-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathREADME-spec.el
203 lines (117 loc) · 4.22 KB
/
README-spec.el
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
(load-file "./spec/spec-helpers.el")
(readme-start)
(readme "
= Elisp Sandbox: run Emacs Lisp in a jail =
Erbot runs the #emacs robot. He has a jail inside him for running
arbitary elisp safely.
The code is here: git://git.sv.gnu.org/erbot.git
Also on GitHub [[https://github.com/sigma/erbot|here]].
The goal of this project is to take erbot's code and adapt it for general use.
It is very much a work in progress. Feel free to help out!
== How to use it ==
First load elisp-sandbox.el. It provides a number of functions that support working
with Emacs Lisp code in a safe way.
The simplest function is {{{elisp-sandbox-eval}}}. Using it will evaluate the code
in a way that prevents the code from calling any disallowed functions.
== How it Works ==
The elisp sandbox works by prefixing any symbols it receives as input
before that input is evaluated. That way, the user can only access symbols
that begin with that prefix. For example,
")
(sandbox-defexample
"a simple example that demonstrates expansion"
(elisp-sandbox '(setq x 100))
(elisp-sandbox-unsafe-env-setq elisp-sandbox-unsafe-env-x 100))
(readme "
and:
")
(sandbox-defexample
"a second example that demonstrates expansion with a defun (a more complex form)"
(elisp-sandbox '(defun nic-test-2 () 100))
(elisp-sandbox-unsafe-env-defun elisp-sandbox-unsafe-env-nic-test-2 nil 100))
(readme "
== Programmer API ==
To evaluate unsafe code:
{{{ (elisp-sandbox-eval <unsafe code here>) }}}
Example:
")
(sandbox-defexample
"a simple evaluation example"
(elisp-sandbox-eval '(+ 1 2))
3)
(readme "
Any output is stored as a list of strings in the symbol:
{{{elisp-sandbox-evaluation-output}}}
")
(sandbox-defexample
"example showing output"
(elisp-sandbox-eval '(message "Hello World!"))
("Hello World!")
("Hello World!"))
(readme "
== Sandbox Internal API ==
Sandbox provides a number of functions and macros that are accessible to untrusted code.
{{{defun}}} -- Defines a function specific to the sandbox environment.
{{{while}}} -- Basic looping. Has a maxium loop depth foncigurable with {{{ sandbox-while-max }}} .
")
(sandbox-defexample
"shows while looping"
(elisp-sandbox-eval
'(progn
(setq counter 0
total 0)
(while (< counter 10)
(setq total (+ total counter))
(setq counter (+ 1 counter)))
total))
45)
(readme "
The maximum execution while depth can be configured:
")
(sandbox-defexample
"shows looping that would be deeper than allowed"
(let ((sandbox-while-max 2))
(if (elisp-sandbox-eval
'(ignore-errors
(setq counter 0
total 0)
(while (< counter 10)
(setq total (+ total counter))
(setq counter (+ 1 counter)))
t))
"A non-nil resuld would mean that the while finished and t was returned"
"A nil result means an error happend, as expected!"))
"A nil result means an error happend, as expected!")
(readme "
{{{message}}} -- method for saving output.
The following are available as aliases of the standard functions:
{{{setq}}}, {{{<}}}, {{{+}}}, {{{progn}}}, {{{let}}}, {{{ignore-errors}}}, {{{if}}}
== Sandbox Errors ==
When code behaves badly, errors can be thrown. we gotta figure out how to handle these well.
== Future ==
* it would be nice to allow changing of prefixes, declaration with diff prefixes, and cleaning up
of prefixes. That way a single process can handle different sandboxes.
* still need to figure out which additional functions need to come from erbot
* features to port
funcall, apply, pi, e, emacs-version
== Development ==
Use the script {{{ bin/clone_erbot.sh }}} to get a local copy of the erbot source for yourself.
Tests are written with ert.
== Tests ==
Run the file
{{{
./test.sh
}}}
Tests can also be run interactively... TODO document this
")
(readme "
== About This Readme ==
Readme content is automatically generated from the file README-spec.el,
in the same directory. Its examples are used as feature tests. Do not
edit README.creole directly; instead, edit README-spec.el and regenerate
README.creole.
Each feature is covered more thoroughly in the specs/ directory.
")
;; illustrating each feature from the readme
;; examples match headers
;; == How to use it ==