[
https://issues.apache.org/jira/browse/SLING-524?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lars Trieloff updated SLING-524:
--------------------------------
Attachment: SLING-524.patch
Following patch implements a set of restrictions (with test cases) on recma
(restriced ECMA) and resp (restricted ECMA server pages):
- maximum script runtime is 1000 ms
- maximum stack depth is 100
- no access to Packages, so effectively disabling all java capabilities
This leaves us with a very restricted environment that allows to a certain
degree user-contributed scripts. One attack vector that I can imagine is
uploading scripts with excessive parse and compile time, so that the runtime
checks on denial of service attacks are not effective.
> Restrict JavaScript Engine to allow running untrusted scripts for user-driven
> templating
> ----------------------------------------------------------------------------------------
>
> Key: SLING-524
> URL: https://issues.apache.org/jira/browse/SLING-524
> Project: Sling
> Issue Type: New Feature
> Components: Scripting
> Affects Versions: 2.0.1
> Reporter: Lars Trieloff
> Attachments: SLING-524.patch
>
>
> If you want to allow users to run custom scripts inside sling, for instance
> to allow them to theme personal websites or blogs it is necessary to restrict
> the capabilities of the scripting environment so that users do not run
> scripts that access system files, run resource-draining scripts or harm the
> system in other ways.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
