PublicShow sourcesandbox.pl -- Sandboxed Prolog code

Prolog is a full-featured Turing complete programming language in which it is easy to write programs that can harm your computer. On the other hand, Prolog is a logic based query language which can be exploited to query data interactively from, e.g., the web. This library provides safe_goal/1, which determines whether it is safe to call its argument.

See also
- http://www.swi-prolog.org/pldoc/package/pengines.html
To be done
- Handling of ^ and // meta predicates
- Complete set of whitelisted predicates
Source safe_call(:Goal)
Call Goal if it complies with the sandboxing rules. Before calling Goal, it performs expand_goal/2, followed by safe_goal/1. Expanding is done explicitly because situations in which safe_call/1 typically concern goals that are not known at compile time.
See also
- safe_goal/1.
Source safe_goal(:Goal) is det
True if calling Goal provides no security risc. This implies that:
  • The call-graph can be fully expanded. Full expansion stops if a meta-goal is found for which we cannot determine enough details to know which predicate will be called.
  • All predicates referenced from the fully expanded are whitelisted by the predicate safe_primitive/1 and safe_meta/2.
  • It is not allowed to make explicitly qualified calls into modules to predicates that are not exported or declared public.
Errors
- instantiation_error if the analysis encounters a term in a callable position that is insufficiently instantiated to determine the predicate called.
- permission_error(call, sandboxed, Goal) if Goal is in the call-tree and not white-listed.
Source safe_primitive(?Goal) is nondet[multifile]
True if Goal is safe to call (i.e., cannot access dangerous system-resources and cannot upset other parts of the Prolog process). There are two types of facts. ISO built-ins are declared without a module prefix. This is safe because it is not allowed to (re-)define these primitives (i.e., give them an unsafe implementation) and the way around (redefine_system_predicate/1) is unsafe. The other group are module-qualified and only match if the system infers that the predicate is imported from the given module.
Source safe_global_variable(Name) is semidet[multifile]
Declare the given global variable safe to write to.
Source safe_meta(+Goal, -Called:list(callable)) is semidet[multifile]
Hook. True if Goal is a meta-predicate that is considered safe iff all elements in Called are safe.
Source prolog:sandbox_allowed_directive(:G) is det[multifile]
Throws an exception if G is not considered a safe directive.
Source safe_directive(:Directive) is semidet[multifile]
Hook to declare additional directives as safe. The argument is a term Module:Directive (without :- wrapper). In almost all cases, the implementation must verify that the Module is the current load context as illustrated below. This check is not performed by the system to allow for cases where particular cross-module directives are allowed.
sandbox:safe_directive(M:Directive) :-
    prolog_load_context(module, M),
    ...
Source prolog:sandbox_allowed_expansion(:G) is det[multifile]
Throws an exception if G is not considered a safe expansion goal. This deals with call-backs from the compiler for

Our assumption is that external expansion rules are coded safely and we only need to be careful if the sandboxed code defines expansion rules.

Source prolog:sandbox_allowed_goal(:G) is det[multifile]
Throw an exception if it is not safe to call G