From b1c5a1d637200f34b75ff1814a7fd0737fdb1f74 Mon Sep 17 00:00:00 2001 From: idkq <76702881+idkq@users.noreply.github.com> Date: Mon, 29 Mar 2021 09:08:48 -0400 Subject: [PATCH 1/2] Added security --- working/static metaprogramming/intro.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/working/static metaprogramming/intro.md b/working/static metaprogramming/intro.md index 5d192db90a..f2da56ce41 100644 --- a/working/static metaprogramming/intro.md +++ b/working/static metaprogramming/intro.md @@ -425,6 +425,17 @@ A Turing-complete programming language that runs in your typechecker opens the door to user-code that locks the IDE. How do we ensure that users maintain a fast edit refresh cycle when arbitrary Dart code may be running during compilation? +### Security + +Ensure that the user has visibility on the execution of the macro, minimizing threats +of malicious code injected which could run when the user opens the IDE for example. +Scope and perhaps limit write/execution access of macros access in the host machine which +could write a binary executable with data stored in a .dart file. Today, when a user +downloads a .dart code from the web and executes it, he is fully aware of the execution. +In addition, the compiler is not capable of call executables or scripts that the user +creates in .dart (although it does call other parts of the framework). + + [function_builders]: https://github.com/apple/swift-evolution/blob/9992cf3c11c2d5e0ea20bee98657d93902d5b174/proposals/XXXX-function-builders.md [zig_compile_time_execution]: https://andrewkelley.me/post/zig-programming-language-blurs-line-compile-time-run-time.html#:~:text=Compile%2DTime%20Parameters,-Compile%2Dtime%20parameters&text=In%20Zig%2C%20types%20are%20first,functions%2C%20and%20returned%20from%20functions.&text=At%20the%20callsite%2C%20the%20value,is%20known%20at%20compile%2Dtime. [data_classes_issue]: https://github.com/dart-lang/language/issues/314 From c963ade7172e47b232722572af9853429415ed34 Mon Sep 17 00:00:00 2001 From: idkq <76702881+idkq@users.noreply.github.com> Date: Thu, 29 Apr 2021 08:49:03 -0400 Subject: [PATCH 2/2] Update working/static metaprogramming/intro.md Co-authored-by: Jacob MacDonald --- working/static metaprogramming/intro.md | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/working/static metaprogramming/intro.md b/working/static metaprogramming/intro.md index f2da56ce41..ca264a14e6 100644 --- a/working/static metaprogramming/intro.md +++ b/working/static metaprogramming/intro.md @@ -427,13 +427,20 @@ fast edit refresh cycle when arbitrary Dart code may be running during compilati ### Security -Ensure that the user has visibility on the execution of the macro, minimizing threats -of malicious code injected which could run when the user opens the IDE for example. -Scope and perhaps limit write/execution access of macros access in the host machine which -could write a binary executable with data stored in a .dart file. Today, when a user -downloads a .dart code from the web and executes it, he is fully aware of the execution. -In addition, the compiler is not capable of call executables or scripts that the user -creates in .dart (although it does call other parts of the framework). +Today, users are fully aware of exactly when third party code (excluding code +from the sdk) might be executed (only when they explicitly run a program). This +will change with this proposal, since it involves running user code as a part +of the compilation and likely program analysis process. This means that even +opening your IDE for instance could expose you to malicious code if we aren't +careful. + +In order to minimize the threat of malicious code which could run in these +contexts, we will likely need to limit the read/write/execution access of +macro code, including access to ffi or other libraries which might enable that +same access. + +One possible way to do this would to be to explicitly limit the `dart:` +libraries that are available for use at compile time. [function_builders]: https://github.com/apple/swift-evolution/blob/9992cf3c11c2d5e0ea20bee98657d93902d5b174/proposals/XXXX-function-builders.md