Running JS code on a server

Tony Rice tony at automate.ly
Mon May 1 16:46:40 UTC 2017 

I work on a project called automately (https://github.com/Automately/) that utilizes the Nashorn engine and implements some custom sandboxing methods. You can explore the automtely-core project and it should give you an idea of how you can do that.





---- On Mon, 01 May 2017 11:20:04 -0500 Eliezer Julian <Eliezer.Julian at sapiens.com> wrote ----




How, thanks for the suggestions. Like I wrote in my original post I have already limited class access. My concern now is something like an endless loop or extreme memory allocation which can tie up resources of the server 



________________________________ 

From: G W <grwongku at gmail.com> 

Sent: Monday, May 1, 2017 6:18:02 PM 

To: Eliezer Julian 

Cc: nashorn-dev at openjdk.java.net; Chen Malka; Elior Apelbaum; Moshe Robinov 

Subject: Re: Running JS code on a server 



Eli, 

Have you tried implementing jdk.nashorn.api.scripting.ClassFilter to limit Class access. Also for resource access, you need to to create wrappers. 

e.g. for File access: 

function File(f){ 

this.file = f; 

this.delete = function(){ 

org.sprnkl.server.js.SprnklFile.delete(jsrequestobj,this.file); 

return this; 

} 

this.create = function(dr){ 

org.sprnkl.server.js.SprnklFile.create(jsrequestobj,this.file); 

return this; 

} 

this.read = function(){ 

return org.sprnkl.server.js.SprnklFile.read(jsrequestobj,this.file); 

} 

this.exists = function(){ 

return org.sprnkl.server.js.SprnklFile.exists(jsrequestobj,this.file); 

} 

this.length = function(){ 

return Math.round(org.sprnkl.server.js.SprnklFile.length(jsrequestobj,this.file)); 

} 

this.list = function(){ 

return org.sprnkl.server.js.SprnklFile.list(jsrequestobj,this.file); 

} 

this.isDirectory = function(){ 

return org.sprnkl.server.js.SprnklFile.isDirectory(jsrequestobj,this.file); 

} 

this.readString = function(){ 

var rb = this.read(); 

var rb2 = []; 

for (var ct = 0;ct < rb.length;ct++){ 

rb2.push(rb[ct]); 

} 

return String.fromCharCode.apply(String, rb2); 

} 

this.write = function(b,dr){ 

if (dr == undefined) dr = true; 



org.sprnkl.server.js.SprnklFile.write(jsrequestobj,this.file,b,dr); 

return this; 

} 

this.writeString = function(s,dr){ 

return this.write(s.getBytes(),dr); 

} 

} 



I have a Framework that is a work in process. Would be happy to share the code if interested. 

Regards 



On Mon, May 1, 2017 at 8:55 AM, Jim Laskey (Oracle) <james.laskey at oracle.com<mailto:james.laskey at oracle.com>> wrote: 

From: Eliezer Julian <Eliezer.Julian at sapiens.com<mailto:Eliezer.Julian at sapiens.com> <mailto:Eliezer.Julian at sapiens.com<mailto:Eliezer.Julian at sapiens.com>>> 

Subject: Running JS code on a server 

Date: May 1, 2017 at 6:28:05 AM ADT 

To: "nashorn-dev at openjdk.java.net<mailto:nashorn-dev at openjdk.java.net> <mailto:nashorn-dev at openjdk.java.net<mailto:nashorn-dev at openjdk.java.net>>" <nashorn-dev at openjdk.java.net<mailto:nashorn-dev at openjdk.java.net> <mailto:nashorn-dev at openjdk.java.net<mailto:nashorn-dev at openjdk.java.net>>> 

Cc: Elior Apelbaum <Elior.Apelbaum at sapiens.com<mailto:Elior.Apelbaum at sapiens.com> <mailto:Elior.Apelbaum at sapiens.com<mailto:Elior.Apelbaum at sapiens.com>>>, Moshe Robinov <Moshe.Robinov at sapiens.com<mailto:Moshe.Robinov at sapiens.com> <mailto:Moshe.Robinov at sapiens.com<mailto:Moshe.Robinov at sapiens.com>>>, Chen Malka <chen.malka at sapiens.com<mailto:chen.malka at sapiens.com> <mailto:chen.malka at sapiens.com<mailto:chen.malka at sapiens.com>>> 





Hi, 



I am developing a server side application and would like to add a feature that allows a user to submit JS code to be executed via Nashorn. My concern is that a user may submit malicious code that may compromise the server. I have already limited the script’s access to the bare minimum of Java classes, and have implemented a mechanize to kill the script if execution time runs over a certain limit. I have also manually removed many of the special methods such as print, echo, exit and quit from the Bindings object. However, this is extremely limited in scope compared to the damage a willfully malicious user may be able to effect via this feature (such as allocating too much memory, try to access the file system via the script, etc.). I was wondering if the Nashorn development team had any recommendations as far as security is concerned, and whether there are any plans to add additional security features in the future. 



Thanks, 



Eli Julian 

Software Developer 

Decision Division 



Email: eliezer.julian at sapiens.com<mailto:eliezer.julian at sapiens.com> <mailto:eliezer.julian at sapiens.com<mailto:eliezer.julian at sapiens.com>> 

Office: +972-3-7902155 

Mobile: +972-50-3697238 

Skype handle: eli_julian 

Visit us at: www.sapiens.com<http://www.sapiens.com> <http://www.sapiens.com/>

More information about the nashorn-dev mailing list