sandbox.pl -- Sandboxed Prolog code
Prolog is a full-featured Turing complete programming language in which it is easy to write programs that can harm your computer. On the other hand, Prolog is a logic based query language which can be exploited to query data interactively from, e.g., the web. This library provides safe_goal/1, which determines whether it is safe to call its argument.
- safe_call(:Goal)
- Call Goal if it complies with the sandboxing rules. Before calling Goal, it performs expand_goal/2, followed by safe_goal/1. Expanding is done explicitly because situations in which safe_call/1 typically concern goals that are not known at compile time.
- safe_goal(:Goal) is det
- True if calling Goal provides no security risc. This implies
that:
- The call-graph can be fully expanded. Full expansion stops if a meta-goal is found for which we cannot determine enough details to know which predicate will be called.
- All predicates referenced from the fully expanded are whitelisted by the predicate safe_primitive/1 and safe_meta/2.
- It is not allowed to make explicitly qualified calls into modules to predicates that are not exported or declared public.
- safe_primitive(?Goal) is nondet[multifile]
- True if Goal is safe to call (i.e., cannot access dangerous system-resources and cannot upset other parts of the Prolog process). There are two types of facts. ISO built-ins are declared without a module prefix. This is safe because it is not allowed to (re-)define these primitives (i.e., give them an unsafe implementation) and the way around (redefine_system_predicate/1) is unsafe. The other group are module-qualified and only match if the system infers that the predicate is imported from the given module.
- safe_global_variable(Name) is semidet[multifile]
- Declare the given global variable safe to write to.
- safe_meta(+Goal, -Called:list(callable)) is semidet[multifile]
- Hook. True if Goal is a meta-predicate that is considered safe iff all elements in Called are safe.
- prolog:sandbox_allowed_directive(:G) is det[multifile]
- Throws an exception if G is not considered a safe directive.
- safe_directive(:Directive) is semidet[multifile]
- Hook to declare additional directives as safe. The argument is a
term
Module:Directive
(without:-
wrapper). In almost all cases, the implementation must verify that the Module is the current load context as illustrated below. This check is not performed by the system to allow for cases where particular cross-module directives are allowed.sandbox:safe_directive(M:Directive) :- prolog_load_context(module, M), ...
- prolog:sandbox_allowed_expansion(:G) is det[multifile]
- Throws an exception if G is not considered a safe expansion
goal. This deals with call-backs from the compiler for
- goal_expansion/2
- term_expansion/2
- Quasi quotations.
Our assumption is that external expansion rules are coded safely and we only need to be careful if the sandboxed code defines expansion rules.
- prolog:sandbox_allowed_goal(:G) is det[multifile]
- Throw an exception if it is not safe to call G