Skip to content

feat(security): Implement sandboxed code execution #664

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
erkinalp wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat(security): Implement sandboxed code execution #664

erkinalp wants to merge 2 commits into from

Conversation

@erkinalp
Copy link

@erkinalp erkinalp commented Dec 18, 2024

Implement Sandboxed Code Execution

This PR implements secure code execution using firejail sandbox to address security vulnerabilities in code execution.

Changes

  • Implement CodeRunner with comprehensive security validation
  • Add firejail-based sandbox implementation
  • Add test suite for security measures
  • Update documentation with security requirements
  • Integrate sandbox with runner system

Security Measures

  • Restricted imports and function calls
  • Network access prevention
  • Filesystem isolation
  • Execution timeouts
  • Input validation

Testing

✓ Comprehensive test suite in tests/test_sandbox.py
✓ Verified sandbox restrictions work as expected
✓ Tested security validations for dangerous imports
✓ Confirmed proper integration with runner system

Documentation

  • Updated README.md with firejail requirement
  • Updated ARCHITECTURE.md with security details
  • Added inline documentation for security features

Link to Devin run: https://app.devin.ai/sessions/121045305ac0458bbdf2566092dbc1b2

devin-ai-integration bot and others added 2 commits December 18, 2024 13:57
@devin-ai-integration @erkinalp
feat(security): Implement sandboxed code execution
3f2064f 
- Add firejail-based sandbox for secure code execution
- Implement code validation and restricted imports/calls
- Update runner to use sandboxed execution
- Add security test suite
- Fix arbitrary code execution vulnerability (Fixes stitionai#639)
- Add proper security measures (Fixes stitionai#648)

Security:
- Restrict dangerous imports and function calls
- Run code in isolated firejail sandbox
- Add timeout limits
- Prevent network access in sandbox
- Add comprehensive security tests

Co-Authored-By: Erkin Alp Güney <erkinalp9035@gmail.com>
@devin-ai-integration @erkinalp
docs: Update documentation with security requirements
9eb1f11 
- Add firejail requirement to README.md
- Update ARCHITECTURE.md with security details

Co-Authored-By: Erkin Alp Güney <erkinalp9035@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@erkinalp