如何保护使用javax.scripting运行的脚本? [英] How do I secure scripts run using javax.scripting?
问题描述
我正在使用 javax.scripting 添加对在服务器端运行任意用户上传的JavaScripts的支持。显然我想要保护这些脚本!
I am using javax.scripting to add support for running arbitrary user-uploaded JavaScripts on the server-side. Obviously I want to secure those scripts!
Rhino本身就有一个用于在运行时保护脚本的框架。但是, javax.scripting 的文档没有提到脚本可用的安全性,权限或限制类。那么这只是 javax.scripting API的一个巨大漏洞,它没有提供一个框架来保护它执行的脚本吗?
Rhino, on it's own, has a framework for securing scripts at runtime. The documentation for javax.scripting, however, doesn't mention security, permissions or restricting classes available to the script. So is this just a huge hole in the javax.scripting API that it doesn't offer a framework to secure scripts it executes?
我不想直接使用Rhino,因为我最初尝试过但是在将Java实例暴露给正在运行的脚本时遇到了一些问题。 javax.scripting 框架使得它(在引擎盖下使用Rhino)使得这个简单且简化了多线程服务器中的运行脚本。
I don't want to use Rhino directly because I originally tried that but had some problems exposing Java instances to the running script. The javax.scripting framework made it (which uses Rhino under the hood) made this trivial and also simplified running scripts in a multi-threaded server.
我想列出可在运行脚本中访问/实例化的Java类。任何人都可以给我一个关于如何实现这个目标的示例或文档吗?
I would like to white-list Java classes that can be accessed/instantiated within the running script. Can anyone point me to an example or documentation on how to achieve this?
推荐答案
事实证明 javax.scripting 不提供安全框架。经过一番搜索,我在Google的缓存中发现了一个文档,建议尝试使用Java的 doPrivilegedAction 框架,但经过一些实验,我无法防止脚本打开套接字或访问文件系统。
It turns out that javax.scripting does not offer a security framework. After some searching I found a document in Google's cache that suggested trying to use Java's doPrivilegedAction framework but after some experimentation, I was unable to get this to prevent the scripts from opening sockets or accessing the filesystem.
在我提出这个问题后,我发现之前在StackOverflow上询问过:如何在沙盒中使用Rhino for Java运行Javascript?在该页面上,它错误地指示包含在JDK6中的Rhino已经确定了安全性。正如我所指出的,我能够从脚本中打开套接字和其他有害操作。
After I asked this question I discovered it was previously asked here on StackOverflow: How can you run Javascript using Rhino for Java in a sandbox? On that page, it falsely indicates that the Rhino included in the JDK6 has security worked out already. As I indicated, I was able to open sockets and other harmful actions from the script.
最后我放弃了 javax.scripting 和嵌入式Rhino直接。通过构建一个自定义的 ContextFactory ,它也是一个 ClassShutter ,我能够轻松实现两个结果:
In the end I abandoned javax.scripting and embedded Rhino directly. By building a custom ContextFactory that is also a ClassShutter I was able to achieve two results easily:
- 将脚本执行时间限制在最长时限
- 限制对我列入白名单的人的类访问权限,这是基本上
java.lang。*以及我服务器层次结构中的几个类。
- Restricts script execution time to a maximum time limit
- Restricts class access to those I have white-listed, which is basically
java.lang.*and a select few classes in my server's hierarchy.
CodeUtopia(我无法链接到,因为作为一个新用户,我不允许链接到一个帖子中的多个页面;但它在另一个StackOverflow帖子中链接)在描述<$ c时很有价值$ c> ClassShutter 架构和Rhino自己的 ContextFactory API页面描述了如何构建自定义 ContextFactory 。
CodeUtopia (which I can't link to because, as a new user, I'm not allowed to link to multiple pages in a single post; but it's linked in the other StackOverflow post) was valuable in describing the ClassShutter architecture and Rhino's own ContextFactory API page describes how to build a custom ContextFactory.
这篇关于如何保护使用javax.scripting运行的脚本?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
