Running any Go code unsupervised represents a pretty giant security concern for obvious reasons, but that doesn't nncessarily spell the end for using

GitHub - matryer/goscript: Goscript: Runtime execution of Go code.

submited by
Style Pass
2023-05-30 09:30:06

Running any Go code unsupervised represents a pretty giant security concern for obvious reasons, but that doesn't nncessarily spell the end for using Goscript in your projects.

One option is to wrap Goscript and provide the goscript func signature youself, and allow users to only provide the body. This would also prevent them from controlling the imports too. And with some simple string checking, you'd be able to protect from injection attacks.

Leave a Comment
Related Posts