CODEWITHSUNDEEP
clojure
djhworld
djhworld

Reputation: 6776

Preventing execution of unauthorised code

I'm currently writing an application that accepts a series of Clojure forms and when they are evaluated, the results get returned in a list

so for example the input would be 

(data "abc" :identifier)
(data "gee" :identifier)
(content "def" :identifier [1 2 3 4 5])

The functions in the backend basically just turn these into Clojure maps, e.g.

(defn data [text id]
    {:text text :id id})
(defn content [text id cont]
    {:text text :id id :cont cont})

The trouble is, the way that I am processing the code at the moment is by accepting the input with (-> input read-string eval) and getting the contents accordingly. This is bad because anyone could just append a crafty (System/exit 1) to the input and shutdown the JVM

Is there any way of 'whitelisting' the Clojure forms that can be executed in this step and blacklisting all of the nasty stuff? Or am I being too naive to use Clojure forms as a data input mechanism?

Upvotes: 4

Views: 164

Answers (2)

Arthur Ulfeldt
Arthur Ulfeldt

Reputation: 91577

check out Clojail and its great video from the 2011 Clojure Conj!

you can interact with it on #clojure on irc.freenode.net and try to break through it if you would like :) goes by the handle lazybot. it is also used on 4clojure.org

Upvotes: 6

amalloy
amalloy

Reputation: 92067

If you only have a fixed whitelist of allowable functions, you can easily roll your own here. Just have a map like {'data data, 'content content}, mapping symbols to allowed functions, and look up the first element of their form (which is a function call) in the map. If it's there, it maps straight to the function you want to call, and you can pass it the rest of their form as arguments.

Upvotes: 4

Related Questions