It is difficult to list all safe functions in the whitelist. It's not even possible to tell which functions are safe and which ones are not.
*ZhengSong Tu* My GitHub: https://github.com/tzssangglass Apache APISIX: https://github.com/apache/apisix 在 2022年3月31日 11:18:35 上,Kwanhur Huang <huang_hua2...@163.com> 写道: > Why not whitelist? A list of function allow to use will be better. > > > Kwanhur Huang > TL;DR > > 2022年3月30日 下午1:55,shirui zhao <zhaoth...@gmail.com> 写道: > > > Hello, community, > > > I noticed that Apache APISIX supports serverless plugins for hot loading > user's code, which is a very nice feature. However, Apache APISIX does not > seem to limit the execution environment of these hot codes, and there may > be some risks. > > The hot code loaded by lua and the framework code of the entire system run > in the same context. If there is an operation to operate the global > environment in the hot loaded code, it will affect the function of the > entire system. I wrote a simple in the issue. example[1]. Worse yet, if a > hacker uses malicious code, it could exploit this feature to attack the > user's operating system. > > > So I think Apache APISIX can add a layer of protection when executing hot > code, so that hot code can run in a sandbox. Here is an article[2] > describing how to use sandboxing in lua code to safely execute hot code, we > can refer to it. > > I personally think setting a blacklist of safe functions is more > appropriate. What is everyone's opinion? Is there a better way to achieve > this? Welcome to discuss. > > > [1]: https://github.com/apache/apisix/issues/6729 > > [2]: http://lua-users.org/wiki/SandBoxes > > > > -- > > Thanks, > > Shirui Zhao > > > > >
