Prolog is a full-featured Turing complete programming language in which
it is easy to write programs that can harm your computer. On the other
hand, Prolog is a logic based query language which can be exploited to
query data interactively from, e.g., the web. This library provides
safe_goal/1, which determines whether it is safe to call its argument.
- See also
- - http://www.swi-prolog.org/pldoc/package/pengines.html
- To be done
- - Handling of ^ and // meta predicates
- - Complete set of whitelisted predicates
- Call Goal if it complies with the sandboxing rules. Before
calling Goal, it performs expand_goal/2, followed by
safe_goal/1. Expanding is done explicitly because situations in
which safe_call/1 typically concern goals that are not known at
- See also
- - safe_goal/1.
- safe_goal(:Goal) is det
- True if calling Goal provides no security risc. This implies
- The call-graph can be fully expanded. Full expansion stops
if a meta-goal is found for which we cannot determine enough
details to know which predicate will be called.
- All predicates referenced from the fully expanded are
whitelisted by the predicate safe_primitive/1 and safe_meta/2.
- It is not allowed to make explicitly qualified calls into
modules to predicates that are not exported or declared
- - instantiation_error if the analysis encounters a term in
a callable position that is insufficiently instantiated
to determine the predicate called.
permission_error(call, sandboxed, Goal) if Goal is in
the call-tree and not white-listed.
- safe_primitive(?Goal) is nondet[multifile]
- True if Goal is safe to call (i.e., cannot access dangerous
system-resources and cannot upset other parts of the Prolog
process). There are two types of facts. ISO built-ins are
declared without a module prefix. This is safe because it is not
allowed to (re-)define these primitives (i.e., give them an
unsafe implementation) and the way around
(redefine_system_predicate/1) is unsafe. The other group are
module-qualified and only match if the system infers that the
predicate is imported from the given module.
- safe_global_variable(Name) is semidet[multifile]
- Declare the given global variable safe to write to.
- safe_meta(+Goal, -Called:list(callable)) is semidet[multifile]
- Hook. True if Goal is a meta-predicate that is considered safe
iff all elements in Called are safe.
- format_calls(+Format, +FormatArgs, -Calls)
- Find ~@ calls from Format and Args.
- prolog:sandbox_allowed_directive(:G) is det[multifile]
- Throws an exception if G is not considered a safe directive.
- safe_directive(:Directive) is semidet[multifile]
- Hook to declare additional directives as safe. The argument is a
:- wrapper). In almost all
cases, the implementation must verify that the Module is the
current load context as illustrated below. This check is not
performed by the system to allow for cases where particular
cross-module directives are allowed.
- safe_prolog_flag(+Flag, +Value) is det[multifile]
- True if it is safe to set the flag Flag to Value.
- To be done
- - If we can avoid that files are loaded after changing
this flag, we can allow for more flags. The syntax
flags are safe because they are registered with the
- prolog:sandbox_allowed_expansion(:G) is det[multifile]
- Throws an exception if G is not considered a safe expansion
goal. This deals with call-backs from the compiler for
Our assumption is that external expansion rules are coded safely
and we only need to be careful if the sandboxed code defines
- prolog:sandbox_allowed_goal(:G) is det[multifile]
- Throw an exception if it is not safe to call G