Clojurians Log v2

Clojure programming

Channels

# 100-days-of-code # aatree # admin-announcements # adventofcode # ai # alda # aleph # all-the-channels # announcements # arachne # architecture # asami # atlanta-clojurians # atom-editor # autochrome-github # avi # aws # aws-lambda # babashka # babashka-sci-dev # bangalore-clj # beginners # berlin # biff # bigdata # bitcoin # boot # boot-dev # boulder-clojurians # braid-chat # braveandtrue # brevis # bristol-clojurians # business # calva # capetown # carry # cbus # cestmeetup # chestnut # chlorine-clover # cider # circleci # clara # clj-commons # cljdoc # cljfx # clj-http # clj-kondo # clj-on-windows # cljs-dev # cljs-experience # cljsfiddle # cljsjs # cljsrn # cljtogether # clojars # clojure # clojure-android # clojure-argentina # clojure-art # clojure-austin # clojure-australia # clojure-austria # clojure-bangladesh # clojure-bay-area # clojure-beijing # clojure-belgium # clojure-berlin # clojure-boston # clojure-brasil # clojurebridge # clojurebridge-ams # clojure-canada # clojure-chennai # clojure-chicago # clojure-china # clojure-colombia # clojure-conj # clojurecup # clojure-czech # clojured # clojure-denmark # clojure-denver # clojure-derby # clojuredesign-podcast # clojure-dev # clojure-dusseldorf # clojure-ecuador # clojure-egypt # clojure-estonia # clojure-europe # clojure-filipino # clojure-finland # clojure-france # clojure-gamedev # clojure-germany # clojure-greece # clojure-guangzhou # clojure-hamburg # clojure-hk # clojure-houston # clojure-hungary # clojure-india # clojureindia # clojure-indonesia # clojure-ireland # clojure-israel # clojure-italy # clojure-japan # clojure-kc # clojure-korea # clojure-losangeles # clojure-madison # clojure-mexico # clojure-miami # clojure-mk # clojure-mke # clojure-morsels # clojure-my # clojure-new-zealand # clojure-nl # clojure-nlp # clojure-norway # clojure-poland # clojure-portugal # clojure-provo # clojure-quebec # clojureremote # clojure-romania # clojure-russia # clojure-sanfrancisco # clojurescript # clojurescript-ios # clojure-sdn # clojure-seattle # clojure-serbia # clojure-sg # clojure-shanghai # clojure-spain # clojure-spec # clojuresque # clojure-survey # clojure-sweden # clojure-switzerland # clojure-taiwan # clojure-turkiye # clojure-uk # clojure-ukraine # clojureverse-ops # clojurewerkz # clojurewest # clojurex # clojure-za # clojurian-chat-app # clojutre # cloverage # cloxp # clr # code-art # code-reviews # community-development # component # conf-proposals # conjure # consulting # contributions-welcome # copenhagen-clojurians # core-async # core-logic # core-matrix # core-typed # cryogen # crypto # css # cursive # cz-clojure # d2q # datacrypt # datahike # datalevin # datalog # data-oriented-programming # data-science # datascript # datavis # dato # datomic # defnpodcast # deps-new # depstar # devcards # devops # dirac # docker # docs # domino-clj # duct # dunaj # eastwood # editors # emacs # error-message-catalog # etaoin # ethereum # euroclojure # events # exercism # expound # figwheel # figwheel-main # flambo # fulcro # funcool # functionalprogramming # funimage # garden # ghostwheel # girouette # gis # google-cloud # gorilla # graalvm # graalvm-mobile # graclj # graphql # gratitude # gsoc # hammock-driven-dev # helix # heroku # hispano # holy-lambda # honeysql # hoplon # hugsql # humor # hypercrud # hyperfiddle # immutant # improve-getting-started # incanter # indycljs # inf-clojure # instaparse # integrant # interceptors # interop # introduce-yourself # iot # iotivity # ipfs # jackdaw # jaunt # java # javascript # javelin # jobs # jobs-discuss # jobs-rus # joker # jukebox # juxt # jvm # kaocha # keechma # kekkonen # keyboards # klipse # kosmos # lambdaisland # ldnclj # ldnproclodo # lein-figwheel # leiningen # liberator # liquid # livestream # local-first-clojure # london-clojurians # lsp # luminus # lumo # mail # malli # mathematics # meander # melbourne # membrane # mental-health # microservices # mid-cities-meetup # midje # minecraft # minimallist # missionary # monads # mount # music # new-channels # new-clojure # nextjournal # nginx # nrepl # numerical-computing # nyc # observability # off-topic # om # om-next # onyx # other-languages # other-lisps # overtone # pamela # parinfer # pathom # pedestal # perun # philosophy # phzr # planck # plastic # play-clj # podcasts # polylith # portal # portkey # portland-or # powderkeg # practicalli # precept # prelude # programming-beginners # project-updates # proletarian # proton # protorepl # pulsar # pure-frame # qa # qlkit # quil # random # rdf # react # reactive # reading-clojure # reagent # reclojure # re-frame # reitit # releases # remote-jobs # respo # rethinkdb # reveal # rewrite-clj # ring # ring-swagger # robots # rum # schema # sci # sfcljs # shadow-cljs # _silence # sim-testing # sioux-falls # slack-help # sneer # sneer-br # spacemacs # specmonstah # specter # speculative # spirituality-ethics # sql # startup-in-a-month # sydney # test200 # test-check # testing # thejaloniki # timbre # tmp-json-parsing # tools-build # tools-deps # trading # tree-sitter # uncomplicate # unrepl # untangled # utah-clojurians # videos # vim # vrac # vscode # wasm # web-security # windows # xtdb # yada # yleinen

Apps

sci

https://github.com/babashka/SCI - also see #babashka and #nbb

steveb8n 2020-09-18T02:05:16.001400Z

Q: forgive me if this has already been asked but, has anyone done any pen-testing on sci to verify its sandbox works as expected?

borkdude 2020-09-18T07:34:24.007900Z

I'm now reading about sandboxing JS solutions: some use a trick of running it in an iframe and then killing the iframe

2020-09-18T07:38:47.008100Z

I was also thinking some functions such as vec and into could be redefined to avoid realising big sequences for instance. This would not require changes to sci core

2020-09-18T07:39:58.008400Z

Also if you don't allow js execution things are pretty good as @borkdude already stated

borkdude 2020-09-18T07:48:48.008600Z

That would be really bad for performance though. Also, sci can't prevent long-running functions if users provide those via opts, e.g. #(Thread/sleep 10000000)

borkdude 2020-09-18T07:49:48.008800Z

But nothing is stopping you from providing those re-defined functions indeed

borkdude 2020-09-18T07:53:08.009Z

And maybe performance isn't a concern in some cases. But I think you would have to re-define a lot of core to make that work

2020-09-18T07:57:52.009300Z

At least it is a nice property that someone can make a "safe" version according to their own requirements. I'm thinking redefining plus the invoke-callback should give enough knobs to do this

borkdude 2020-09-18T09:10:15.009500Z

Possibly. But most people probably want an out of the box experience. E.g. malli asked me to curate these options, that's why there is a :preset :termination-safe.

borkdude 2020-09-18T09:15:39.009700Z

I just checked this example "(count (for [i (range 100) j (range 100) k (range 100)] [i j k]))" and it's going through loop and loop is implemented using a recursive function, that's why invoke-callback will see it and therefore you will be able to stop it. But these might be implementation details.

borkdude 2020-09-18T09:17:36.009900Z

Something like AWS Lambda, or a Thread: just kill it after 5 seconds is way more ergonomic

steveb8n 2020-09-18T11:29:45.010700Z

Yep. For my use case on lambda, the termination risk is fine I'm more concerned with escaping the sandbox than denial of service

steveb8n 2020-09-18T11:31:01.010900Z

Obviously specific to me but I'm sure I won't be alone if/when sci hits the mainstream 😉

borkdude 2020-09-18T11:43:36.011100Z

In that regard sci is totally safe (famous last words)

borkdude 2020-09-18T11:45:54.011300Z

@steveb8n Here is a list of companies using sci and/or bb: https://github.com/borkdude/babashka/issues/254

steveb8n 2020-09-18T11:48:09.011700Z

Thanks. I use BB daily and I'll let you know when sci hits prod users. My company is http://nextdoc.io

borkdude 2020-09-18T11:48:52.011900Z

I mean, there's companies using sci for similar things maybe. You could ask them if they have had any such problems

steveb8n 2020-09-18T11:50:45.012100Z

Good thought. If a CSO asks, a solid defensible response would be a white hat having a crack at breaking out of it. Im looking forward to when I can afford to pay for that

steveb8n 2020-09-18T11:51:23.012300Z

When I do, I'll share the results

steveb8n 2020-09-18T02:06:16.001500Z

I’m considering using it in a node.js env for enterprise SAAS, hence the attention to security

2020-09-18T04:31:28.001800Z

Not that I'm aware of. Here is a GH issue that describes some scenarios that might be relevant https://github.com/borkdude/sci/issues/348

steveb8n 2020-09-18T05:09:44.002100Z

good to know. thanks. I plan to run in 1. aws lambda (where I can set a timeout) and 2. browser (where this is a concern) so I’ll keep an eye on progress

borkdude 2020-09-18T06:35:48.003600Z

I’m not sure if this is a problem that can be solved in the browser. But then again, the worst that can happen is that your browser tab freezes.

borkdude 2020-09-18T06:39:53.004700Z

So maybe trying something around webworkers is a more fundamental and better approach

borkdude 2020-09-18T06:41:12.005900Z

As for limiting what people can do in terms of damage, I think the defaults are pretty good

👍 1

borkdude 2020-09-18T06:43:00.007600Z

You can try https://babashka.org/xterm-sci to see if you can do something you should not be able to

borkdude 2020-09-18T10:39:19.010400Z

Using native libsci from Python: https://github.com/borkdude/sci/blob/master/doc/libsci.md#using-libsci-from-python Thanks @sogaiu for the docs.