Fix a hole where lazy seqs were getting realized outside the sandbox.

Raynes · Raynes · commit c415f3e6609e · 2013-03-12T22:01:53.000-07:00
diff --git a/src/clojail/core.clj b/src/clojail/core.clj
@@ -9,9 +9,7 @@
 (defn eagerly-consume
   "Recursively force all lazy-seqs in val."
   [val]
-  (try
-    (postwalk-replace {} val)
-    (catch Throwable _))
+  (postwalk-replace {} val)
   val)
 
 (def ^{:doc "Create a map of pretty keywords to ugly TimeUnits"}
@@ -161,7 +159,7 @@
                                          (read-string ~tester-str)))
                        ~(make-dot tester-sym)
                        ~(ensafen code))]
-        (with-bindings bindings (transform (jvm-sandbox #(eval code) context)))))))
+        (with-bindings bindings (jvm-sandbox #(transform (eval code)) context))))))
 
 (defn set-security-manager
   "Sets the system security manager to whatever you pass. Passing nil is
diff --git a/test/clojail/core_test.clj b/test/clojail/core_test.clj
@@ -168,3 +168,8 @@
                  x))
          '(dotimes [n 1000000]
             (Math/ceil n)))))
+
+(deftest laziness-test
+  (let [sb (sandbox secure-tester)]
+    (is (thrown-with-msg? Exception #"access denied"
+          (sb '(map slurp ["project.clj"]))))))
