Script Validation

Hi,

I’m currently hosting IronRuby within a C# Application. Is there any way
to
validate the IronRuby scripts that will be invoked by the DLR?

For example I’d like to prevent users from executing scripts that
include
the “require” statement or an impersonation statement…

Any ideas?

thx

Thorsten

Regex and filter it. I don’t think the DLR has a sandbox mechanism for
this.

I just recently had the same question in mind - how could one sandbox
IronRuby?

I’d imagine that .NET’s built-in security model could be used to prevent
the
app from accessing the file system, P/Invoking, etc; however, I don’t
know
if the security model is fine grained enough to apply to just a
particular
AppDomain. If it it is, then you could probably use IronRuby’s built-in
method for running scripts in another AppDomain - one that’s locked
down.

I’m sort of ignorant in this area though, so I can’t really help that
much.
Hopefully someone smarter than myself will chime in.

-Charles

We have a sandboxing mechanism - we rely on CLR’s AppDomains:
http://blogs.msdn.com/b/shawnfa/archive/2005/08/08/449050.aspx
You can use this API in conjunction with
ScriptRuntime.CreateRemote(appDomain, setup) DLR Hosting API.

I wouldn’t even try to do any source code analysis to ensure security
rules if I were you. You’d be doomed to failure. For example, consider
this script

string my_script = @“x, y = ‘u’, ‘b’; eval(“req#{x}uire
#{y}ad_script”)”

how do you analyze that? (Not that it would be completely impossible to
do so in this particular case, but you get the point.)

Tomas

From: [email protected]
[mailto:[email protected]] On Behalf Of Dody
Gunawinata
Sent: Thursday, August 12, 2010 3:17 AM
To: [email protected]
Subject: Re: [Ironruby-core] Script Validation

Regex and filter it. I don’t think the DLR has a sandbox mechanism for
this.
On Thu, Aug 12, 2010 at 12:57 PM, Thorsten Hans
<[email protected]mailto:[email protected]d> wrote:
Hi,

I’m currently hosting IronRuby within a C# Application. Is there any way
to validate the IronRuby scripts that will be invoked by the DLR?

For example I’d like to prevent users from executing scripts that
include the “require” statement or an impersonation statement…

Any ideas?

thx

Thorsten

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs