Hi. Is it possible to disallow any interop under JVM?
(sci/eval-string "(new String \"foo\")" {:deny '[new]})
works fine, producing clojure.lang.ExceptionInfo: new is not allowed! exception, while
(sci/eval-string "(String. \"foo\")" {:deny '[new]})
just works.
SOLVEDString is added by default. you can remove it with {:classes {'String nil}} I think
Thanks, it worked! Any other default classes I should be aware of?
Thanks you very much @borkdude!
What's the reason for disallowing interop btw?
There may be some things that won't work, like assert since it's a macro that expands into Java interop, but perhaps that's not important
I'd like to minimize potentially unsafe code generated by LLM
The SCI sandbox should be safe by default, the default classes aren't going to modify your host environment (I think...)
I see, thanks.