From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Mike Gran <spk121@yahoo.com>
Newsgroups: gmane.lisp.guile.user
Subject: Re: Evaluation with function whitelist
Date: Sat, 15 Jul 2023 05:45:52 +0000 (UTC)
Message-ID: <314930819.342984.1689399952041@mail.yahoo.com>
References: <CAGvJ-HSrJFt2FCjdKBcvtf6ud6hdOis3Bx1VWE6UmCOEBaNxrg@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="16874"; mail-complaints-to="usenet@ciao.gmane.io"
To: "guile-user@gnu.org" <guile-user@gnu.org>, 
 Ryan Raymond <rjraymond@oakland.edu>
Original-X-From: guile-user-bounces+guile-user=m.gmane-mx.org@gnu.org Sat Jul 15 07:47:16 2023
Return-path: <guile-user-bounces+guile-user=m.gmane-mx.org@gnu.org>
Envelope-to: guile-user@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <guile-user-bounces+guile-user=m.gmane-mx.org@gnu.org>)
	id 1qKY7f-0004Gy-Hs
	for guile-user@m.gmane-mx.org; Sat, 15 Jul 2023 07:47:15 +0200
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guile-user-bounces@gnu.org>)
	id 1qKY6y-0004gz-KR; Sat, 15 Jul 2023 01:46:32 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <spk121@yahoo.com>) id 1qKY6u-0004gh-H7
 for guile-user@gnu.org; Sat, 15 Jul 2023 01:46:30 -0400
Original-Received: from sonic316-13.consmr.mail.bf2.yahoo.com ([74.6.130.123])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <spk121@yahoo.com>) id 1qKY6r-0005s6-EU
 for guile-user@gnu.org; Sat, 15 Jul 2023 01:46:27 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1689399981; bh=v2WJd9ZAmWVxh3BAzuaFcD3kdJ10Enw44nQcuTH2YSA=;
 h=Date:From:To:In-Reply-To:References:Subject:From:Subject:Reply-To;
 b=YO8R9P9LEUqPtZ3+1sOQU6/VnplfUzdFLLwNNXXmCuYtdQprblSItQyPFjmD0FkS8OwJO4/zY76iYvsLnjf04Xlz1rLlnEDbhmH21P8ihKArIHgcEjyTm/COSyzFZ6ctsDY7ny7nq45KCpC4HDHVwkvIFZEoIM44YXsz2v6Z9UX4QHgK7Ks7feqWBqhohIIQQRT1355DX9Vr8ltz3Nf4THICs6s6hTKriSJvEHL5Uia9zfcHCnkRr0by4eQePYn7pS7q8KfqAZNxIEVfNhYJNBed1OxhAzPFzRjj+qsmhAi/VynIVq0lJjqmgyyqf9wqCR/qCU9w4/hDVHaSsgV73Q==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1689399981; bh=sIfugpfZE/8f7c70DIVe4HYXb2vx7XMyJzNMufUVW9O=;
 h=X-Sonic-MF:Date:From:To:Subject:From:Subject;
 b=inr4bnzmYwt4x0/OGn7lL/0G4QNCtVHxTRIm0h5hnZOf4SgmU/QsqB3ZiP+EGOZ5W4gBcYqpQBYZitxJYQzESLAgRCs7bDM5sI/J6T73xfbEbLh28Wd/8L9Guw/9MtP+ayGXVHKPajBltkFZd+lPieJactZ0kLs5ha2OyOqb1oYV2ro0LxfR/POpprwhO1B0jjBna8DnpIAQ+i4XazNoEiFd3Z2zVBrgCn5yz2a6hkY2yAWv86aLLTKvAccej40Ex6q0OuKgrqWMnqFkpYSJQr4p9GRdmTnv2KHmvmm4q+2Zuezv/h+0GncAk7OMphe0p3cT7LrQp1OveC747THIxQ==
X-YMail-OSG: vUjpTCAVM1mRINWdVF2y0KeISZN589.5uG1OexKQi_34wAiZaOWQvivfTGJFtNL
 85cdG2esfLHSjl9LwFmi2DUs1Vsblx3WFYMCR.W.rk88Qdt2lb1RFDEY.i.46bV5wS_RlJT9NEq6
 REyHrdE2OFdOJddICzHCZc0eItGxDbdKwJiQ57HJh6AH.SUzLU0JQcApI9j0UnwL4DdEUj78DgA7
 uPfJQ7vxpYFtBEp_sjF67nU6pjpacQ7h8eo5.rzcSfMLJbr.FpCsV4NZi2I8nhprT13hR_ooHusN
 FNvebP6XeNNsXyLJys4OctFS9YBdr4rZgomqlWtqkw0MgUNi28o5lQLP3apc6DvogklLGtvueFlR
 vHcs07qzUwWGf2AdJfJnXFiyiLAbn2WcIrRQl4eOE536UlAyVxuPDkNBNQddNEn49ie6.U0CCLOX
 3qD7mk_gLCqwqF3n.0DHkmO2CzypdNPyUPor12pK_P0mzA.7uHjE6cZJ3S7aNmNrAqBnUqF5Gb3M
 xZZe6sLhYZGEFoxOdjVhETd3ecg0frNn3NTxnpZuOIqmLeFLpXxw4CuhtpLWoHto3oaP6KX6JJvd
 u1ODYaOl8IKwJwF7eKVbuPrRmYDgZhND_V52RGHdHttuwz6RAYMqaUUVZa2HwIGUdvCqlREMoT4Z
 e7Q_p5uOiIzgv6l_JdIzn7lnMxc4ZkUnv0CR5cxBIPrL3VerK37GDogzmEv6MV03KlvA3.TOUHqx
 aZ.tUI5LOmUnAzQzs5agDdoZlglJIeJx4U0Vtnvj9KMkFe7uWShOgHSWn1Iaco_iSTv7Ei0_DGsH
 69C8dZgfqFkGFC7btzFbbp5ca57gLiwvRd1r57Tq8A 
X-Sonic-MF: <spk121@yahoo.com>
X-Sonic-ID: 45aab7ae-ccde-4a3d-86c8-24e59fe8529f
Original-Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic316.consmr.mail.bf2.yahoo.com with HTTP; Sat, 15 Jul 2023 05:46:21 +0000
In-Reply-To: <CAGvJ-HSrJFt2FCjdKBcvtf6ud6hdOis3Bx1VWE6UmCOEBaNxrg@mail.gmail.com>
X-Mailer: WebService/1.1.21647 YMailNorrin
Received-SPF: pass client-ip=74.6.130.123; envelope-from=spk121@yahoo.com;
 helo=sonic316-13.consmr.mail.bf2.yahoo.com
X-Spam_score_int: -18
X-Spam_score: -1.9
X-Spam_bar: -
X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: guile-user@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: General Guile related discussions <guile-user.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guile-user>,
 <mailto:guile-user-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guile-user>
List-Post: <mailto:guile-user@gnu.org>
List-Help: <mailto:guile-user-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guile-user>,
 <mailto:guile-user-request@gnu.org?subject=subscribe>
Errors-To: guile-user-bounces+guile-user=m.gmane-mx.org@gnu.org
Original-Sender: guile-user-bounces+guile-user=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.lisp.guile.user:19092
Archived-At: <http://permalink.gmane.org/gmane.lisp.guile.user/19092>

>Hello, all.
>I've been on this for almost a month now. I'm working on a project for my
>work, where we need a console to control automation. I wanted to use an
>existing language instead of developing one, and I thought Guile would be =
a
>good choice. Basically, I want the user to be able to open a repl shell,
>but by default it should have *no* bindings except the ones I whitelisted.

>For example, (getcwd) should fail, even (if #t #t #f) should say that "if"
>isn't defined. Then I can add in only the procedures I want (plus a couple
>automation commands). Does anyone know how to do this? I'm at my wit's end=
.

>I was thinking I could get a list of all the language bindings and un-bind
>them in one fell swoop, but I haven't found a way to do that.

Hello Ryan,

Define a module in a file with the "#:pure" option so that it starts off em=
pty.
Import what you need.
Look at ice-9/safe-r5rs.scm for an example.
Probably in /usr/share/guile/3.0/ice-9/safe-r5rs.scm

Let's say your new module was (ryan stuff) and it could only do display
and eqv?

(define-module (ryan stuff)
=C2=A0 #:pure
=C2=A0 #:use-module ((guile) #:select (display eqv?)
=C2=A0 #:re-export (display eqv?))

To resolve the module
(define m (resolve '(ryan stuff)))

To eval in module
(eval <expression> m)

To make primitive repl

(define (main)
=C2=A0 (let ((m (resolve-module '(ryan stuff))))
=C2=A0 =C2=A0 (display "> ")
=C2=A0 =C2=A0 (let loop ((expr (read)))
=C2=A0 =C2=A0 =C2=A0 (write (false-if-exception (eval expr m)))
=C2=A0 =C2=A0 =C2=A0 (newline)
=C2=A0 =C2=A0 =C2=A0 (display "> ")
=C2=A0 =C2=A0 =C2=A0 (loop (read)))))

(main)

But fix primitive repl with better error handling than
'false-if-exception'. And add your own meta-commands.

Using the real repl is probably a no-go, since it has meta-commands
like ",m" that would let the user ignore your whitelist.

I didn't really test this, but it should be mostly correct.

Regards,
Mike Gran=C2=A0