Why not whitelist? A list of function allow to use will be better.
Kwanhur Huang TL;DR > 2022年3月30日 下午1:55,shirui zhao <zhaoth...@gmail.com> 写道: > > Hello, community, > > I noticed that Apache APISIX supports serverless plugins for hot loading > user's code, which is a very nice feature. However, Apache APISIX does not > seem to limit the execution environment of these hot codes, and there may be > some risks. > The hot code loaded by lua and the framework code of the entire system run in > the same context. If there is an operation to operate the global environment > in the hot loaded code, it will affect the function of the entire system. I > wrote a simple in the issue. example[1]. Worse yet, if a hacker uses > malicious code, it could exploit this feature to attack the user's operating > system. > > So I think Apache APISIX can add a layer of protection when executing hot > code, so that hot code can run in a sandbox. Here is an article[2] describing > how to use sandboxing in lua code to safely execute hot code, we can refer to > it. > I personally think setting a blacklist of safe functions is more appropriate. > What is everyone's opinion? Is there a better way to achieve this? Welcome to > discuss. > > [1]: https://github.com/apache/apisix/issues/6729 > [2]: http://lua-users.org/wiki/SandBoxes > > > -- > Thanks, > Shirui Zhao > >
