Raxol.Sandbox (Raxol v2.6.0)

View Source

Sandbox execution environment for untrusted code.

Provides process isolation and resource limiting for running untrusted code safely.

Example

{:ok, result} = Raxol.Sandbox.execute(fn ->
  untrusted_code()
end,
  timeout: 5_000,
  memory_limit: 100_000_000,
  allowed_modules: [String, Enum]
)

Note

This module provides basic sandboxing. For production use with untrusted code, consider additional security measures such as OS-level containerization.

Summary

Functions

Check if sandbox mode is available.

Execute code in a sandboxed environment.

Functions

available?()

@spec available?() :: true

Check if sandbox mode is available.

execute(fun, opts \\ [])

@spec execute(
  (-> any()),
  keyword()
) :: {:ok, any()} | {:error, term()}

Execute code in a sandboxed environment.

Options

  • :timeout - Maximum execution time in milliseconds (default: 5000)
  • :memory_limit - Maximum memory in bytes (advisory, not enforced)
  • :allowed_modules - List of modules the code can use (not enforced in basic mode)

Example

{:ok, result} = Raxol.Sandbox.execute(fn ->
  String.upcase("hello")
end, timeout: 1000)