Closed LinqLover closed 2 years ago
For sandboxes, different attack vectors should be discussed when it becomes possible to generate new source code inside the simulator:
SimulationContext>>#runSimulated:contextAtEachStep:
: Could the simulated code try to manipulate the context stack in a way that an injected context looks like the final resume/ensure context, and how should we handle this? Discuss together with #50.
Open issues:
#testClassComment
fails because accesses to the FilePlugin are not allowed - we could either create an exception for the sources file or process these requests outside of the sandbox.#testSubclass
crashes the VM because of something we are doing wrong/differently than normal Trunk during the behavior creation. See: http://lists.squeakfoundation.org/pipermail/squeak-dev/2021-December/217860.html