security(wasm): bound sandbox resources, remove host panic/DoS vectors#93
Merged
Conversation
…S vectors Hardens the WASM host runtime against a hostile or compromised plugin (area: WASM sandbox limits). - Panic vectors: guest-controlled pointer/length slice reads use saturating_add so a negative/oversized len fails the existing bounds check instead of panicking on an inverted range. Cache and rate-limiter Instant/Duration arithmetic is overflow/underflow-safe (checked/ saturating + duration_since), including the cleanup paths that underflow early in process uptime. - Memory bounds: the response cache caps its entry count (evicting expired-then-soonest-to-expire); the rate limiter clamps the plugin-supplied quota and window and caps the partition table, failing closed when saturated with active keys. - Upstream body cap: the buffered plugin HTTP-call path reads at most BARBACANE_MAX_UPSTREAM_RESPONSE_BYTES (default 16 MiB) via a chunked, content-length-aware read, bounding host memory. - Wall-clock backstop: epoch interruption with a background ticker traps a guest that runs past its time budget, complementing fuel-based CPU limiting. - Broker hardening: Kafka/NATS connections enforce the SSRF guard (honoring BARBACANE_ALLOW_INTERNAL_EGRESS), connect/publish timeouts, and bounded connection caches. Runtime build errors propagate instead of panicking. Docs and CHANGELOG updated for the new env var and broker egress default.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Area: WASM sandbox limits
Hardens the WASM host runtime against a hostile or compromised plugin. Fail-closed by default, with operator opt-outs where appropriate. Continues the sequential, one-PR-per-area security work.
Panic vectors removed
instance.rsusesaturating_add, so a negative/oversizedlenfails the existing bounds check instead of panicking on an inverted range.cache.rs/rate_limiter.rsInstant/Durationarithmetic is overflow/underflow-safe (checked_*/saturating_*/duration_since), including cleanup paths that underflow in the first minutes of process uptime.Memory bounds (DoS)
Upstream body cap
BARBACANE_MAX_UPSTREAM_RESPONSE_BYTES(default 16 MiB) via a chunked,Content-Length-aware read. Streaming dispatchers are unaffected.Wall-clock backstop
Broker hardening (Kafka/NATS)
BARBACANE_ALLOW_INTERNAL_EGRESS), connect/publish timeouts, bounded connection caches.expect-panicking.Docs
BARBACANE_MAX_UPSTREAM_RESPONSE_BYTESdocumented; internal-egress default note extended to brokers; CHANGELOG updated.Verification
cargo fmt --all --check,cargo clippy --workspace --lib --bins --exclude barbacane-test -D warnings, andcargo test --workspace --lib --bins --exclude barbacane-testall green. New unit tests cover the body cap, cache/quota/window clamps, broker SSRF rejection, andsplit_host_port.Resolves the WASM sandbox-limits items tracked privately (#3/#4).