Comments (3)
There's currently no mechanism to disable import
of third-party packages at runtime.
Implementing it would be very easy, just a few lines of code.
A word of warning: if you are thinking about using gomacro to create a "safe sandbox", where you can execute arbitrary untrusted Go code, disabling import
of third-party packages is definitely not enough.
You also need to limit import
of standard library packages to a set of white-listed packages - for example, you probably don't want os.Create()
and exec.Cmd
Also, same-language sandboxes don't work very well: the Java Applet security disaster taught a harsh lesson on this topic.
Let me explain: gomacro is written in Go, and the Go code interpreted by it uses normal Go objects through gomacro code itself, through the reflect
package and through Go runtime - all of them are written in Go.
A diagram would be:
+-------------+ +---------+ +---------+ +---------+ +------+
| untrusted | | | | reflect | | Go | | |
| interpreted | <-> | gomacro | <-> | package | <-> | runtime | <-> | OS |
| code | | | | | | | | |
+-------------+ +---------+ +---------+ +---------+ +------+
Starting from the right, the OS trusts the system calls it receives, i.e. (by default) it does not "sandbox" processes.
Similarly, the Go runtime trusts the function calls it receives and has no "sandbox" mechanism at all.
Idem for the reflect package: it trusts the caller of their functions, and has no "sandbox" mechanism at all.
Idem for gomacro itself: it trusts the code it interprets, and has no "sandbox" mechanism at all.
In theory, one can try adding a sandbox mechanism at some level,
but in this case the only effective one is at the OS level,
for example with Linux containers/chroot (which often have escapes) or better, BSD jails.
Adding a sandbox mechanism at any other level is not robust:
it's all Go code, and as soon as the untrusted interpreted code
manages to somehow put its hands on an "unsafe" value or type
(typically by inspecting the content of some "safe" value or type through reflection)
the sandbox has failed.
In other words, there is no language barrier, which is one of the few places where one can add a robust sandbox mechanism.
from gomacro.
Oh yeah, no not-trusted logic execution is needed - just to not scare users, when by accident user will add some unsupported module import and gomacro would try to get it. Just trying to make the module-writers life a bit easier in the future. But could imagine how the complete whitelist of imports will be helpful in other projects to sandbox the logic.
Yeah I agree - any sandboxing is much more complex system, which involves the OS fortification, but let's look at the limitations of imports as just another tool to steer the user in the right direction. It should have a huge warning in docs, that this feature is not for executin ofg the untrusted code.
I would love to try my skills and add this import limit feature to the gomacro - but not sure how much it will take...
from gomacro.
Oh, that was much easier than I expected! So, added #152 : I found that it's relatively easy to manipulate the imports.Packages
map in case you want to disable some import functionality for the gomacro scripts. So in general case manipulation with imports.Packages
(like removing not wanted or adding wanted package addresses there) and a simple variable BlockExternal
in Importer and checking it in doImportPackagesOrError
function will do the trick for me.
Also I noticed a possible need for Allow/Deny lists, so added them there as well - by default they are empty so should not penalty the performance much. But if you think it's too much - they are not needed for this particular issue I described, I will be good just with BlockExternal
functionality.
Not quite sure if interp.Comp.CompGlobals.Importer.BlockExternal = true
is a good interface (so feel free to suggest the better place), but works for me just fine.
from gomacro.
Related Issues (20)
- I would like a full working example how to inject my application context(types and functions) in the REPL HOT 9
- Extract struct with methods from script to compiled code HOT 2
- Proxy can mix the called method of the imported structure HOT 3
- integrate with https://github.com/go-rod/rod HOT 2
- I'm unable to compile code importing gomacro on Mac OS m1 pro HOT 7
- Is there a way to Eval a folder HOT 5
- recursive type error cases: call of reflect.Value.Interface on zero Value HOT 6
- can't import fsm package HOT 4
- Different compilation behaviour from native go HOT 2
- undefined: pkgpath HOT 3
- Cannot convert struct to interface if it has an embedded struct with a method HOT 4
- Cannot import third party packages on Linux (not even the ones in the README) HOT 2
- Third-party imported type method is not callable from fast.Interp.Eval [gomacro repl works] HOT 4
- Idea for making adding third party packages to Gomacro easier when plugins aren't available HOT 3
- recursive type error cases: call of reflect.Value.Interface on zero Value
- can not import 3rd party packages HOT 13
- package <package> exports zero constants, functions, types, and variables HOT 3
- Caching of interp.Eval1 results HOT 13
- An error will be reported when using third-party packages on Windows HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gomacro.