File: safe

package info (click to toggle)
guile-2.0 2.0.13%2B1-5.1
  • links: PTS
  • area: main
  • in suites: buster
  • size: 27,104 kB
  • sloc: ansic: 133,697; lisp: 67,499; sh: 4,762; makefile: 2,031; perl: 243; awk: 37
file content (85 lines) | stat: -rwxr-xr-x 2,581 bytes parent folder | download | duplicates (24) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
 
#! /usr/local/bin/guile -s
!#
;;; examples/safe/safe -- Example for safe (sand-boxed) evaluation.

;;; Commentary:

;;; This is a demo program for evaluating arbitrary (untrusted) Scheme
;;; code in a controlled, safe environment.  Evaluation in safe
;;; environments restricts the evaluated code's access to some given
;;; primitives, which are considered `safe', that means which cannot
;;; do any harm to the world outside of Guile (creating/deleting files
;;; etc.)
;;;
;;; *Note* that the files in this directory are only suitable for
;;; demonstration purposes, if you have to implement safe evaluation
;;; mechanisms in important environments, you will have to do more
;;; than shown here -- for example disabling input/output operations.

;;; Author: Martin Grabmueller
;;; Date: 2001-05-30

;;; Code:

;; Safe module creation is implemented in this module:
;;
(use-modules (ice-9 safe))

;; This is the main program.  It expects one parameter in the format
;; returned by (command-line) and expects that exactly one file name
;; is passed in this list (after the script name, which is passed as
;; the 0th parameter.)
;;
;; The given file is opened for reading, one expression after the
;; other is read and evaluated in a safe environment.  All exceptions
;; caused by this evaluation are caught and printed out.
;;
(define (main cmd-line)

  ;; Internal definition of the procedure which prints usage
  ;; information.
  ;;
  (define (display-help)
    (display "Usage: safe FILENAME")
    (newline)
    (quit 1))

  ;; Check that we received exactly one command line argument after
  ;; the script name
  ;;
  (if (not (= (length cmd-line) 2))
    (display-help)
    (let ((port (open-input-file (cadr cmd-line)))

	  ;; Create the safe module.
	  (safe-module (make-safe-module)))

      ;; Read one expression a time.
      (let lp ((expr (read port)))
	;; End of file? -> Return.
	(if (eof-object? expr)
	  #t
	  (catch #t
	    (lambda ()
	      ;; Evaluate the expression in the safe environment.
	      (eval expr safe-module)
	      ;; ... and read the next expression if no error occured.
	      (lp (read port)))

	    ;; Handle exceptions.  This procedure will be called when an
	    ;; error occurs while evaluating the expression.  It just
	    ;; prints out a message telling so and returns from the
	    ;; evaluation loop, thus terminating the program.
	    ;;
	    (lambda args
	      (display "** Exception: ")
	      (write args)
	      (newline))))))))

;; Start the main program.
;;
(main (command-line))

;; Local variables:
;; mode: scheme
;; End: