https://kotlinlang.org logo
Join Slack
Powered by
Hi, does kotlin REPL have a way to safely sandbox ...
# scripting
t
Hi, does kotlin REPL have a way to safely sandbox an enduser provided script. For example set what variables are available for the script and which functions/classes etc are available? Or should this be done with keplin?
h
I don’t think so. But you could run it within a dockerized enviroment such as https://hub.docker.com/r/yongjhih/kotlin/ with
Copy code
docker-kotlin kotlinc-jvm -script HelloWorld.kts
t
Ok great thanks 🙂
h
Haven’t tried it myself though…
t
would like to avoid writing custom shell language for end user scripts but they need to be sandboxed somehow 🙂
h
which other scripting languages run within a sandbox?
t
I suppose that is a good question 🙂 There a specific applications which implement sandboxing of scripting language but I suppose quite often they are custom made...
If you want to provide end user to script something in a desktop application or shared virtual environment
h
i see
t
Thank you, time for sleep
a
@tlaukkan Cuarentena will handle this on any compiled classes, and I'll integrate it into Keplin engines soon so that it is easy for you to setup and run. it is on my "near" plan hopefully by this weekend.
or if you are bored, break apart the REPL code and you can tie it in 😄 I'll try to get some PR into core Kotlin for a verification hook so I don't have to maintain a separate REPL.
if you don't care about the method level you can use Java security manager to do this at the class level already
Cuarentena just provides this at a much lower granularity
t
Hi, thank you for details. Do you think the Keplin + Cuarantena solution will be bullet proof. I.e. user will be able to access context and classes only based on a white list?
Open in Slack
PreviousNext
Powered by