如何在node.js沙箱中安全地运行用户提交的脚本? [英] How to run user-submitted scripts securely in a node.js sandbox?
问题描述
安全地在node.js中运行(可能是恶意的)用户提交的脚本有哪些选项?即在阻止代码访问敏感数据和API的环境中?
What are the options for running (possibly malicious) user-submitted scripts in node.js, securely? I.e. in an environment that prevents code from accessing sensitive data and APIs?
vm.runInNewContext(userScript,{})
是一个诱人的起点...但似乎有已知问题。
vm.runInNewContext(userScript, {})
is a tempting starting point... but it seems like there are known issues there.
沙盒模块看起来很有趣,但使用 runInNewContext()
以及我对它有点怀疑。
The sandbox module looks interesting, but uses runInNewContext()
as well so I'm a bit leery of it.
推荐答案
您应该始终在单独的进程中运行不受信任的代码,这正是沙盒模块所做的。一个简单的原因是 vm.runInNewContext('while(true){}',{})
将冻结节点。
You should always run untrusted code in a separate process, which is exactly what the sandbox module does. A simple reason is that vm.runInNewContext('while(true){}', {})
will freeze node.
它首先生成一个单独的进程,稍后将在stdout上将结果序列化为JSON。无论子进程执行什么操作,父进程都会继续执行,并且可以触发超时。
It starts by spawning a separate process, which will later send the result serialized to JSON on its stdout. The parent process continues executing regardless of what the child does and can trigger a timeout.
然后将不受信任的代码封装在带有严格模式(在常规JavaScript中,您可以使用 arguments.callee.caller
访问范围之外的数据)。最后,传递了一个非常有限的全局
对象,以防止访问节点的API。不受信任的代码只能进行基本计算,并且无法访问文件或套接字。
The untrusted code is then wrapped in a closure with strict mode (in regular JavaScript, you can use arguments.callee.caller
to access data outside of your scope). Finally, a very limited global
object is passed to prevent access to node's API. The untrusted code can only do basic computation and has no access to files or sockets.
虽然您应该阅读沙盒的代码作为灵感,但我不建议将其用作是:
While you should read sandbox's code as an inspiration, I wouldn't recommend using it as is:
- 代码已经过时且已有7个月没有更新。
- 节点中的子进程模块已经提供了您需要的大部分功能,尤其是 child_process.fork()。
- child_process.fork提供的IPC频道可能有更好的表现。
为了提高安全性,您还可以考虑使用 setuid-sandbox 。这是Google Chrome用于阻止标签流程访问文件系统的代码。你必须制作一个原生模块,但这个示例看起来很简单。
For increased security, you could also consider using setuid-sandbox. It's the code used by Google Chrome to prevent tab processes from accessing the file system. You would have to make a native module, but this example seems straightforward.
这篇关于如何在node.js沙箱中安全地运行用户提交的脚本?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!