clojail.core
check-formclj
(check-form form tester nspace)Check a form to see if it trips a tester.
Check a form to see if it trips a tester.
eagerly-consumeclj
(eagerly-consume val)Recursively force all lazy-seqs in val.
Recursively force all lazy-seqs in val.
safe-readclj
(safe-read)(safe-read str)Read a string from an untrusted source. Mainly just disables read-eval, but also repackages thrown exceptions to make it easier to discriminate among them. read-eval errors will be thrown as IllegalStateException; other exceptions will be thrown unchanged.
Read a string from an untrusted source. Mainly just disables read-eval, but also repackages thrown exceptions to make it easier to discriminate among them. read-eval errors will be thrown as IllegalStateException; other exceptions will be thrown unchanged.
safe-resolveclj
(safe-resolve s nspace)Resolves things safely.
Resolves things safely.
sandboxclj
(sandbox tester & args)Convenience wrapper function around sandbox* to create a sandbox function out of a tester. Takes the same arguments as sandbox* with the addition of the tester argument. Returns a sandbox function like sandbox* returns, the difference being that the tester is hardcoded and doesn't need to be passed to the created function.
Convenience wrapper function around sandbox* to create a sandbox function out of a tester. Takes the same arguments as sandbox* with the addition of the tester argument. Returns a sandbox function like sandbox* returns, the difference being that the tester is hardcoded and doesn't need to be passed to the created function.
sandbox*clj
(sandbox* &
{:keys [timeout namespace context jvm transform init ns-init max-defs
refer-clojure]
:or {timeout 10000
namespace (gensym "sandbox")
context (-> (permissions) domain context)
jvm true
transform eagerly-consume
refer-clojure true
max-defs 5}})This function creates a sandbox function that takes a tester. A tester is a set of objects that you don't want to be allowed in code. It is a blacklist.
Optional arguments are as follows:
:timeout, default is 10000 MS or 10 seconds. If the expression evaluated in the sandbox takes longer than the timeout, an error will be thrown and the thread running the code will be stopped.
:namespace, the namespace of the sandbox. The default is (gensym "sandbox"). :context, the context for the JVM sandbox to run in. Only relevant if :jvm? is true. It has a sane default, so you shouldn't need to worry about this.
:jvm?, if set to true, the JVM sandbox will be employed. It defaults to true.
:transform, a function to call on the result returned from the sandboxed code, before returning it, while still within the timeout context.
:init, some (quoted) code to run in the sandbox's namespace, but outside of the sandbox.
:refer-clojure, true or false. If true (the default), automatically refer-clojure in the ns. You might want to set this to false at some point if you're working with the namespace in the :init key.
This function will return a new function that you should bind to something. You can call this function with code and it will be evaluated in the sandbox. The function also takes an optional second parameter which is a hashmap of vars to values that will be passed to with-bindings. Since Clojure 1.3, only vars explicitly declared as dynamic are able to be rebound. As a result, only those vars will work here. If this doesn't work for you, read about the :init key.
This function creates a sandbox function that takes a tester. A tester is a set of objects that you don't want to be allowed in code. It is a blacklist. Optional arguments are as follows: :timeout, default is 10000 MS or 10 seconds. If the expression evaluated in the sandbox takes longer than the timeout, an error will be thrown and the thread running the code will be stopped. :namespace, the namespace of the sandbox. The default is (gensym "sandbox"). :context, the context for the JVM sandbox to run in. Only relevant if :jvm? is true. It has a sane default, so you shouldn't need to worry about this. :jvm?, if set to true, the JVM sandbox will be employed. It defaults to true. :transform, a function to call on the result returned from the sandboxed code, before returning it, while still within the timeout context. :init, some (quoted) code to run in the sandbox's namespace, but outside of the sandbox. :refer-clojure, true or false. If true (the default), automatically refer-clojure in the ns. You might want to set this to false at some point if you're working with the namespace in the :init key. This function will return a new function that you should bind to something. You can call this function with code and it will be evaluated in the sandbox. The function also takes an optional second parameter which is a hashmap of vars to values that will be passed to with-bindings. Since Clojure 1.3, only vars explicitly declared as dynamic are able to be rebound. As a result, only those vars will work here. If this doesn't work for you, read about the :init key.
set-security-managerclj
(set-security-manager s)Sets the system security manager to whatever you pass. Passing nil is the equivalent of turning it off entirely (which is usually how the JVM starts up).
Sets the system security manager to whatever you pass. Passing nil is the equivalent of turning it off entirely (which is usually how the JVM starts up).
thunk-timeoutclj
(thunk-timeout thunk ms)(thunk-timeout thunk time unit)(thunk-timeout thunk time unit tg)Takes a function and an amount of time to wait for thse function to finish executing. The sandbox can do this for you. unit is any of :ns, :us, :ms, or :s which correspond to TimeUnit/NANOSECONDS, MICROSECONDS, MILLISECONDS, and SECONDS respectively.
Takes a function and an amount of time to wait for thse function to finish executing. The sandbox can do this for you. unit is any of :ns, :us, :ms, or :s which correspond to TimeUnit/NANOSECONDS, MICROSECONDS, MILLISECONDS, and SECONDS respectively.
uglify-time-unitclj
Create a map of pretty keywords to ugly TimeUnits
Create a map of pretty keywords to ugly TimeUnits
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close