sandbox

Disable Java reflection for the current thread

混江龙づ霸主 提交于 2019-11-26 11:09:44
问题 I need to call some semi-trustworthy Java code and want to disable the ability to use reflection for the duration of that code\'s execution. try{ // disable reflection somehow someObject.method(); } finally{ // enable reflection again } Can this be done with a SecurityManager, and if so, how? Clarification/Context: This is a follow-up to another question about restricting the packages that can be called from JavaScript/Rhino. The accepted answer references a blog entry on how to do that, and

Access window variable from Content Script [duplicate]

99封情书 提交于 2019-11-26 09:30:01
问题 This question already has answers here : Chrome extension - retrieving global variable from webpage (5 answers) Hijacking a variable with a userscript for Chrome (1 answer) Closed 5 years ago . I have a Chrome Extension that is trying to find on every browsed URL (and every iframe of every browser URL) if a variable window.my_variable_name exists. So I wrote this little piece of content script : function detectVariable(){ if(window.my_variable_name || typeof my_variable_name !== \"undefined\"

UIImage Saving image with file name on the iPhone

a 夏天 提交于 2019-11-26 08:27:49
问题 How can I save an image (like using UIImageWriteToSavedPhotosAlbum() method) with a filename of my choice to the private/var folder? 回答1: Kenny, you had the answer! For illustration I always think code is more helpful. //I do this in the didFinishPickingImage:(UIImage *)img method NSData* imageData = UIImageJPEGRepresentation(img, 1.0); //save to the default 100Apple(Camera Roll) folder. [imageData writeToFile:@"/private/var/mobile/Media/DCIM/100APPLE/customImageFilename.jpg" atomically:NO];

Is there a PHP Sandbox, something like JSFiddle is to JS? [closed]

我与影子孤独终老i 提交于 2019-11-26 06:50:57
问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 5 years ago . Is there a PHP Sandbox, something like JSFiddle is to JS? 回答1: If you are just looking for an online site to play around with PHP code, try http://phpfiddle.org/ http://ideone.com/ https://codeanywhere.net/ http://www.tehplayground.com/ http://sandbox.onlinephpfunctions.com/ http://codepad.org/ https://eval.in/

Preventing Python code from importing certain modules?

☆樱花仙子☆ 提交于 2019-11-26 06:37:38
问题 I\'m writing an application where users can enter a python script and execute it in a sandbox. I need a way to prevent the exec\'ed code from importing certain modules, so malicious code won\'t be as much of a problem. Is there a way to do this in Python? 回答1: If you put None in sys.modules for a module name, in won't be importable... >>> import sys >>> import os >>> del os >>> sys.modules['os']=None >>> import os Traceback (most recent call last): File "<stdin>", line 1, in <module>

Sandbox against malicious code in a Java application

南楼画角 提交于 2019-11-26 05:54:21
In a simulation server environment where users are allowed to submit their own code to be run by the server, it would clearly be advantageous for any user-submitted code to be run in side a sandbox, not unlike Applets are within a browser. I wanted to be able to leverage the JVM itself, rather than adding another VM layer to isolate these submitted components. This kind of limitation appears to be possible using the existing Java sandbox model, but is there a dynamic way to enable that for just the user-submitted parts of a running application? Run the untrusted code in its own thread. This

How do I create a Java sandbox?

岁酱吖の 提交于 2019-11-26 04:39:10
问题 I want to make my application to run other people\'s code, aka plugins. However, what options do I have to make this secure so they don\'t write malicious code. How do I control what they can or can not do? I have stumbled around that JVM has a \"built in sandbox\" feature - what is it and is this the only way? Are there third-party Java libraries for making a sandbox? What options do I have? Links to guides and examples is appreciated! 回答1: You are looking for a security manager. You can

Run an untrusted C program in a sandbox in Linux that prevents it from opening files, forking, etc.?

喜你入骨 提交于 2019-11-26 04:30:43
问题 I was wondering if there exists a way to run an untrusted C program under a sandbox in Linux. Something that would prevent the program from opening files, or network connections, or forking, exec, etc? It would be a small program, a homework assignment, that gets uploaded to a server and has unit tests executed on it. So the program would be short lived. 回答1: I have used Systrace to sandbox untrusted programs both interactively and in automatic mode. It has a ptrace()-based backend which

Sandbox against malicious code in a Java application

狂风中的少年 提交于 2019-11-26 01:56:03
问题 In a simulation server environment where users are allowed to submit their own code to be run by the server, it would clearly be advantageous for any user-submitted code to be run in side a sandbox, not unlike Applets are within a browser. I wanted to be able to leverage the JVM itself, rather than adding another VM layer to isolate these submitted components. This kind of limitation appears to be possible using the existing Java sandbox model, but is there a dynamic way to enable that for

How can I create a secure Lua sandbox?

▼魔方 西西 提交于 2019-11-26 01:49:28
问题 So Lua seems ideal for implementing secure \"user scripts\" inside my application. However, most examples of embedding lua seem to include loading all the standard libraries, including \"io\" and \"package\". So I can exclude those libs from my interpreter, but even the base library includes the functions \"dofile\" and \"loadfile\" which access the filesystem. How can I remove/block any unsafe functions like these, without just ending up with an interpreter that doesn\'t even have basic
订阅 sandbox