• Stars
    star
    211
  • Rank 186,867 (Top 4 %)
  • Language
    Clojure
  • License
    Eclipse Public Li...
  • Created over 13 years ago
  • Updated about 5 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A control freak's best friend

Introduction

Build Status

Welcome to the wonderful world of clojail! Clojail is a library for sandboxing Clojure code. Why is this useful? Well, for tons of reasons. Clojurians have used this library for a number of different things. Personally, I've used the library in two of my own projects: Try Clojure and lazybot.

If you have any questions, ideas, or feedback, shoot me a message here on Github or in an email. Feedback of all kind is welcome!

Usage

WARNING As of the 0.6.0 release, clojail is no longer compatible with Clojure 1.2.1. You should absolutely be using the latest version of clojail though so please do not stick with old versions. It's time to upgrade boys and girls.

You can get this library from clojars via Leiningen.

First, go to clojars and see what the latest version is. Next, add it to your project.clj. After that, just run lein deps.

Because clojail employs the JVM's built in sandboxing, you'll need to have a ~/.java.policy file to define permissions for your own code. If you don't do this, you'll get security exceptions. I've included a very liberal example.policy file that you can just copy over to ~/.java.policy.

Once you've got that set up, you can play with the sandbox. Let's create a sandbox:

(ns my.project
  (:use [clojail.core :only [sandbox]]
        [clojail.testers :only [blacklist-symbols blacklist-objects]]))
    
(def tester [(blacklist-symbols #{'alter-var-root})
             (blacklist-objects [java.lang.Thread])])) ; Create a blacklist.
(def sb (sandbox tester :timeout 5000))

You have just created a new sandbox. This sandbox will trigger whenever java.lang.Thread or alter-var-root is used in code. Anything else will pass the sandbox and be executed. Simple enough, right? Also, the :timeout bit is an optional argument. We've just lowered the timeout time to 5000 milliseconds, or 5 seconds. The default is 10000.

This sandbox isn't very secure. Let's create a new sandbox using the secure-tester in clojail.testers. This sandbox should be more secure. Can't promise total security however, since I can't test everything.

(def sb (sandbox secure-tester))

The secure-tester tester is a collection of things we have accumulated as unsafe over time. It blacklists various namespaces, classes, functions, etc.

Don't bother setting :timeout unless you just want to. The sandbox has a reasonable default.

Alright, cool. Now we have a supposedly secure sandbox. How do we use it? Simple! sb is now bound to a function that takes code and executes it in the sandbox.

(sb '(+ 3 3)) ; Returns 6
(sb '(def x)) ; Fails because def is not allowed in our sandbox.

Play around with it a bit.

(sb '(println "blah")) ; Returns nil

Wait... nil? It's doing the right thing and printing output to out and returning nil. However, for our purposes, maybe we want to get the output of sb as a string. Luckily, the sandbox accounts for that possibility and allows for you to provide, after the code to execute, a hashmap of vars to values. Here is how we can use that to get the output of sb as a string:

(let [writer (java.io.StringWriter.)] 
  (sb '(println "blah") {#'*out* writer}) (str writer)) ; Returns "blah\n"

There we go! Great! This only works for vars that are explicitly dynamic, just like normal binding.

Well, that's about all folks. I hope our library is to your liking, and I hope it's useful in your own projects. Remember to not hesitate to give us feedback! We especially like to hear how people are using sandboxing.

Testers

If you're a curious fellow or gal, you're probably wondering what exactly a tester is. Well, in older releases testers were a set of objects. Over time we realized we could do better. These days, clojail testers are very clever collections of serializable functions created with the serializable-fn project. These functions take a 'thing' which is anything clojail pulls out of possibly unsafe code, so classes, namespaces, symbols, numbers, television, whatever, and they return a truthy value if the thing is bad or a non truthy value if it passes.

The important part is that they are serializable. They have to be serializable to a string in order for us to secure java interop. We do some magic that requires printing the tester to a string (not with print-dup, though that may seem weird) and then reading it inside of your own code. Because of that, anything inside of a tester needs to be round-trippable, and that's why we use serializable functions. We also have a ClojailWrapper type that you can wrap objects in for your own serializable functions in order to define a print-method for them, that way you don't have to create a print-method for some top-level thing in your own code (which is bad because it is global). It is also necessary for some other things that you probably don't care about.

If none of this makes sense, just take a look at clojail.testers. It has, of course, secure-tester, but more importantly it has a bunch of high-level functions for creating serializable fns for testers out of various objects. We used some of them above! It is unlikely that you'll have to manually create a serializable function for usage with clojail, but if you do, this namespace should be helpful.

Warning

We can't promise that clojail will be entirely secure at any given time. Clojail uses a blacklist-based sandbox by default, so there will almost always be little holes in the sandbox. Fortunately, that only applies to the Clojure side of things. Since clojail is backed up by the JVM sandbox, even if the Clojure sandbox is broken, I/O still can't be done. Even if clojail breaks, the breaker can't wipe your system unless he has broken the JVM sandbox, in which case he has worked hard and earned his prize.

License

Clojail is licensed under the same thing that Clojure is. See LICENSE.

More Repositories

1

conch

A flexible library for shelling out in Clojure
Clojure
542
star
2

fs

File system utilities for Clojure.
Clojure
453
star
3

tryclojure

A little web-based Clojure REPL powered by clojail.
HTML
400
star
4

tentacles

An Octocat is nothing without his tentacles
Clojure
351
star
5

lein-bin

Standalone console executables for your project.
Clojure
154
star
6

lazybot

An IRC bot written in Clojure.
Clojure
151
star
7

refheap

The Reference Heap. A Clojure pastebin powered by Compojure, MongoDB, and Pygments.
Clojure
129
star
8

laser

HTML transformation/templating for people who do that sort of thing and stuff
Clojure
120
star
9

irclj

A simple and small IRC library/bot framework written in Clojure.
Clojure
84
star
10

bultitude

A namespace finder library.
Clojure
62
star
11

lein-pdo

Run multiple leiningen tasks in parallel.
Clojure
51
star
12

lein-newnew

A replacement for 'lein new' with templates.
Clojure
39
star
13

clj-github

Here lies clj-github. He is survived by his son, tentacles: https://github.com/Raynes/tentacles
Clojure
30
star
14

cegdown

A thin Clojure wrapper for the pegdown markdown parsing library
Clojure
25
star
15

findfn

Finding functions, because they're sexy.
Clojure
25
star
16

ororo

A simple and concise Clojure library for working with the Wunderground weather forecasting API.
Clojure
20
star
17

clavatar

A library for getting gravatar images in Clojure.
Clojure
19
star
18

least

A last.fm API client for Clojure
Clojure
12
star
19

gotmilk

A command-line application for working with Github without a browser.
Clojure
11
star
20

lein-gitify

A leiningen plugin for gitifying a project.
Clojure
10
star
21

clhue

An API client for controlling Hue light bulbs.
Clojure
10
star
22

refheap.vim

A Vim plugin for pasting to RefHeap.
Vim Script
10
star
23

moments

A cron-like task scheduling library using ScheduledExecutorServices and Chronicle.
Clojure
10
star
24

cereal

Simple serialization library with pluggable backends.
Clojure
10
star
25

slackhog

A backup tool for slack.
Clojure
9
star
26

yams

Rewrite of Erik's Amazon Echo RX-V receiver controller as an Alexandra app
Python
8
star
27

filevents

A file system watching library.
Clojure
8
star
28

rxvc

A lightspeed Yamaha RX-V series receiver controller for your command line
Python
8
star
29

refheap.el

An Emacs mode for pasting to https://refheap.com
Emacs Lisp
8
star
30

clj-config

A simple and small configuration library based around Clojure datastructures.
Clojure
7
star
31

morphin

Polymorphic ranges in Clojure
Clojure
7
star
32

basement

Extensible Python project scaffolding brought to you by mustache
Python
6
star
33

dox

A leiningen plugin for creating/updating gh-pages.
Clojure
6
star
34

innuendo

An API library for http://refheap.com
Clojure
6
star
35

hobbit

A Clojure library for interacting with all sorts of URL shortening services.
Clojure
6
star
36

turntable

A service for running SQL queries every n minutes.
Clojure
6
star
37

lein-findfn

Find things.
Clojure
5
star
38

webrepl

A Clojure REPL applet based on Beanshell's JConsole Swing component.
Java
5
star
39

fsutils

Haskell file manipulation utilities.
Haskell
5
star
40

rapture

A refheap command line tool written in Elixir
Elixir
5
star
41

awsenv-profiles

Simple AWS credential profile switcher.
Python
5
star
42

barrelroll

An ES6, atom-shell, hipster as a motherfucker consolidated desktop dashboard for your finances.
JavaScript
4
star
43

fucktheac

Air conditioner -> Chromecast volume control because why not
Python
4
star
44

reap

A refheap API client library in Elixir.
Elixir
4
star
45

areyoustillthere

Email validation for Python
Python
4
star
46

clonesearch

A tool for cloning github repos based on a search query.
Python
4
star
47

cassette

A great place to store sequential data, based on Kafka's storage format.
Clojure
4
star
48

pygments-tomorrow-night-bright

A tomorrow-night-bright color theme implementation for Pygments.
Python
4
star
49

updoc

A tool written in Clojure for generating an email from closed issues in a Github milestone and then emailing it to someone
Clojure
3
star
50

refh

A command-line tool for pasting to refheap.
Haskell
3
star
51

coffeefilter

Quick coffeescript to javascript compilation in Atom
CoffeeScript
3
star
52

closed

Open files in Atom with paths.
CoffeeScript
3
star
53

pyheap

Python implementaion of the Refheap API
Python
3
star
54

repl-in-chrome

Try repl in the chrome
JavaScript
2
star
55

haskheap

Haskell bindings to the refheap API
Haskell
2
star
56

intime

WIP time tracking restful web service.
JavaScript
2
star
57

octopress-blog

Experimental bloggy stuff
JavaScript
2
star
58

cake-autodoc

A plugin for generating autodoc documentation with cake.
Clojure
2
star
59

TConfig

A simple text-based key-value configuration library and parser.
Haskell
2
star
60

tallyho

A general score keeping application written in Clojure.
Clojure
2
star
61

lein-tag

Let lein tag your releases for you.
Clojure
2
star
62

dotemacsdotd

My .emacs.d folder
Emacs Lisp
2
star
63

vimfiles

My vimfiles.
Vim Script
1
star
64

cake-slamhound

A cake plugin for using slamhound.
Clojure
1
star
65

rubeque

Competitive learning site for ruby.
JavaScript
1
star
66

micdrop

A sound server for recording with a USB mic and streaming it.
JavaScript
1
star
67

clippard

Cross-platform copying to system clipboard.
Haskell
1
star
68

famine

sekrit
Elixir
1
star
69

beepy

Experimental beeline wrapper for Python (for Hive)
Python
1
star
70

amsin

A Python program for turning long amazon links into short amzn links.
Python
1
star
71

sherlock

A library for downloading and searching maven lucene indexes.
Clojure
1
star
72

explain

Dump the create table statement from a postgres (or redshift) instance.
Python
1
star
73

echolight

Presets for hue lights with Amazon Echo
Python
1
star
74

refheap-blog

The refheap octopress blog.
JavaScript
1
star
75

grunt-doxy

Markdown documentation generator plugin for grunt via dox and doxme
JavaScript
1
star
76

meteor-accounts-pg

Postgres/Redshift account adapter for Meteor accounts
CoffeeScript
1
star
77

quarantine

Isolated virtualenvs for Python programs.
Python
1
star
78

rubyheap

A Ruby API library for RefHeap.
Ruby
1
star
79

edited-tentacles-test2

I'm an edited test repository, just to make sure tentacles is working properly. Ignore me.
1
star
80

cake-github

A command-line interface to the Github API as a cake plugin. Tasty.
Clojure
1
star
81

udder

An utterance generator tool for Amazon Echo apps
JavaScript
1
star
82

Hricket

An implementation of Cricket in Haskell.
Haskell
1
star
83

lein-hammock

Hammock time!
Clojure
1
star
84

submodulize

An Elixir script for making a directory full of git repos into submodules
Elixir
1
star
85

mkvrename

A little tool for renaming mkv files in my television show ripping structure.
Clojure
1
star