Remove Sandboxing
On Xcode 11, you can turn off Sandboxing by removing it from the Signing & Capabilities tab:
On Xcode 11, you can turn off Sandboxing by removing it from the Signing & Capabilities tab:
Monkey patching socket ought to do it: import socket def guard(*args, **kwargs): raise Exception(“I told you not to use the Internet!”) socket.socket = guard Make sure this runs before any other import.
Disable the Diagnostic tool under Tools -> Options -> Debugging -> General -> Enable Diagnostic Tools while debugging More information: https://stackoverflow.com/a/31904957/2856307
You are looking for a security manager. You can restrict the permissions of an application by specifying a policy.
You can use sandbox support in nodejs with vm.runInContext(‘js code’, context), sample in api documentation: https://nodejs.org/api/vm.html#vm_vm_runinthiscontext_code_options const util = require(‘util’); const vm = require(‘vm’); const sandbox = { globalVar: 1 }; vm.createContext(sandbox); for (var i = 0; i < 10; ++i) { vm.runInContext(‘globalVar *= 2;’, sandbox); } console.log(util.inspect(sandbox)); // { globalVar: 1024 } WARN: As … Read more
I have accepted Alastair Maw’s answer, as it was his suggestion and links that led me to a workable solution, but I am posting here some details of exactly what I did, for anyone else who may be trying to achieve something similar. As a reminder, in its simplest form my application comprises three assemblies: … Read more
Answer for your non sandbox related question: You have something in your code like this: <button onclick=”myFunction()”>Click me</button> In a nutshell this is not allowed in chrome apps and extensions. Change this to the following and it will work: html: <button id=”myButton”>Click me</button> <script src=”https://stackoverflow.com/questions/36324333/script.js”></script> script.js: document.getElementById(“myButton”).addEventListener(“click”, myFunction); function myFunction(){ console.log(‘asd’); } Long story: In … Read more
You can set the function environment that you run the untrusted code in via setfenv(). Here’s an outline: local env = {ipairs} setfenv(user_script, env) pcall(user_script) The user_script function can only access what is in its environment. So you can then explicitly add in the functions that you want the untrusted code to have access to … Read more
Run the untrusted code in its own thread. This for example prevents problems with infinite loops and such, and makes the future steps easier. Have the main thread wait for the thread to finish, and if takes too long, kill it with Thread.stop. Thread.stop is deprecated, but since the untrusted code shouldn’t have access to … Read more
Looks like Apple has this poorly documented. Basically, you shouldn’t log in with your sandbox user from that screen. Log in when actually prompted by your test IAP. Source: Unable to log in with sandbox test users on device