I use JRuby in my Java application to allow users to run their scripts. The set of operations needed for normal function of the application is not big. The script should control some variables in Java code and change the process during the execution.
So I want to have an opportunity to limit the number of allowed operations. Say, I don’t want the users have an access to the file system.
f = File.new("myfile.txt", "w")
f.puts( "Hello!" )
f.close
This should be forbidden.
How can I do such a setting? The only idea I have is to parse the user-script before the launch and to compare the script with white list of allowed operations.
What you should do is create a white list of allowed commands. If a script is found to contain a command that is not in the white list you need to reject the entire script. A security manager as Andrew Thompson points out is a good extra layer, but it is not the end of the security layering. I don’t think running in a sandboxed applet is really going to buy you that much, since you still have to determine if the script was valid to begin with.
WHITE LIST EXAMPLE
Typically when you generate a white list there are a limited number of options/commands you want users to be able to choose from and the rest become discarded. you would create some enumeration or final data structure (to minimize its ability to be modified during runtime by malicious programs). If you wanted users to only have the option to invoke your function
fooand notbaryou could write something like this, which is completely primitive but illustrates the concept:and in your main something like this: