Reputation: 4684
I use JRuby in my Java application to allow users to run their scripts. The set of operations needed for normal function of the application is not big. The script should control some variables in Java code and change the process during the execution.
So I want to have an opportunity to limit the number of allowed operations. Say, I don't want the users have an access to the file system.
f = File.new("myfile.txt", "w")
f.puts( "Hello!" )
f.close
This should be forbidden.
How can I do such a setting? The only idea I have is to parse the user-script before the launch and to compare the script with white list of allowed operations.
Upvotes: 2
Views: 172
Reputation: 307
JRuby allows you to define a Profile that lets you intercept certain methods. You can call setProfile
on a org.jruby.embed.ScriptingContainer
. Your problem is most probably solved by a combination of this and a Java SecurityManager.
Alternatively, you may want to look at it as a Ruby problem, instead of a Java problem:
eval
Ruby code and intercept every outing call.Upvotes: 0
Reputation: 24336
What you should do is create a white list of allowed commands. If a script is found to contain a command that is not in the white list you need to reject the entire script. A security manager as Andrew Thompson points out is a good extra layer, but it is not the end of the security layering. I don't think running in a sandboxed applet is really going to buy you that much, since you still have to determine if the script was valid to begin with.
WHITE LIST EXAMPLE
Typically when you generate a white list there are a limited number of options/commands you want users to be able to choose from and the rest become discarded. you would create some enumeration or final data structure (to minimize its ability to be modified during runtime by malicious programs). If you wanted users to only have the option to invoke your function foo
and not bar
you could write something like this, which is completely primitive but illustrates the concept:
class WhiteList
{
allowedCommands = ["foo"];
}
and in your main something like this:
class Main
{
for(Command command in userInput)
{
if(command not in allowedCommands)
{
log security message;
continue/break
}
}
}
Upvotes: 4
Reputation: 168845
Install a SecurityManager
1 for the user code. Or even easier, run the code from a sand-boxed applet or JWS launched application.
The security manager is a class that allows applications to implement a security policy. It allows an application to determine, before performing a possibly unsafe or sensitive operation, what the operation is and whether it is being attempted in a security context that allows the operation to be performed. The application can allow or disallow the operation.
Upvotes: 1