You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The current implementation trust that mapping functions does not have unwanted side effects. This is a security issue.
To fix this, evaluate mapping functions in a secure sandbox. It can be assumed that a mapping function is a pure function with no side effect.
One should think that safe evaluation of a python function would be a common request that there would be a standard solution for. But I couldn't find any up-to-date package for it.
A possible solution could be to evaluate the mapping function in another python interpreter running in a chroot environment in a docker image with no network. Arguments could be pickled and send via stdin. For the return value, it would be safer to require that it must be json serialisable, since it is possible to execute arbitrary code during unpickling.
The current implementation trust that mapping functions does not have unwanted side effects. This is a security issue.
To fix this, evaluate mapping functions in a secure sandbox. It can be assumed that a mapping function is a pure function with no side effect.
One should think that safe evaluation of a python function would be a common request that there would be a standard solution for. But I couldn't find any up-to-date package for it.
A possible solution could be to evaluate the mapping function in another python interpreter running in a chroot environment in a docker image with no network. Arguments could be pickled and send via stdin. For the return value, it would be safer to require that it must be json serialisable, since it is possible to execute arbitrary code during unpickling.
Some references:
The text was updated successfully, but these errors were encountered: