Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ALISA executes code that is part of models #1604

Closed
lwrage opened this issue Oct 18, 2018 · 2 comments
Closed

ALISA executes code that is part of models #1604

lwrage opened this issue Oct 18, 2018 · 2 comments

Comments

@lwrage
Copy link
Contributor

@lwrage lwrage commented Oct 18, 2018

ALSIA currently executes Java and Python code that is part of a model. While convenient, this is a problem from a security point of view.
Execution of such code should at least require explicit user permission.
child of #1570

@reteprelief
Copy link
Contributor

@reteprelief reteprelief commented Nov 16, 2018

While Java or Python code is prototyped it resides in the same workspace as the models. It is constructed as plugin project.
Once stable that project can be made part of an OSATE installation.

In case of Resolute code, that code is interpreted. Users just need to be aware that Resolute supports call out to (external) Java code.

@lwrage
Copy link
Contributor Author

@lwrage lwrage commented Nov 28, 2018

If we want to keep this functionality we need a way to prevent execution of java/python that wasn't written on the local machine. Maybe we can generate a unique ID in OSATE (per workspace, installation, or computer) that must be included in the script. The script would be executed only if the ID in the script matches the ID in OSATE.

This scheme breaks if users share scripts that contain the ID.

@ghost ghost added in progress and removed next labels Feb 22, 2019
@ghost ghost added review and removed in progress labels Feb 22, 2019
@lwrage lwrage closed this in #1709 Feb 25, 2019
@ghost ghost removed the review label Feb 25, 2019
@lwrage lwrage added the alisa label Mar 5, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants