Sandboxing and preventing DoS attacks
32 views
Skip to first unread message
Matt Warren
Jul 19, 2012, 5:32:56 AM7/19/12
to iro...@googlegroups.com
I've done some work to embedded IronJS inside RavenDB (see https://github.com/ayende/ravendb/pull/121). As RavenDB uses Json docs internally, the idea is to let the user supply a piece of Javascript, the will be applied to each document, to modify it server-side, something like this:;
var doc = <SOME JSON>;(function(doc){{this.Id = 'Something new';
this.Value++;this.Comments.splice(2, 1);this.newValue = ""err!!"";this.Comments.Map(function(comment) {return (comment == ""one"") ? comment + "" test"" : comment;});"}}).apply(doc);What is the best way to protect this, I mean things like the user submitting a script that has "while(true)" in it? Are there timeout options?What about security? The only functions that have access to are the ones that IronJS exposes plus Map (https://github.com/mattwarren/ravendb/blob/master/Raven.Database/Json/Map.js)What is built-in to IronJS to handle this sort of scenarios?
albert...@ynnovahq.com
Jul 24, 2012, 5:19:53 PM7/24/12
to iro...@googlegroups.com
Hi Matt
I had the same problem about endless loops and infinite recursion and I asked a similar question in this post.
A way for protecting from "while(true)" could be to run the script in a separated thread, and implementing something like a watchdog monitoring the thread and deciding to kill the thread in case it is taking too long time to finish.
Another way could be to create another AppDomain (if your process has the permission to do it) and run the script there...this could protect your process to die due to a StackOverflow Exception raised in case of infinite recursion in the script to be executed.
Did you find any other solution in the while?
Bye
Alberto
Matt Warren
Jul 25, 2012, 4:33:34 AM7/25/12
to iro...@googlegroups.com, albert...@ynnovahq.com
Hi Alberto
Thanks for the reply, the method we came up with, was to disallow certain words inside the scrip, using regex.
You can see the code here https://github.com/ayende/ravendb/blob/1.2/Raven.Database/Json/ScriptedJsonPatcher.cs#L112.
Basically for our needs, preventing the script from containing "while", "for", "eval", "function" etc is acceptable.
albert...@ynnovahq.com
Jul 25, 2012, 4:42:13 PM7/25/12
to iro...@googlegroups.com, albert...@ynnovahq.com
Hi Matt,
interesting idea..simple but effective!
ActualIy I didn't think about this way, but it is true...if the script doesn't need to support cycle and function call, this method is perfect.
Thank you for sharing it.
Bye
Alberto
Reply all
Reply to author
Forward
0 new messages