LinqLover
commented
2 years ago For sandboxes, different attack vectors should be discussed when it becomes possible to generate new source code inside the simulator:
- [x] See
SimulationContext>>#runSimulated:contextAtEachStep:: Could the simulated code try to manipulate the context stack in a way that an injected context looks like the final resume/ensure context, and how should we handle this? Discuss together with #50.
Open issues:
#testClassCommentfails because accesses to the FilePlugin are not allowed - we could either create an exception for the sources file or process these requests outside of the sandbox.#testSubclasscrashes the VM because of something we are doing wrong/differently than normal Trunk during the behavior creation. See: http://lists.squeakfoundation.org/pipermail/squeak-dev/2021-December/217860.html