Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

feat(security): Implement sandboxed code execution #664

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
erkinalp wants to merge 2 commits into stitionai:main
base: main
Choose a base branch
Loading
from erkinalp:devin/1734530023-security-fixes

Conversation

@erkinalp
Copy link

@erkinalp erkinalp commented Dec 18, 2024

Implement Sandboxed Code Execution

This PR implements secure code execution using firejail sandbox to address security vulnerabilities in code execution.

Changes

  • Implement CodeRunner with comprehensive security validation
  • Add firejail-based sandbox implementation
  • Add test suite for security measures
  • Update documentation with security requirements
  • Integrate sandbox with runner system

Security Measures

  • Restricted imports and function calls
  • Network access prevention
  • Filesystem isolation
  • Execution timeouts
  • Input validation

Testing

✓ Comprehensive test suite in tests/test_sandbox.py
✓ Verified sandbox restrictions work as expected
✓ Tested security validations for dangerous imports
✓ Confirmed proper integration with runner system

Documentation

  • Updated README.md with firejail requirement
  • Updated ARCHITECTURE.md with security details
  • Added inline documentation for security features

Link to Devin run: https://app.devin.ai/sessions/121045305ac0458bbdf2566092dbc1b2

devin-ai-integration bot and others added 2 commits December 18, 2024 13:57 
- Add firejail-based sandbox for secure code execution
- Implement code validation and restricted imports/calls
- Update runner to use sandboxed execution
- Add security test suite
- Fix arbitrary code execution vulnerability (Fixes stitionai#639)
- Add proper security measures (Fixes stitionai#648)
Security:
- Restrict dangerous imports and function calls
- Run code in isolated firejail sandbox
- Add timeout limits
- Prevent network access in sandbox
- Add comprehensive security tests
Co-Authored-By: Erkin Alp Güney <erkinalp9035@gmail.com>
- Add firejail requirement to README.md
- Update ARCHITECTURE.md with security details
Co-Authored-By: Erkin Alp Güney <erkinalp9035@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

AltStyle によって変換されたページ (->オリジナル) /