The question might be naive, almost disrespectful, but better safe than sorry: Does Meta.parse use any eval-like calls or anything else that would make it dangerous to use on potentially malicious input?

Afaiu it is not supposed to pop a shell, unlike e.g. eval or deserialization. On the other hand, afaiu Meta.parse is not hardened as a security boundary either (e.g. regularly run through AFL or libfuzzer). Any core people who happen to know better, please correct me here. So I strongly recommend …

Here is what I want to use it for: parsing a user provided string (of size that is enforced to be relatively small), ensuring that it contains only some very simple white-listed constructs (only “array literal of whitelisted constructors”), and then calling eval on the validated AST.

That is an admittedly annoying situation to be in. A low-effort solution (if viable) would be on the deployment side: Ensure that you can live with people popping a shell occasionally. Put it into a virtual machine that is isolated from your network (and has throttled resource use) and restore from…

What about parsing Json? That might be a better approach since that would ensure they don’t pass in anything bad.

I do not think json (or something like it) would work for me, as the goal is to demo a Julia library (with an extremely restricted whitelisted set of permitted constructs in the input code). If the starting point is Julia-like code, parsing it myself into something like json (which is then used in a…

This is correct: it’s safe in principle but not a hardened function, so it’s possible that it can be attacked with a malicious malformed input. If someone wanted to feed (literally) random strings into Meta.parse and see what happens, it would be a good first step to help harden it against attacks.

Well, while true try Meta.parse(transcode(String, rand(UInt8,20))) catch end end does not do anything interesting, so I guess now is a good time to learn how to use libfuzzer. Seems like a fun distraction.

See also GitHub - cmcaine/Sandboxes.jl which provides sandboxed_eval().

[image] foobar_lv2: Meta.parse is not hardened as a security boundary either (e.g. regularly run through AFL or libfuzzer). Which Julia functions have been fuzzed?

Is `Meta.parse` safe to use on unsanitized external input?

New to Julia

Krastanov April 9, 2021, 10:09pm 11

Here is a naive attempt at fuzzing using libFuzzer. Advice would (as always) be appreciated Fuzzing Julia functions (for security hardening)

Topic		Replies	Views
Fuzzing Julia functions (for security hardening) Tooling security , fuzzing	3	935	April 10, 2021
How to sandbox Julia code General Usage	11	1312	February 14, 2022
Prevent interpolation when Meta.parse a String to Expr New to Julia question , metaprogramming , meta	9	855	February 15, 2021
Parsed anonymous functions, type inference, and Base.invokelatest General Usage type	24	2312	October 22, 2017
How execute in Julia this string? eval(Meta.parse()) not works General Usage	1	796	May 10, 2019

Is `Meta.parse` safe to use on unsanitized external input?

Related topics