https://github.com/narrowtux/loppers
Validate quoted elixir code against a function whitelist
https://github.com/narrowtux/loppers
ast elixir whitelist
Last synced: about 1 month ago
JSON representation
Validate quoted elixir code against a function whitelist
- Host: GitHub
- URL: https://github.com/narrowtux/loppers
- Owner: narrowtux
- License: mit
- Created: 2017-07-17T13:40:28.000Z (about 8 years ago)
- Default Branch: master
- Last Pushed: 2024-06-06T15:09:22.000Z (over 1 year ago)
- Last Synced: 2025-08-16T05:27:09.948Z (about 2 months ago)
- Topics: ast, elixir, whitelist
- Language: Elixir
- Size: 27.3 KB
- Stars: 7
- Watchers: 2
- Forks: 2
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Loppers
A code validator for the Elixir-AST.
It can operate on both white- and blacklists.
## Basic example:
```elixir
quoted = quote do
"hello"
|> String.upcase
|> String.pad_leading(4, "0")
end
whitelist = Loppers.special_forms ++ [
{Kernel, :|>},
{String, :upcase},
{String, :pad_leading}
]
:ok = Loppers.validate(quoted, whitelist: whitelist)
```
## Features
* Ideally used in combination with `Code.string_to_quoted/2` to check for
nasty things in untrusted code.
* Operate against a whitelist, blacklist or a mix of both (blacklist > whitelist)
* Works with `alias` and `import` in the code (special handling for that in
the `Loppers.Walk` module)
* Returns the AST-Fragment (including the line number if your compiler provides it)
so you can add squiggly lines to the editor at the right place.
* Whitelist a module with functions with `{Application.Callbacks, :__all__}`
* Whitelist a module with all child-modules and functions with `{Application.Callbacks, :__submodules_all__}`
## Installation
The package can be installed by adding `loppers` to your list of dependencies
in `mix.exs`:
```elixir
def deps do
[{:loppers, "~> 0.1.2"}]
end
```