Reputation: 4684
Is it possible to limit allowed JRuby commands in a Java application?
I use JRuby in my Java application to allow users to run their scripts. The set of operations needed for normal function of the application is not big. The script should control some variables in Java code and change the process during the execution.
So I want to have an opportunity to limit the number of allowed operations. Say, I don't want the users have an access to the file system.
f = File.new("myfile.txt", "w")
f.puts( "Hello!" )
f.close
This should be forbidden.
How can I do such a setting? The only idea I have is to parse the user-script before the launch and to compare the script with white list of allowed operations.
Upvotes: 2
Views: 172
Answers (3)
Reputation: 307
JRuby allows you to define a Profile that lets you intercept certain methods. You can call setProfile on a org.jruby.embed.ScriptingContainer. Your problem is most probably solved by a combination of this and a Java SecurityManager.
Alternatively, you may want to look at it as a Ruby problem, instead of a Java problem:
- Shikashi is a Ruby sandbox that lets you intercept calls. Evalhook is at its core that, basically, lets
evalRuby code and intercept every outing call.
Upvotes: 0
Reputation: 24336
What you should do is create a white list of allowed commands. If a script is found to contain a command that is not in the white list you need to reject the entire script. A security manager as Andrew Thompson points out is a good extra layer, but it is not the end of the security layering. I don't think running in a sandboxed applet is really going to buy you that much, since you still have to determine if the script was valid to begin with.
WHITE LIST EXAMPLE
Typically when you generate a white list there are a limited number of options/commands you want users to be able to choose from and the rest become discarded. you would create some enumeration or final data structure (to minimize its ability to be modified during runtime by malicious programs). If you wanted users to only have the option to invoke your function foo and not bar you could write something like this, which is completely primitive but illustrates the concept:
class WhiteList
{
allowedCommands = ["foo"];
}
and in your main something like this:
class Main
{
for(Command command in userInput)
{
if(command not in allowedCommands)
{
log security message;
continue/break
}
}
}
Upvotes: 4
Reputation: 168845
Install a SecurityManager1 for the user code. Or even easier, run the code from a sand-boxed applet or JWS launched application.
The security manager is a class that allows applications to implement a security policy. It allows an application to determine, before performing a possibly unsafe or sensitive operation, what the operation is and whether it is being attempted in a security context that allows the operation to be performed. The application can allow or disallow the operation.
Upvotes: 1
Related Questions
- Prevent Java Application from performing malicious activities
- Does the JVM have features to only execute a white-list of files?
- Java security policy restrict RuntimePermission exitVM
- Run java with highest security setting
- Is it possible to stop Ruby scripts from importing Java in JRuby?
- How to disable calls to certain Java packages from Jython
- Disallow ENV and ENV_JAVA in JRuby
- Java Security Manager for JRuby
- SAFE levels in JRuby
- How to restrict program resources + rights in JVM/OSGi?