Running user-provided code

  • Users rewriting classes/methods in my app
  • Using RubyProctor to make http requests and DDoS other sites
  • Tying up the CPU on my server with an infinite loop or other expensive operation
  • Removing files on the server, or writing files and causing the disk to run out of space
apiVersion: config.istio.io/v1alpha2
kind: RouteRule
metadata:
name: rcrr1-ingress
spec:
destination:
name: rcrr1
route:
- labels:
run: rcrr1
weight: 100
Open3.capture2(‘ruby’, ‘-e’, program, arg1, arg2, rlimit_cpu: [2,2], rlimit_nproc: 1)
Timeout::timeout(2) {
eval rule
}

— name: CONTAINER_NAME
image: IMAGE_NAME
ports:
— containerPort: CONTAINER_PORT
securityContext:
readOnlyRootFilesystem: true

--

--

--

Software Engineer @fin

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Sidharth Shanker

Sidharth Shanker

Software Engineer @fin

More from Medium

DNS and /etc/hosts on a story line.

Save Friday Night Using Chaos Engineering

What the hell is this Docker ?

ESP-IDF Logging: How great is ‘ESP_LOGx’ vs ‘printf’

ESP-IDF Logging: sample logs using ESP_LOG screenshot