Safety against third-parties.

[lschanner-tenchi]

Hey kelly, greetings.
I just stumbled upon this project when looking for alternatives for JQ.

Is it safe to allow untrusted third parties to send Jello scripts for querying data in our environment? I saw that you can do imports. Can you import (and use) any python module? Would there a way of whitelisting allowed modules? Thanks!

[kellyjonbrazil]

Hi there! Thanks for your question. Jello provides the full functionality of the Python interpreter without requiring the boilerplate to work with JSON data. It is not recommended to allow untrusted queries since there are no real limitations. I would treat Jello queries the same as python scripts.

It might be possible for me to add an option that limits/removes import capability and whitelists approved functions in Jello. A sort of safe mode. I’d have to investigate that further, though.

[lschanner-tenchi]

Thanks for the response!

[mentalisttraceur]

Seems like this should be solved by a separate general project: so long as python -m jello ... works as an alias for jello ..., a safe-python -m jello ... would also work, and all of the features needed for a secure Python sandbox could be implemented once in safe-python.

(Something like safe-python might already exist, I've not looked, but if it doesn't then a good start might be to modify CPython or PyPy to not allow C extensions and then to use a permission system like Deno does for all other system calls.)

Alternatively, run regular Python/Jello, with OS-level sandboxing features like Linux namespaces (that's what containers like Docker use), BSD jails, OpenBSD pledge, and so on, depending on what exactly you need to prevent.

For example, you could build a Docker image based on one of the premade official Python images, with just Jello and any extra modules you want untrusted users to have access to inside Jello queries, and then instead of invoking Jello you're invoking the Jello container through Docker while having Docker totally sandbox the container except for stdin and stdout.