Now that the history lesson is over a few words to the inner workings of
clj-sandbox. The sadbox works on two levels.
* The more scary one is the jvm sandbox, which is, as so may things in java
very powerful and very hard to understand. clj-sandbox uses the default
restrictions of the JVM which seems pretty tight but you can pass your own
security context if you want to customize it.
* A little more interesting since easier to customize is the form
white-list/blacklist system. When a sandbox is created there is a
combination of black and white-lists given that restrict the forms that are
allowed within the code run in the sandbox. Implemented are matchers for
name-spaces (passes or blocks everything from a specific name-space) and
forms (blocks or passes single forms). The black & white logic works the
following way: every form in the sandboxed code must pass the white-lists
but must not be blocked by the blacklists - so it is possible to white-list
an entire name-space and then blacklist single functions you don't want.
* You can pass bindings and variables to the sandboxed code by naming them
which makes it easy to communicate between the code and your program.
I pushed the jar to clojars so if you want to give it a try you can just
add:
[clj-sandbox "0.1.0-SNAPSHOT"]
to your project.jar
Some examples are:
http://gist.github.com/331001
http://gist.github.com/332673
http://gist.github.com/332679
Best regards,
Heinz
On Mar 15, 5:22 am, Heinz Nikolaus Gies <he...@licenser.net> wrote:
> My brain is a sive, I forgot the github link o.Ohttp://github.com/Licenser/clj-sandboxsorry for the smap.
>
> Best regards,
> Heinz
Regards,
Heinz