Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding an hardened docker image version of arskcript/nightly to be able to run untrusted user input #463

Merged
merged 1 commit into from
May 19, 2024
Merged

Adding an hardened docker image version of arskcript/nightly to be able to run untrusted user input #463

merged 1 commit into from
May 19, 2024

Conversation

SuperFola
Copy link
Member

Description

Adds a new image that has harden to run untrusted user inputs, with restrictions on sys:exec (disabled in this image). The other images have been updated to alpine 3.19

Checklist

  • I have read the Contributor guide
  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have updated the documentation if needed
  • I have added tests that prove my fix/feature is working
  • New and existing tests pass locally with my changes

@SuperFola
feat(docker): adding an hardened docker image version of arskcript/ni…
f14582f 
…ghtly to be able to run untrusted user input
@github-actions GitHub Actions
Copy link

Static analysis report

Lizard report

Listing only functions with cyclomatic complexity >= 15 or NLOC >= 100 or parameters >= 6.

Filename Start line:end line Function name Parameters NLOC CCN
include/utf8.hpp 138:184 utf8::isValid 1 44 21
Report about files you didn't modify in this PR
Filename Start line:end line Function name Parameters NLOC CCN
src/arkreactor/VM/VM.cpp 259:1072 Ark::VM::safeRun 2 658 167
src/arkreactor/Compiler/BytecodeReader.cpp 70:438 Ark::BytecodeReader::display 4 327 131
src/arkreactor/Compiler/Macros/Processor.cpp 219:463 Ark::internal::MacroProcessor::evaluate 2 206 72
include/Ark/Compiler/AST/Parser.hpp 78:169 Ark::internal::ARK_APIParser::string 0 89 34
src/arkscript/main.cpp 17:300 main 2 246 30
src/arkreactor/Compiler/Compiler.cpp 528:633 Ark::Compiler::handleCalls 5 78 27
src/arkreactor/Compiler/Compiler.cpp 259:350 Ark::Compiler::compileExpression 5 74 24
src/arkreactor/Compiler/AST/Node.cpp 209:279 Ark::internal::Node::debugPrint 1 61 23
src/arkscript/JsonCompiler.cpp 23:188 JsonCompiler::_compile 1 139 23
src/arkreactor/VM/State.cpp 148:288 Ark::State::configure 0 116 22
src/arkreactor/Compiler/Macros/Processor.cpp 121:185 Ark::internal::MacroProcessor::processNode 2 48 20
src/arkreactor/Compiler/AST/Parser.cpp 284:394 Ark::internal::Parser::import_ 0 89 19
src/arkreactor/Compiler/Macros/Executors/Function.cpp 12:87 Ark::internal::FunctionExecutor::applyMacro 1 61 18
src/arkreactor/Compiler/AST/Node.cpp 143:207 Ark::internal::Node::repr 0 56 17
src/arkreactor/VM/Value.cpp 77:135 Ark::Value::toString 1 46 17
include/Ark/Compiler/AST/Predicates.hpp 162:186 Ark::internal::IsSymbol::operator ( ) 1 24 16
src/arkreactor/Compiler/Macros/Processor.cpp 53:101 Ark::internal::MacroProcessor::registerMacro 1 44 16
src/arkreactor/TypeChecker.cpp 27:78 Ark::types::displayContract 2 45 15
src/arkscript/Formatter.cpp 117:170 Formatter::format 3 51 15
src/arkreactor/Exceptions.cpp 123:132 Ark::Diagnostics::helper 8 9 3
include/Ark/Exceptions.hpp 95:104 Ark::CodeError::CodeError 6 10 1

CppCheck report

Filename Line Type Description
include/Ark/Compiler/AST/Optimizer.hpp 64 style Unused private function 'Optimizer throwOptimizerError'
include/Ark/Compiler/AST/Parser.hpp 173 style Local variable 'symbol' shadows outer function
include/Ark/Compiler/AST/Predicates.hpp 117 performance Function parameter 'c' should be passed by const reference.
include/Ark/Compiler/AST/utf8_char.hpp 29 style Local variable 'codepoint' shadows outer function
include/Ark/TypeChecker.hpp 71 performance Function parameter 'name' should be passed by const reference.
include/Ark/TypeChecker.hpp 75 performance Function parameter 'name' should be passed by const reference.
include/CLI/Formatter.hpp 39 style Unused private function 'Formatter isPlainValue'
src/arkreactor/Builtins/IO.cpp 192 style Consider using std transform algorithm instead of a raw loop.
src/arkreactor/Builtins/IO.cpp 24 style Parameter 'n' can be declared with const
src/arkreactor/Builtins/IO.cpp 43 style Parameter 'n' can be declared with const
src/arkreactor/Compiler/AST/BaseParser.cpp 311 style Consider using std any_of algorithm instead of a raw loop.
src/arkreactor/Compiler/AST/BaseParser.cpp 351 style Consider using std any_of algorithm instead of a raw loop.
src/arkreactor/Compiler/AST/Optimizer.cpp 33 style Parameter 'node' can be declared with const
src/arkreactor/Compiler/AST/Optimizer.cpp 39 style Parameter 'node' can be declared with const
src/arkreactor/Compiler/AST/Parser.cpp 840 style Consider using std any_of algorithm instead of a raw loop.
src/arkreactor/Compiler/Compiler.cpp 138 style Consider using std copy algorithm instead of a raw loop.
src/arkreactor/Compiler/Compiler.cpp 158 style Consider using std copy algorithm instead of a raw loop.
src/arkreactor/Compiler/Compiler.cpp 165 style Consider using std copy algorithm instead of a raw loop.
src/arkreactor/Compiler/ImportSolver.cpp 142 style Consider using std transform algorithm instead of a raw loop.
src/arkreactor/Compiler/Macros/Executors/Function.cpp 50 performance Searching before insertion is not necessary. Instead of 'args_applied[arg_name]=Node(NodeType List)' consider using 'args_applied.try_emplace(arg_name, Node(NodeType List));'.
src/arkreactor/Compiler/Macros/Processor.cpp 103 style Parameter 'node' can be declared with const
src/arkreactor/Compiler/Macros/Processor.cpp 123 style The scope of the variable 'has_created' can be reduced.
src/arkreactor/TypeChecker.cpp 80 performance Function parameter 'funcname' should be passed by const reference.
src/arkreactor/VM/Future.cpp 10 performance Variable 'm_value' is assigned in constructor body. Consider performing initialization in initialization list.
src/arkreactor/VM/Scope.cpp 53 style Consider using std find_if algorithm instead of a raw loop.
src/arkreactor/VM/Scope.cpp 63 style Consider using std find_if algorithm instead of a raw loop.
src/arkreactor/VM/Scope.cpp 71 style Variable 'id' is not assigned a value.
src/arkreactor/VM/State.cpp 125 style Consider using std transform algorithm instead of a raw loop.
src/arkreactor/VM/VM.cpp 556 style Consider using std copy algorithm instead of a raw loop.
src/arkscript/Formatter.cpp 225 style The scope of the variable 'comment_in_args' can be reduced.
src/arkscript/Formatter.cpp 446 warning Either the condition 'node.constList().empty()' is redundant or expression 'node.constList().back()' cause access out of bounds.
src/arkscript/main.cpp 141 style Consider using std copy algorithm instead of a raw loop.
src/arkscript/main.cpp 148 style Consider using std copy algorithm instead of a raw loop.

@SuperFola SuperFola merged commit a06713c into dev May 19, 2024
16 checks passed
@SuperFola SuperFola deleted the docker/harden branch May 19, 2024 17:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@SuperFola