mirror of
https://git.savannah.gnu.org/git/guile.git
synced 2025-04-30 03:40:34 +02:00
c7d170c5d1
* NEWS: * README: * doc/r5rs/r5rs.texi: * doc/ref/api-data.texi: * doc/ref/api-debug.texi: * doc/ref/api-evaluation.texi: * doc/ref/api-io.texi: * doc/ref/api-macros.texi: * doc/ref/api-procedures.texi: * doc/ref/api-scheduling.texi: * doc/ref/api-undocumented.texi: * doc/ref/libguile-concepts.texi: * doc/ref/posix.texi: * doc/ref/srfi-modules.texi: * doc/ref/vm.texi: * doc/ref/web.texi: * examples/box-dynamic-module/box.c: * examples/box-dynamic/box.c: * examples/box-module/box.c: * examples/box/box.c: * examples/safe/safe: * examples/scripts/README: * examples/scripts/hello: * gc-benchmarks/larceny/twobit-input-long.sch: * gc-benchmarks/larceny/twobit-smaller.sch: * gc-benchmarks/larceny/twobit.sch: * libguile/expand.c: * libguile/load.c: * libguile/net_db.c: * libguile/scmsigs.c: * libguile/srfi-14.c: * libguile/threads.c: * meta/guile.m4: * module/ice-9/match.upstream.scm: * module/ice-9/ports.scm: * module/language/cps/graphs.scm: * module/scripts/doc-snarf.scm: * module/srfi/srfi-19.scm: * module/system/repl/command.scm: * test-suite/tests/srfi-18.test: Fix typos. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
85 lines
2.5 KiB
Scheme
Executable file
85 lines
2.5 KiB
Scheme
Executable file
#! /usr/local/bin/guile -s
|
|
!#
|
|
;;; examples/safe/safe -- Example for safe (sand-boxed) evaluation.
|
|
|
|
;;; Commentary:
|
|
|
|
;;; This is a demo program for evaluating arbitrary (untrusted) Scheme
|
|
;;; code in a controlled, safe environment. Evaluation in safe
|
|
;;; environments restricts the evaluated code's access to some given
|
|
;;; primitives, which are considered `safe', that means which cannot
|
|
;;; do any harm to the world outside of Guile (creating/deleting files
|
|
;;; etc.)
|
|
;;;
|
|
;;; *Note* that the files in this directory are only suitable for
|
|
;;; demonstration purposes, if you have to implement safe evaluation
|
|
;;; mechanisms in important environments, you will have to do more
|
|
;;; than shown here -- for example disabling input/output operations.
|
|
|
|
;;; Author: Martin Grabmueller
|
|
;;; Date: 2001-05-30
|
|
|
|
;;; Code:
|
|
|
|
;; Safe module creation is implemented in this module:
|
|
;;
|
|
(use-modules (ice-9 safe))
|
|
|
|
;; This is the main program. It expects one parameter in the format
|
|
;; returned by (command-line) and expects that exactly one file name
|
|
;; is passed in this list (after the script name, which is passed as
|
|
;; the 0th parameter.)
|
|
;;
|
|
;; The given file is opened for reading, one expression after the
|
|
;; other is read and evaluated in a safe environment. All exceptions
|
|
;; caused by this evaluation are caught and printed out.
|
|
;;
|
|
(define (main cmd-line)
|
|
|
|
;; Internal definition of the procedure which prints usage
|
|
;; information.
|
|
;;
|
|
(define (display-help)
|
|
(display "Usage: safe FILENAME")
|
|
(newline)
|
|
(quit 1))
|
|
|
|
;; Check that we received exactly one command line argument after
|
|
;; the script name
|
|
;;
|
|
(if (not (= (length cmd-line) 2))
|
|
(display-help)
|
|
(let ((port (open-input-file (cadr cmd-line)))
|
|
|
|
;; Create the safe module.
|
|
(safe-module (make-safe-module)))
|
|
|
|
;; Read one expression a time.
|
|
(let lp ((expr (read port)))
|
|
;; End of file? -> Return.
|
|
(if (eof-object? expr)
|
|
#t
|
|
(catch #t
|
|
(lambda ()
|
|
;; Evaluate the expression in the safe environment.
|
|
(eval expr safe-module)
|
|
;; ... and read the next expression if no error occurred.
|
|
(lp (read port)))
|
|
|
|
;; Handle exceptions. This procedure will be called when an
|
|
;; error occurs while evaluating the expression. It just
|
|
;; prints out a message telling so and returns from the
|
|
;; evaluation loop, thus terminating the program.
|
|
;;
|
|
(lambda args
|
|
(display "** Exception: ")
|
|
(write args)
|
|
(newline))))))))
|
|
|
|
;; Start the main program.
|
|
;;
|
|
(main (command-line))
|
|
|
|
;; Local variables:
|
|
;; mode: scheme
|
|
;; End:
|