I'm using clojail library for sandboxing but it does not behave as expected.
Here is the code:
(ns jail.core
(:require [clojail.core :as s]
[clojail.testers :as t]))
(def my-tester [(t/blacklist-objects [clojure.lang.RT])
(t/blanket "clojail")])
(def sb (s/sandbox my-tester))
(println (sb '(do
(import clojure.lang.RT)
(RT/errPrintWriter))))
At (import clojure.lang.RT) line it has to throw SecurityException but it does not.
It returns PrintWriter(errPrintWriter) object.
It turns out if I don't pass the class object to import macro, it just works but I think the behaviour is kinda odd.
Here:
(println (sb '(do
clojure.lang.RT
(RT/errPrintWriter))))
Now I'm getting Security Exception, the import macro somehow prevents clojail to throw Security Exception.