Question

How can you prevent this dangerous vulnerability? The first way is by regularly patching and updating the frameworks and template libraries your application uses. Many developers and security professionals are catching on to the danger of template injections. As a result, template engines publish various mitigations against this attack. Constantly updating your software to the newest version will ensure that your applications are protected against new attack vectors.

你如何预防这个危险漏洞？首先，定期修复和更新应用程序所使用的框架和模板库是一种方法。许多开发人员和安全专家已经意识到模板注入的危险性。因此，模板引擎发布了各种缓解这种攻击的措施。不断更新软件到最新版本将确保您的应用程序受到新攻击向量的保护。

You should also prevent users from supplying user-submitted templates if possible. If that isn’t an option, many template engines provide a hardened sandbox environment that you can use to safely handle user input. These sandbox environments remove potentially dangerous modules and functions, making user-submitted templates safer to evaluate. However, researchers have published numerous sandbox escape exploits, so this is by no means a bulletproof method. Sandbox environments are also only as safe as their configurations.

如果可能的话，你也应该防止用户提供用户提交的模板。如果这不是一个选择，许多模板引擎提供了一种强化了的沙箱环境，可以用来安全地处理用户输入。这些沙箱环境会移除潜在有害的模块和函数，使得用户提交的模板更安全地进行评估。然而，研究人员已经发表了许多沙箱逃逸漏洞，所以这绝不是一个百分百安全的方法。沙箱环境也只要其配置足够安全，才会更加可靠。

Implement an allowlist for allowed attributes in templates to prevent the kind of RCE exploit that I’ll introduce in this chapter. Also, sometimes template engines raise descriptive errors that help attackers develop exploits. You should handle these errors properly and return a generic error page to the user. Finally, sanitize user input before embedding it into web templates and avoid injecting user-supplied data into templates whenever possible.

实现模板中属性允许列表以防止本章介绍的 RCE 漏洞类型，有时模板引擎会引发有助于攻击者开发漏洞利用的详细错误。应该适当处理这些错误并向用户返回通用错误页面。最后，在将用户输入嵌入 Web 模板之前对其进行净化，并尽可能避免将用户提供的数据注入模板。