stackoom
  简体   繁体   中英

How to run user code that might be unsafe?

 原文  2016-09-12 23:38:14       javascript/ c#

Question

I am writing a program that will interpret and run some user code written in Javascript in C#. How do I go about running with hard limit in running time?

1 answers

solution1
 1 ACCPTED  2016-09-13 00:21:21

Running user code; EVER; is not safe (see SQL injection, obligatory reference to XKCD ). There is no way to make it safe (apart from sandboxing, at which point you aren't running their code on your computer any more). See the 10 immutable laws of security ( TechNet )

That said, you could use the overload of Process.WaitForExit that takes an int (MSDN) to "timeout" and kill the process after a time period (10s in the example):

Process myVeryUnsafeProc = new Process();
myVerUnsafeProc.Start();
if (!myVeryUnsafeProc.WaitForExit(10000))
{
   myVeryUnsafeProc.Kill();
}

Note that the javascript could have killed your monitoring process and made this whole exercise pointless. Did I mention you just can't do this safely?

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Is it safe to minify JavaScript code that might run alongside other scripts? How to run code in firebase without signing user in How to run Parse Cloud Code by a specific user? How to add 'unsafe-inline' keyword to run inline javascript? how to resolve Refused to set unsafe header "User-Agent" in Javascript How to use React without unsafe inline JavaScript/CSS code? How to remove unsafe inline code for Content Security Policy? Why is eval() unsafe, wouldn't a user on a modern browser run whatever is evaluated on it anyway? How might the characters ​ can appear in the served HTML but not in my source code? I think this code involving NodeJs and MongoDb might fail, how to fix it?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM