safeish v0.5.0

Safeish (safeish v0.5.0) View Source

NOT FOR PRODUCTION USE

Safe-ish is an experimental, minimally restrictive sandbox for BEAM modules that examines and rejects BEAM bytecode at load time containing instructions that could cause side effects such as:

  • Spawning processes
  • Sending and receiving messages
  • File system access
  • Network access
  • Compilation
  • System level commands, introspection and diagnostics
  • various apply functions and creating atoms dynamically at runtime (which would allow calls to non-whitelisted modules)

You can provide an optional whitelist of modules, functions and language features that the loaded module is allowed to use. Whitelists are applied to calls and also function literals, because the latter can be used to construct calls in beam assembly without using apply().

Link to this section Summary

Functions

check(bytecode, whitelist \\ [])

Check binary module bytecode

load_bytecode(bytecode, whitelist \\ [])

Check and load binary module bytecode

load_file(filename, whitelist \\ [])

Check and load module bytecode from a file path

module_risks(bytecode)
risk_acceptable?(mfa, arg2)

Link to this section Functions

Link to this function

check(bytecode, whitelist \\ [])

View Source

Check binary module bytecode

Params

bytecode: Bytecode of module to check and load if content "safe" whitelist: A list of call targets and language features allowed in the bytecode:

              - Module
              - {Module, :function}
              - {Module, :function, arity}
              - :send
              - :receive

Examples 

  iex> Safeish.load_bytecode(<<...>>, [WhitelistedModuleA, {WhitelistedModuleB, :some_func}])
  {:ok, SomeSafeModule}
Link to this function

load_bytecode(bytecode, whitelist \\ [])

View Source

Check and load binary module bytecode

Params

bytecode: Bytecode of module to check and load if content "safe" whitelist: A list of call targets and language features allowed in the bytecode:

              - Module
              - {Module, :function}
              - {Module, :function, arity}
              - :send
              - :receive

Examples 

  iex> Safeish.load_bytecode(<<...>>, [WhitelistedModuleA, {WhitelistedModuleB, :some_func}])
  {:ok, SomeSafeModule}
  iex> SomeSafeModule.func()
Link to this function

load_file(filename, whitelist \\ [])

View Source

Check and load module bytecode from a file path

Params

filename: Path to beam file to check and load if content "safe" whitelist: A list of call targets and language features allowed in the bytecode:

              - Module
              - {Module, :function}
              - {Module, :function, arity}
              - :send
              - :receive

Examples 

  iex> Safeish.load_bytecode(<<...>>, [WhitelistedModuleA, {WhitelistedModuleB, :some_func}])
  {:ok, SomeSafeModule}
  iex> SomeSafeModule.func()
Link to this function

module_risks(bytecode)

View Source
Link to this function

risk_acceptable?(mfa, arg2)

View Source