Hi! Is it possible to enforce script to use only K...
# scriptingb
bsideup
03/24/2018, 1:12 PMHi! Is it possible to enforce script to use only Kotlin’s Stdlib and avoid any Java/JS/Native classes? (While keeping JVM as a target)
i
ilya.chernikov
03/26/2018, 1:51 PMNo, at least not yet. In the future we plan to support restrictions of some sort.
a
apatrida
03/31/2018, 5:38 AM@bsideup you can use Cuarantena if you compile the script, check it with that, then run. You can provide a whitelist of classes down to the method/member you allow access to: https://github.com/kohesive/cuarentena
I haven't put it in a generic script engine, but I could add it to Keplin.
b
bsideup
04/04/2018, 5:11 AMHi @apatrida! Thanks, but all this classpath-based white listing solutions happen too late. I want to reject a script if it cannot be compiled because it uses any(!) JVM class (and not Kotlin’s stdlib)
a
apatrida
04/04/2018, 5:33 AM@bsideup why is it too late? I can work directly from the compiled script class bytes before the class is loaded.
apatrida
04/04/2018, 5:34 AMso it is at the end of compilation before any danger can happen, and you can report the errors as access violations to anything you want.
b
bsideup
04/04/2018, 5:34 AMexactly. Before the class is loaded. While I want: fail compilation(!) when unwanted class is being used at a compilation time