Re: Evaluation with function whitelist

[Mike Gran]

>Hello, all.
>I've been on this for almost a month now. I'm working on a project for my
>work, where we need a console to control automation. I wanted to use an
>existing language instead of developing one, and I thought Guile would be a
>good choice. Basically, I want the user to be able to open a repl shell,
>but by default it should have *no* bindings except the ones I whitelisted.

>For example, (getcwd) should fail, even (if #t #t #f) should say that "if"
>isn't defined. Then I can add in only the procedures I want (plus a couple
>automation commands). Does anyone know how to do this? I'm at my wit's end.

>I was thinking I could get a list of all the language bindings and un-bind
>them in one fell swoop, but I haven't found a way to do that.

Hello Ryan,

Define a module in a file with the "#:pure" option so that it starts off empty.
Import what you need.
Look at ice-9/safe-r5rs.scm for an example.
Probably in /usr/share/guile/3.0/ice-9/safe-r5rs.scm

Let's say your new module was (ryan stuff) and it could only do display
and eqv?

(define-module (ryan stuff)
  #:pure
  #:use-module ((guile) #:select (display eqv?)
  #:re-export (display eqv?))

To resolve the module
(define m (resolve '(ryan stuff)))

To eval in module
(eval <expression> m)

To make primitive repl

(define (main)
  (let ((m (resolve-module '(ryan stuff))))
    (display "> ")
    (let loop ((expr (read)))
      (write (false-if-exception (eval expr m)))
      (newline)
      (display "> ")
      (loop (read)))))

(main)

But fix primitive repl with better error handling than
'false-if-exception'. And add your own meta-commands.

Using the real repl is probably a no-go, since it has meta-commands
like ",m" that would let the user ignore your whitelist.

I didn't really test this, but it should be mostly correct.

Regards,
Mike Gran