Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ALISA executes code that is part of models #1604

Closed
lwrage opened this Issue Oct 18, 2018 · 2 comments

Comments

Projects
None yet
2 participants
@lwrage
Copy link
Contributor

lwrage commented Oct 18, 2018

ALSIA currently executes Java and Python code that is part of a model. While convenient, this is a problem from a security point of view.
Execution of such code should at least require explicit user permission.
child of #1570

@reteprelief

This comment has been minimized.

Copy link
Contributor

reteprelief commented Nov 16, 2018

While Java or Python code is prototyped it resides in the same workspace as the models. It is constructed as plugin project.
Once stable that project can be made part of an OSATE installation.

In case of Resolute code, that code is interpreted. Users just need to be aware that Resolute supports call out to (external) Java code.

@lwrage

This comment has been minimized.

Copy link
Contributor Author

lwrage commented Nov 28, 2018

If we want to keep this functionality we need a way to prevent execution of java/python that wasn't written on the local machine. Maybe we can generate a unique ID in OSATE (per workspace, installation, or computer) that must be included in the script. The script would be executed only if the ID in the script matches the ID in OSATE.

This scheme breaks if users share scripts that contain the ID.

@wafflebot wafflebot bot added in progress and removed next labels Feb 22, 2019

@wafflebot wafflebot bot added review and removed in progress labels Feb 22, 2019

@lwrage lwrage closed this in #1709 Feb 25, 2019

@wafflebot wafflebot bot removed the review label Feb 25, 2019

@lwrage lwrage added the alisa label Mar 5, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.