Commit Graph

2 Commits

Author SHA1 Message Date
Paul Fitzpatrick
c4fb40e0bd (core) add gvisor-based sandbox to jenkins test worker image
Summary:
This is preparatory work for running tests with the new sandbox in jenkins.

 * Makes a base image that is now shared by grist servers and jenkins workers.
 * Needed to allow jenkins to run `sudo runsc`.
 * Converged on port 2020 for ssh to workers and servers.

Test Plan: added one runsc-based test and confirmed it was run

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D3029
2021-09-20 16:34:40 -04:00
Paul Fitzpatrick
6e15d44cf6 (core) start applying defenses for untrusted document uploads
Summary:
This applies some mitigations suggested by SQLite authors when
opening untrusted SQLite databases, as we do when Grist docs
are uploaded by the user.  See:
  https://www.sqlite.org/security.html#untrusted_sqlite_database_files

Steps implemented in this diff are:
  * Setting `trusted_schema` to off
  * Running a SQLite-level integrity check on uploads

Other steps will require updates to our node-sqlite3 fork, since they
are not available via the node-sqlite3 api (one more reason to migrate
to better-sqlite3).

I haven't yet managed to create a file that triggers an integrity
check failure without also being detected as corruption by sqlite
at a more basic level, so that is a TODO for testing.

Test Plan:
existing tests pass; need to come up with exploits to
actually test the defences and have not yet

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2909
2021-07-14 18:34:27 -04:00