Skip to content
/ loppers Public
forked from narrowtux/loppers

Validate quoted elixir code against a function whitelist

License

MIT license
1 star 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

h4cc/loppers

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
config
config
 
 
lib
lib
 
 
test
test
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
mix.exs
mix.exs
 
 
mix.lock
mix.lock
 
 
test.exs
test.exs
 
 

Repository files navigation

Loppers

A code validator for the Elixir-AST.

It can operate on both white- and blacklists.

Basic example:

quoted = quote do
  "hello"
  |> String.upcase
  |> String.pad_leading(4, "0")
end
whitelist = Loppers.special_forms ++ [
  {Kernel, :|>},
  {String, :upcase},
  {String, :pad_leading}
]
:ok = Loppers.validate(quoted, whitelist: whitelist)

Features

  • Ideally used in combination with Code.string_to_quoted/2 to check for nasty things in untrusted code.
  • Operate against a whitelist, blacklist or a mix of both (blacklist > whitelist)
  • Works with alias and import in the code (special handling for that in the Loppers.Walk module)
  • Returns the AST-Fragment (including the line number if your compiler provides it) so you can add squiggly lines to the editor at the right place.
  • Whitelist a module with functions with {Application.Callbacks, :__all__}
  • Whitelist a module with all child-modules and functions with {Application.Callbacks, :__submodules_all__}

Installation

The package can be installed by adding loppers to your list of dependencies in mix.exs:

def deps do
  [{:loppers, "~> 0.1.2"}]
end

About

Validate quoted elixir code against a function whitelist

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Elixir 100.0%