Clojail does not throw Security Exception in Clojure
Question
I'm using clojail library for sandboxing but it does not behave as expected.
Here is the code:
(ns jail.core
(:require [clojail.core :as s]
[clojail.testers :as t]))
(def my-tester [(t/blacklist-objects [clojure.lang.RT])
(t/blanket "clojail")])
(def sb (s/sandbox my-tester))
(println (sb '(do
(import clojure.lang.RT)
(RT/errPrintWriter))))
At (import clojure.lang.RT) line it has to throw SecurityException but it does not.
It returns PrintWriter(errPrintWriter) object.
1 answers
solution1
0 ACCPTED 2017-02-02 10:47:21
It turns out if I don't pass the class object to import macro, it just works but I think the behaviour is kinda odd.
Here:
(println (sb '(do
clojure.lang.RT
(RT/errPrintWriter))))
Now I'm getting Security Exception, the import macro somehow prevents clojail to throw Security Exception .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
How to sandbox clojure.string/blank? with Clojail in Clojure?
Spring Boot Security does not throw 401 Unauthorized Exception but 404 Not Found
Does getApplicationContext throw exception?
Why does calling the security authentication property `principal.displayName` in a decorator throw an exception?
Why does Spring security throw exception "FilterOrderRegistration.getOrder is null" from a keycloak configuration?
Printer API does not throw exception
why does replaceAll throw an exception
overridden method does not throw exception
Why does parseBoolean not throw an exception?
How does JVM “throw” an exception
Related Tags