Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100644 277 lines (224 sloc) 8.056 kB
d30dae6 Add files for the first time.
deego authored
1 ;;; erblisp.el ---
29918bd GPL3: DISTRIBUTE UNDER GPL 3 FROM NOW ON.
deego authored
2 ;; Time-stamp: <2007-11-23 11:30:08 deego>
d30dae6 Add files for the first time.
deego authored
3 ;; Copyright (C) 2002 D. Goel
4 ;; Emacs Lisp Archive entry
5 ;; Filename: erblisp.el
6 ;; Package: erblisp
d93fd62 Introduce `erball-compile', change deego@ glue.umd.edu to gnufans.org.
deego authored
7 ;; Author: D. Goel <deego@gnufans.org>
ea6ede5 Clean up lots of cruft..
deego authored
8 ;; Version: 0.0DEV
4287400 Remove some cruft from all files :-)
deego authored
9 ;; URL: http://www.emacswiki.org/cgi-bin/wiki.pl?ErBot
10
d30dae6 Add files for the first time.
deego authored
11
12
13 ;; This file is NOT (yet) part of GNU Emacs.
14
15 ;; This is free software; you can redistribute it and/or modify
16 ;; it under the terms of the GNU General Public License as published by
29918bd GPL3: DISTRIBUTE UNDER GPL 3 FROM NOW ON.
deego authored
17 ;; the Free Software Foundation; either version 3, or (at your option)
d30dae6 Add files for the first time.
deego authored
18 ;; any later version.
19
20 ;; This is distributed in the hope that it will be useful,
21 ;; but WITHOUT ANY WARRANTY; without even the implied warranty of
22 ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 ;; GNU General Public License for more details.
24
25 ;; You should have received a copy of the GNU General Public License
26 ;; along with GNU Emacs; see the file COPYING. If not, write to the
27 ;; Free Software Foundation, Inc., 59 Temple Place - Suite 330,
28 ;; Boston, MA 02111-1307, USA.
29
30
31 ;; See also:
32
33
ea6ede5 Clean up lots of cruft..
deego authored
34 (defvar erblisp-version "0.0dev")
d30dae6 Add files for the first time.
deego authored
35
36 ;;==========================================
37 ;;; Code:
38
39 (defgroup erblisp nil
40 "The group erblisp"
41 :group 'applications)
42 (defcustom erblisp-before-load-hooks nil "" :group 'erblisp)
43 (defcustom erblisp-after-load-hooks nil "" :group 'erblisp)
44 (run-hooks 'erblisp-before-load-hooks)
45
46
47 (defun erblisp-process-msg (msg &optional proc nick tgt)
48 "MSG is either a string or a tree.. If it is a tree, it looks
49 something like
50 '(foo bar (bar foo))
51
52 This command sandboxes the message and then processes it.."
53
54 (if (stringp msg)
d9f504c [minor security] romove all text properties for extra safety, esp. at…
deego authored
55 (setq msg (erbn-read msg)))
d30dae6 Add files for the first time.
deego authored
56 (format "%s" (eval (erblisp-sandbox-fuzzy msg))))
57
969c6e9 fix a small possible hole in erblisp-sandbox-quoted----move that to e…
deego authored
58 (defun erblisp-sandbox-quoted-maybe (expr)
d30dae6 Add files for the first time.
deego authored
59 "sandboxes the whole expression even if it starts with a quote."
60 (cond
61 ((and (listp expr)
62 (equal (first expr) 'quote))
63 (cons 'quote
64 (mapcar 'erblisp-sandbox (cdr expr))))
65 (t (erblisp-sandbox expr))))
66
60a70e8 generalize sandboxing to user-changeable "keywords".
deego authored
67
969c6e9 fix a small possible hole in erblisp-sandbox-quoted----move that to e…
deego authored
68 (defun erblisp-sandbox-quoted (expr)
69 "Assumes that the expression will result in a quoted thingy and
70 tries to make sure that we sandbox that whole quoted thing.. "
71 (cond
72 ((and (listp expr)
73 (equal (first expr) 'quote))
74 (cons 'quote
75 (mapcar 'erblisp-sandbox (cdr expr))))
1a62b09 introduce option erbc-internal-parse-error-p.. the previous behavior …
deego authored
76 ((listp expr)
85ed510 Security: Remove fs-sandbox*. Improve: erbcspecial, very general, se…
deego authored
77 (list 'erblisp-sandbox-quoted (erblisp-sandbox expr)))
1a62b09 introduce option erbc-internal-parse-error-p.. the previous behavior …
deego authored
78 ;; just an atom
79 (t (erblisp-sandbox expr))))
969c6e9 fix a small possible hole in erblisp-sandbox-quoted----move that to e…
deego authored
80
81
60a70e8 generalize sandboxing to user-changeable "keywords".
deego authored
82 (defvar erblisp-allowed-words
83 '(nil t
84 ;; Also consider:
85 ;; &rest
86 ;; &optional
87
88 )
89 "You should add &rest and &optional to this list.
90 We WON'T do this by default since this could lead to exploits if you
91 *happen* to have bound these keywords to weird stuff like
4a73bb1 Support for immutable readonly functions. And, make most of them rea…
deego authored
92 \(setq &rest (shell-command \"rm -rf /\")) in your .emacs."
60a70e8 generalize sandboxing to user-changeable "keywords".
deego authored
93 )
94
bc3eb6d Increase DoS threshhold, minor renames.
deego authored
95 (defvar erblisp-max-list-length 2000
96 "If non-numeric, we will skip this check."
97 )
fcd2e4f Fix denial of service: recursive calls to user functions.
mwolson authored
98
bc3eb6d Increase DoS threshhold, minor renames.
deego authored
99 (defun erblisp-safe-length-args-p (list so-far len)
fcd2e4f Fix denial of service: recursive calls to user functions.
mwolson authored
100 (let ((cur list)
101 stack)
102 (while (and cur
103 (<= so-far len))
104 (if (consp (car cur))
105 (progn (setq cur (car cur))
106 (when (consp (cdr cur))
107 (push (cdr cur) stack)))
108 (setq cur (cdr cur)))
109 (unless cur
110 (setq cur (pop stack)))
111 (setq so-far (1+ so-far)))
112 (if (<= so-far len)
113 t
114 nil)))
115
6973d27 ALWAYS BACK UP BOTBBDB BEFORE UPGRADING YOUR ERBOT.
deego authored
116 (defmacro erblisp-check-args (&rest args)
117 "All we do in this macro we remove some bindings for things like
118 &rest, etc, things that do not have values but got passed to us --
119 this occurs when a user attempts to use &rest in his function
120 definitions -- see `erblisp-allowed-words'.
121
122 All the arguments to this macro should have been in their evalled form
123 and hence constants already, so we do not bother protecting against
124 multiple evaluations here -- evaluating a constant causes no harm.
125 All we do in this macro we remove some bindings for things like &rest,
126 etc, things that are not defined, but passed on here in any case."
127 `(erblisp-check-args-nascent
128 ,@(remove-if
129 #'(lambda (arg) (and
130 (symbolp arg)
131 (not (boundp arg))))
132 args)))
133
134
135
136 (defun erblisp-check-args-nascent (&rest args)
bc3eb6d Increase DoS threshhold, minor renames.
deego authored
137 (if (or
138 (not (numberp erblisp-max-list-length))
139 (erblisp-safe-length-args-p args 0 erblisp-max-list-length))
fcd2e4f Fix denial of service: recursive calls to user functions.
mwolson authored
140 t
6973d27 ALWAYS BACK UP BOTBBDB BEFORE UPGRADING YOUR ERBOT.
deego authored
141 (error "encountered overlong expression, ignoring") nil))
142
143
144
fcd2e4f Fix denial of service: recursive calls to user functions.
mwolson authored
145
d30dae6 Add files for the first time.
deego authored
146 (defun erblisp-sandbox (expr)
d2f811b debug fs-apply.
deego authored
147 ""
fcd2e4f Fix denial of service: recursive calls to user functions.
mwolson authored
148 (cond
d30dae6 Add files for the first time.
deego authored
149 ;; first condition
150 ((null expr) nil)
151 ;; second condition
fcd2e4f Fix denial of service: recursive calls to user functions.
mwolson authored
152 ((listp expr)
153 (when (erblisp-check-args expr)
154 (let ((fir (first expr)))
155 (cond
156 ((listp fir)
157 (cons (erblisp-sandbox fir)
158 (mapcar 'erblisp-sandbox (cdr expr))))
159 ((equal (format "%S" fir) "quote")
160 ;; if quoted, it is fine...
161 expr)
162 (t (cons
163 (if (or (equal 0 (string-match "fs-" (format "%S" fir)))
164 (member fir erblisp-allowed-words))
165 fir
166 (intern (concat "fs-" (format "%S" fir))))
19b8917 Add forgotten paren.
mwolson authored
167 (mapcar 'erblisp-sandbox (cdr expr))))))))
d30dae6 Add files for the first time.
deego authored
168
169 ;; final condition.. --> when the expr is an atom.. It should be a
a8cbd95 erbc- --> fs- for more readable outputs..
deego authored
170 ;; a constant.. or an allowed atom.. allowed == prefixed with fs-
d30dae6 Add files for the first time.
deego authored
171 (t (cond
172 ((and (symbolp expr)
a8cbd95 erbc- --> fs- for more readable outputs..
deego authored
173 (equal 0 (string-match "fs-" (format "%s" expr))))
d30dae6 Add files for the first time.
deego authored
174 expr)
175 ((equal expr t) expr)
60a70e8 generalize sandboxing to user-changeable "keywords".
deego authored
176 ((member expr erblisp-allowed-words) expr)
d30dae6 Add files for the first time.
deego authored
177 ((symbolp expr)
a8cbd95 erbc- --> fs- for more readable outputs..
deego authored
178 ;;(boundp (intern (concat "fs-" (format "%S" expr)))))
179 (intern (concat "fs-" (format "%s" expr))))
d30dae6 Add files for the first time.
deego authored
180 ;; other symbol
181 ;;((symbolp expr) (list 'quote expr))
182 ;; a number or string now..
183 ;; this actually happens when they feed byte-compiled code to
184 ;; the bot, like:
185 ;;, (funcall #[nil "\300\207" [1] 1])
186 ((not (or (symbolp expr) (numberp expr) (stringp expr)))
187 (error "%s %s" "Should not reach here. Quantum Tunnelling! "
85ed510 Security: Remove fs-sandbox*. Improve: erbcspecial, very general, se…
deego authored
188 "What are you trying to feed me? Byte-compiled code? Vectors?" ))
d30dae6 Add files for the first time.
deego authored
189 (t expr)))
190 ))
191
192 (defun erblisp-sandbox-fuzzy (expr)
a8cbd95 erbc- --> fs- for more readable outputs..
deego authored
193 "Sandboxes a message.. Ensures that the functions are all fs-
d30dae6 Add files for the first time.
deego authored
194 and the arguments are NOT variable-names... This one sandboxes
a8cbd95 erbc- --> fs- for more readable outputs..
deego authored
195 preferably by quoting unless fs-symbol is bound.."
d30dae6 Add files for the first time.
deego authored
196 (cond
197
198 ;; first condition
199 ((null expr) nil)
200
201 ;; second condition
202 ((listp expr)
203 (let ((fir (first expr)))
204 (cond
205 ((listp fir)
206 (cons (erblisp-sandbox-fuzzy fir))
207 (mapcar 'erblisp-sandbox-fuzzy (cdr expr)))
208 ((equal (format "%S" fir) "quote")
209 ;; if quoted, it is fine...
210 expr)
211 (t (cons
a8cbd95 erbc- --> fs- for more readable outputs..
deego authored
212 (if (equal 0 (string-match "fs-" (format "%S" fir)))
d30dae6 Add files for the first time.
deego authored
213 fir
a8cbd95 erbc- --> fs- for more readable outputs..
deego authored
214 (intern (concat "fs-" (format "%S" fir))))
d30dae6 Add files for the first time.
deego authored
215 (mapcar 'erblisp-sandbox-fuzzy (cdr expr)))))))
216
217
218 ;; final condition.. --> when the expr is an atom.. It should be a
a8cbd95 erbc- --> fs- for more readable outputs..
deego authored
219 ;; a constant.. or an allowed atom.. allowed == prefixed with fs-
d30dae6 Add files for the first time.
deego authored
220 (t (cond
221 ((and (symbolp expr)
a8cbd95 erbc- --> fs- for more readable outputs..
deego authored
222 (equal 0 (string-match "fs-" (format "%s" expr))))
d30dae6 Add files for the first time.
deego authored
223 expr)
224 ((and (symbolp expr)
225 (or
a8cbd95 erbc- --> fs- for more readable outputs..
deego authored
226 (boundp (intern (concat "fs-" (format "%S" expr))))
227 (fboundp (intern (concat "fs-" (format "%S" expr))))
d30dae6 Add files for the first time.
deego authored
228 ))
a8cbd95 erbc- --> fs- for more readable outputs..
deego authored
229 (intern (concat "fs-" (format "%s" expr))))
d30dae6 Add files for the first time.
deego authored
230 ;; other symbol
231 ((symbolp expr) (list 'quote expr))
232 ;; a number or string now..
233
234 ((not (or (symbolp expr) (numberp expr) (stringp expr)))
235 (error "Should not reach here. Fuzzy tunnels!"))
236 (t expr)))
237 ))
238
239
240
241
242 (defun erblisp-sandbox-full(expr &optional midstream)
243 "
244 This will ensure that anything rigt after parens is sandboxed by a
a8cbd95 erbc- --> fs- for more readable outputs..
deego authored
245 fs- prefix. And anything else is either a symbol , or a string,
d30dae6 Add files for the first time.
deego authored
246 but not a variable... viz: quoted ...else converted into one.
247
248 midstream is in internal variable..."
249 (cond
250 ((null expr) nil)
251 ((listp expr)
252 (let* ((fir (first expr)))
253 (if (eql fir 'quote)
254 expr
255 (cons (erblisp-sandbox-full fir)
256 (mapcar '(lambda (arg)
257 (erblisp-sandbox-full arg t))
258 (cdr expr))))))
259 ;; now we know that expr is a non-nil atom...
260 (midstream
261 (if (stringp expr) expr
262 (list 'quote expr)))
263
264
265
266 ;; midstream is untrue... expr is thus an atom at the beginning..
267 (t
a8cbd95 erbc- --> fs- for more readable outputs..
deego authored
268 (if (equal 0 (string-match "fs-" (format "%s" expr)))
269 expr (intern (concat "fs-" (format "%s" expr)))))))
d30dae6 Add files for the first time.
deego authored
270
271 (provide 'erblisp)
272 (run-hooks 'erblisp-after-load-hooks)
273
274
275
276 ;;; erblisp.el ends here
Something went wrong with that request. Please try again.