-
Notifications
You must be signed in to change notification settings - Fork 2
Lists
Licenser edited this page Sep 14, 2010
·
4 revisions
clj-sandbox uses a black and whitelist system to decide wether code is allowed. This system was chosen for a maximal amount of security. A form passed to the sandbox will go the following path:
form → whitelists (must hit at least one whitelist) → blacklists (must not hit any blacklist) → OK
This allows that you whitelist entire namespaces and then blacklist certain functions, not forcing people to whitelist a gazillion functions when you want all but one single function from a namespace. Lists are used to build testers.
You can create either a black or a whitelist from any matcher functions, or multiple matcher functions.
Example:
(whitelist (namespace-matcher 'clojure.core))
(blacklist (function-matcher 'map) (function-matcher 'reduce))