- safe_goal(:Goal) is det
- True if calling Goal provides no security risc. This implies
that:
- The call-graph can be fully expanded. Full expansion stops
if a meta-goal is found for which we cannot determine enough
details to know which predicate will be called.
- All predicates referenced from the fully expanded are
whitelisted by the predicate safe_primitive/1 and safe_meta/2.
- It is not allowed to make explicitly qualified calls into
modules to predicates that are not exported or declared
public.
- Errors
- - instantiation_error if the analysis encounters a term in
a callable position that is insufficiently instantiated
to determine the predicate called.
- -
permission_error(call, sandboxed, Goal)
if Goal is in
the call-tree and not white-listed.