContext. (into-array [dom])))
+ (java.security.AccessControlContext. (into-array [dom])))
(defn priv-action [thunk]
- (proxy [java.security.PrivilegedAction] [] (run [] (thunk))))
+ (proxy [java.security.PrivilegedAction] [] (run [] (thunk))))
(defn sandbox [thunk context]
- (java.security.AccessController/doPrivileged
- (priv-action thunk)
- context))
+ (java.security.AccessController/doPrivileged
+ (priv-action thunk)
+ context))
(defn write-test []
- (doto (-> "foo.txt" File. FileWriter.) (.write "foo") .close))
+ (doto (-> "foo.txt" File. FileWriter.) (.write "foo") .close))
(defn de-fang
"looks through the macroexpand of a form for things I don't allow"
[form notallowed]
(if (coll? form)
(when (not
- (some notallowed
- (tree-seq coll?
- #(let [a (macroexpand %)]
- (if (coll? a)
- (seq a)
- (list a)))
- form)))
+ (some notallowed
+ (tree-seq coll?
+ #(let [a (macroexpand %)]
+ (if (coll? a)
+ (seq a)
+ (list a)))
+ form)))
form)
form))
(defn cond-eval [pred form]
- (if (pred form)
- (eval form)
- (throw (java.lang.Exception. "DENIED"))))
+ (if (pred form)
+ (eval form)
+ (throw (java.lang.Exception. "DENIED"))))
(enable-security-manager) ; This doesn't need to be enabled by default
(defn killall-thrdgrp [thg]
- (let [a (make-array Thread (.activeCount thg))
- _ (.enumerate thg a true)]
- (map #(.stop % (Exception. "KILLED")))
- (.destroy thg)))
+ (let [a (make-array Thread (.activeCount thg))
+ _ (.enumerate thg a true)]
+ (map #(.stop % (Exception. "KILLED")))
+ (.destroy thg)))
(defn save-to-gensym [x]
- (let [a (gensym)
- b (list 'def a x)]
- (eval b)
- (str a)))
+ (let [a (gensym)
+ b (list 'def a x)]
+ (eval b)
+ (str a)))
(defmacro my-doc [s]
`(let [m# (meta (resolve '~s))
@@ -97,25 +95,25 @@
(if m#
(.replaceAll (str al# "; " docstring# ) "\\s+" " ")
(-> hiredman.clojurebot.code-lookup/contrib
- :vars ((partial filter (fn [a#] (= (:name a#) (.toString '~s))))) first
- ((fn [foo#]
- (if foo#
- (.replaceAll (str (:namespace foo#) "/" (:name foo#) ";" (print-str (:arglists foo#)) "; " (:doc foo#)) "\\s+" " ")
- (symbol (core/befuddled)))))))))
+ :vars ((partial filter (fn [a#] (= (:name a#) (.toString '~s))))) first
+ ((fn [foo#]
+ (if foo#
+ (.replaceAll (str (:namespace foo#) "/" (:name foo#) ";" (print-str (:arglists foo#)) "; " (:doc foo#)) "\\s+" " ")
+ (symbol (core/befuddled)))))))))
(defn force-lazy-seq
- "if passed a lazy seq, forces seq with doall, if not return what is passed"
- [s]
- (or (and (instance? clojure.lang.LazySeq s) (doall s)) s))
+ "if passed a lazy seq, forces seq with doall, if not return what is passed"
+ [s]
+ (or (and (instance? clojure.lang.LazySeq s) (doall s)) s))
(defn eval-in-box-helper [form]
- (let [result (cond-eval #(de-fang % *bad-forms*) form)]
- (.close *out*)
- (.close *err*)
- (let [o (str *out*)
- e (str *err*)
- r (prn-str (force-lazy-seq result))]
- [o e (when (or result (.equals o "")) r)])))
+ (let [result (cond-eval #(de-fang % *bad-forms*) form)]
+ (.close *out*)
+ (.close *err*)
+ (let [o (str *out*)
+ e (str *err*)
+ r (prn-str (force-lazy-seq result))]
+ [o e (when (or result (.equals o "")) r)])))
(defn eval-in-box [_string sb-ns]
(let [form #(-> _string StringReader. PushbackReader. read)
@@ -125,8 +123,8 @@
*ns* (find-ns sb-ns) doc (var my-doc) *print-level* 30]
(eval-in-box-helper (form))))
result (thunk-timeout
- #(sandbox
- (fn [] (wrap-exceptions thunk))
- (context (domain (empty-perms-list))))
- *default-timeout*)]
- (doto result core/log)))
+ #(sandbox
+ (fn [] (wrap-exceptions thunk))
+ (context (domain (empty-perms-list))))
+ *default-timeout*)]
+ (doto result core/log)))

0 comments on commit 8d1d44b

Please sign in to comment.