Git Product home page Git Product logo

loppers's Introduction

Loppers

A code validator for the Elixir-AST.

It can operate on both white- and blacklists.

Basic example:

quoted = quote do
  "hello"
  |> String.upcase
  |> String.pad_leading(4, "0")
end
whitelist = Loppers.special_forms ++ [
  {Kernel, :|>},
  {String, :upcase},
  {String, :pad_leading}
]
:ok = Loppers.validate(quoted, whitelist: whitelist)

Features

  • Ideally used in combination with Code.string_to_quoted/2 to check for nasty things in untrusted code.
  • Operate against a whitelist, blacklist or a mix of both (blacklist > whitelist)
  • Works with alias and import in the code (special handling for that in the Loppers.Walk module)
  • Returns the AST-Fragment (including the line number if your compiler provides it) so you can add squiggly lines to the editor at the right place.
  • Whitelist a module with functions with {Application.Callbacks, :__all__}
  • Whitelist a module with all child-modules and functions with {Application.Callbacks, :__submodules_all__}

Installation

The package can be installed by adding loppers to your list of dependencies in mix.exs:

def deps do
  [{:loppers, "~> 0.1.2"}]
end

loppers's People

Contributors

batate avatar h4cc avatar narrowtux avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

h4cc groxio-learning

loppers's Issues

Sigils not supported

Seems to be recognized as a keyword instead of function Kernel.sigil_U

CompileError: Not allowed keyword :sigil_U

Macro expand?

Thanks for a cool project.

Question. Should the AST be run through Macro.expand/2 before validating? Or is that outside the scope of the project?

If you would like, I can take a shot at this and support a pr.

Should -> be added to special forms?

I am happy to submit a pull request for this one. Here's the test case. Case and cond require ->.

Test case:

iex(1)> code =
...(1)> """
...(1)> case animal do
...(1)> :cat -> "meow"
...(1)> :dog -> "arf"
...(1)> end
...(1)> """
"case animal do\n :cat -> "meow"\n :dog -> "arf"\nend\n"
iex(2)> Code.eval_string code, [animal: :dog]
{"arf", [animal: :dog]}
iex(3)> {_status, quoted} = Code.string_to_quoted code
{:ok,
{:case, [line: 1],
[
{:animal, [line: 1], nil},
[
do: [
{:->, [line: 2], [[:cat], "meow"]},
{:->, [line: 3], [[:dog], "arf"]}
]
]
]}}
iex(4)> Loppers.validate quoted, whitelist: Loppers.special_forms
{:error,
[
not_allowed: {:->, [line: 3], [[:dog], "arf"]},
not_allowed: {:->, [line: 2], [[:cat], "meow"]}
]}
iex(5)> Loppers.validate quoted, whitelist: Loppers.special_forms ++ [:->]
:ok

Compile warning: the underscored variable "_meta" appears more than once in a match 

Compiling 5 files (.ex)
warning: the underscored variable "_meta" appears more than once in a match. This means the pattern will only match if all "_meta" bind to the same value. If this is the intended behaviour, please remove the leading underscore from the variable name, otherwise give the variables different names
  lib/validate.ex:21

How to handle map keys?

e.g.:

iex(33)> Loppers.validate("%{one: 1}.one" |> Code.string_to_quoted |> elem(1), whitelist: Loppers.special_forms)
{:error,
[
not_allowed: {** {:., [line: 1], [{:%{}, [line: 1], [one: 1]}, :one] **},
[line: 1], []}
]}

Is this something I need to handle before I pass off to loppers?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.