go.tools/playground: provide script-safe option for playground

This change allows code to be sent safely to a partially sandboxed playground using the Native Client environment. Execution of non-Go code is blocked when the RunScripts is false to prevent inclusion of code that might escape by virtue of being under a different runtime environment. Two options for communicating whether to prevent non-Go code were considered: as has been done here and alternatively, using a message field. The latter was not chosen to close that as an attack option. Another will be follow that adds a -nacl flag to the present command to allow sandboxing of playground code in presentations. See discussion here: https://groups.google.com/d/topic/golang-dev/Hy-7PBP-T4Q/ LGTM=adg R=adg, dave CC=golang-codereviews https://golang.org/cl/74740045
2024-11-05 14:56:10 -07:00 · 2014-03-17 16:57:36 +11:00 · 2014-03-17 16:57:36 +11:00 · 84fae1b215
commit 84fae1b215
parent 7877131709
1 changed files with 5 additions and 1 deletions
--- a/playground/socket/socket.go
+++ b/playground/socket/socket.go
@ -35,6 +35,10 @@ import (
 	"code.google.com/p/go.net/websocket"
 )

+// RunScripts specifies whether the socket handler should execute shell scripts
+// (snippets that start with a shebang).
+var RunScripts = true
+
 // Handler implements a WebSocket handler for a client connection.
 var Handler = websocket.Handler(socketHandler)

@ -141,7 +145,7 @@ func startProcess(id, body string, out chan<- *Message, opt *Options) *process {
 		done: make(chan struct{}),
 	}
 	var err error
-	if path, args := shebang(body); path != "" {
+	if path, args := shebang(body); RunScripts && path != "" {
 		err = p.startProcess(path, args, body)
 	} else {
 		err = p.start(body, opt)