[Ironruby-core] Script Validation

Tomas Matousek Tomas.Matousek at microsoft.com
Thu Aug 12 11:40:29 EDT 2010


We have a sandboxing mechanism - we rely on CLR's AppDomains:
http://blogs.msdn.com/b/shawnfa/archive/2005/08/08/449050.aspx
You can use this API in conjunction with ScriptRuntime.CreateRemote(appDomain, setup) DLR Hosting API.

I wouldn't even try to do any source code analysis to ensure security rules if I were you. You'd be doomed to failure. For example, consider this script

string my_script = @"x, y = 'u', 'b'; eval(\"req#{x}uire #{y}ad_script\")"

how do you analyze that? (Not that it would be completely impossible to do so in this particular case, but you get the point.)

Tomas

From: ironruby-core-bounces at rubyforge.org [mailto:ironruby-core-bounces at rubyforge.org] On Behalf Of Dody Gunawinata
Sent: Thursday, August 12, 2010 3:17 AM
To: ironruby-core at rubyforge.org
Subject: Re: [Ironruby-core] Script Validation

Regex and filter it. I don't think the DLR has a sandbox mechanism for this.
On Thu, Aug 12, 2010 at 12:57 PM, Thorsten Hans <thorsten.hans at gmail.com<mailto:thorsten.hans at gmail.com>> wrote:
Hi,

I'm currently hosting IronRuby within a C# Application. Is there any way to validate the IronRuby scripts that will be invoked by the DLR?

For example I'd like to prevent users from executing scripts that include the "require" statement or an impersonation statement...

Any ideas?


thx

Thorsten

_______________________________________________
Ironruby-core mailing list
Ironruby-core at rubyforge.org<mailto:Ironruby-core at rubyforge.org>
http://rubyforge.org/mailman/listinfo/ironruby-core



--
nomadlife.org<http://nomadlife.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rubyforge.org/pipermail/ironruby-core/attachments/20100812/749ea002/attachment.html>


More information about the Ironruby-core mailing list