如何为上传的C#代码辩护应用程序和系统
目前,我有Web API,该API将从客户端检查上传代码并运行它。它是测试的平台。例如,有一个对用户的测试:
Create a function with the name Sum. It will sum to integer numbers. Use this template:
public class Class1
{
//TODO: Create Sum function here
}
当用户上传他的代码时,使用 roslyn 之后,它将运行此代码,并使用反射检查该函数总和。例如,
void CheckFunctionSumm(Assembly assemblyCompiledFromUsersCode)
{
var classFromAssembly = assemblyCompiledFromUsersCode.GetType("Class1");
if (classFromAssembly != null)
{
var method = classFromAssembly.GetMethod("Sum");
if (method != null)
{
var classInstanse = Activator.CreateInstance(classFromAssembly);
int? result = method.Invoke(classInstanse, new object[] { 10, 20 }) as int?;
if (result != 30)
{
throw new Exception("Function is not correct");
}
}
}
else
{
throw new Exception("Class1 is missing");
}
}
它工作正常,但是有一个孔隙。当用户上传危险代码时,它将引起很多问题。例如,如果用户上传代码导致stackoverflow异常,删除某些文件,格式磁盘,更改用户密码.....
因此,我该如何捍卫我的系统免受这种问题的影响?
Currently, I have the WEB API that will check uploaded code from the client and run it. It is the platform for testing. For example, there is a test for users:
Create a function with the name Sum. It will sum to integer numbers. Use this template:
public class Class1
{
//TODO: Create Sum function here
}
When the user uploads his code, WEB API compiles and creates Assembly using roslyn
After that, it will run this code and check that function Sum using reflection. For example,
void CheckFunctionSumm(Assembly assemblyCompiledFromUsersCode)
{
var classFromAssembly = assemblyCompiledFromUsersCode.GetType("Class1");
if (classFromAssembly != null)
{
var method = classFromAssembly.GetMethod("Sum");
if (method != null)
{
var classInstanse = Activator.CreateInstance(classFromAssembly);
int? result = method.Invoke(classInstanse, new object[] { 10, 20 }) as int?;
if (result != 30)
{
throw new Exception("Function is not correct");
}
}
}
else
{
throw new Exception("Class1 is missing");
}
}
It is working fine, but there is a porblem. When User will upload dangerous code it will cause a lots of problems. For example, if user upload code that cause stackoverflow exception, outofmemory exception, code that deletes some files, format disk, change users password .....
So, How can I defend my system from this kind of problems?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
如果 @mickyd的答案不适用,我会尝试以下
想法在上传服务方面运行的机器。在容器内执行不受信任的代码并检索结果。然后使用容器的功能将其滚动到初始状态。
在回滚之前,您还可以检查它的状态以检测任何不良行为,例如文件更改,注册表hacks等。
此解决方案使用的资源比.NET VM Way @mickyd提到的更多资源,但它也更安全,因为在容器中运行的代码除了您明确给出的东西外,无法访问主机。
I would try the following idea if @MickyD's answer is not applicable because .net version things he mentioned, or you do not trust or do not want to learn all the .net cas stuff:
Copy the uploaded code into a container like Docker or virtual machine running on upload service's side. Exec the untrusted code inside the container and retrieve results. Then use the container's capabilities to rollback it to initial state.
Before rollback you can also examine it's state to detect any bad behavior like file changes, registry hacks, etc.
This solution uses considerably more resources than the .net vm way @MickyD mentioned but it is much more safer too because the code running in container wont have any access to the host except what you explicit gave it.