Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
P
platform
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 131
    • Issues 131
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Incidents
  • Analytics
    • Analytics
    • Repository
    • Value Stream
  • Members
    • Members
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • simantics
  • platform
  • Issues
  • #665

Closed
Open
Opened Jan 04, 2021 by Marko Luukkainen@luukkainenOwner

Restricted SCL environment

Currently several Simantics based applications use SCL scripts for customization.

Unfortunately, this is currently unsafe, because we do not have means to restrict th functions that uses can use. Here is an example from a certain product as a customizable transformation rule:

import "nn/Proteus/ExtractionRulesUtils/Common"

importJava "java.lang.System" where
   exit :: Integer -> <Proc> ()

propertyRule :: PropertyRule
propertyRule = extract do
    exit(-100)

Executing the above rule as part of a model transformation closes the Simantics DB instance (DOS attack).

Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: simantics/platform#665