CN109325345B - Method and apparatus for running third party code in a sandbox environment - Google Patents

Method and apparatus for running third party code in a sandbox environment Download PDF

Info

Publication number
CN109325345B
CN109325345B CN201811108552.9A CN201811108552A CN109325345B CN 109325345 B CN109325345 B CN 109325345B CN 201811108552 A CN201811108552 A CN 201811108552A CN 109325345 B CN109325345 B CN 109325345B
Authority
CN
China
Prior art keywords
server
environment
party code
operation type
target interface
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811108552.9A
Other languages
Chinese (zh)
Other versions
CN109325345A (en
Inventor
张浩然
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Baidu Netcom Science and Technology Co Ltd
Original Assignee
Beijing Baidu Netcom Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Baidu Netcom Science and Technology Co Ltd filed Critical Beijing Baidu Netcom Science and Technology Co Ltd
Priority to CN201811108552.9A priority Critical patent/CN109325345B/en
Publication of CN109325345A publication Critical patent/CN109325345A/en
Application granted granted Critical
Publication of CN109325345B publication Critical patent/CN109325345B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The embodiment of the application discloses a method and a device for running third-party codes in a sandbox environment. One embodiment of the method comprises: responding to the fact that the third party code is detected to call the virtual interface of the isolation operation type in the sandbox environment when the third party code runs, and obtaining the identification of the virtual interface; sending a call request for calling a target interface corresponding to the identifier to a second server deploying the host environment, wherein the first server is physically isolated from the second server; and receiving a calling result obtained after the target interface corresponding to the identifier returned by the second server is called. The implementation method can effectively control the security of the third party code.

Description

Method and apparatus for running third party code in a sandbox environment
Technical Field
The embodiment of the application relates to the technical field of computers, in particular to a method and a device for running third-party codes in a sandbox environment.
Background
With the continuous development of the mobile internet, in the face of the current situation that some super mobile applications (which are basic applications like "installation is necessary") occupy the main traffic entrance, many small and medium-sized applications begin to transform towards the form of light-like applications (or small programs).
Light Application like technology (Lite Application) is similar to Web applications, all of which have a host environment. The hosted environment of a light-like application is typically some super application (e.g., weChat, hundredth, etc.) as compared to the hosted environment of a Web application being a browser. During the operation of the light-like application, the host environment provides some necessary capabilities for the light-like application (for example, making a call, calling a camera, reading a short message record, sending a network request, and the like), and the light-like application can be implemented without paying attention to the logic implementation mode and the underlying architecture of the host environment. The similar light application has the characteristic of searching and using immediately, a user does not need to download related codes to local for storage, the second search and second search experience is realized to a certain extent, and the similar light application is widely welcomed by the user.
However, since the light-like applications are usually provided by a third party (e.g., a small and medium-sized enterprise, an individual developer, etc.), and not the host environment itself, if malicious code is included in the light-like applications, a security risk is likely to be brought to the host environment.
Disclosure of Invention
The embodiment of the application provides a method and a device for running third-party code in a sandbox environment.
In a first aspect, an embodiment of the present application provides a method for running third-party code in a sandbox environment, which is applied to a first server of a deployment sandbox environment, and includes: responding to the fact that the third party code is detected to call the virtual interface of the isolation operation type in the sandbox environment when the third party code runs, and obtaining the identification of the virtual interface; sending a call request for calling a target interface corresponding to the identifier to a second server deploying the host environment, wherein the first server is physically isolated from the second server; and receiving a calling result which is returned by the second server and is obtained after the target interface corresponding to the identifier is called.
In some embodiments, the virtual interface is invoked in the same manner as the corresponding target interface.
In some embodiments, the method further comprises: and in response to not receiving the calling result within the preset time period, re-sending the calling request to the second server.
In some embodiments, the method further comprises: and in response to detecting that the third party code calls the target interface of the non-isolated operation type in the sandbox environment at runtime, directly calling the target interface of the non-isolated operation type.
In some embodiments, prior to detecting the third party code, the method further comprises: third party code submitted by a developer to be run within the hosting environment is received, and the third party code is deployed in the sandbox environment.
In a second aspect, an embodiment of the present application provides a method for running third-party code in a sandbox environment, which is applied to a second server in a hosting environment, and includes: receiving a call request sent by a first server deploying the sandbox environment, wherein the call request comprises an identifier of a virtual interface of an isolation operation type in the sandbox environment called by a third-party code during operation, and the first server is physically isolated from a second server; determining a target interface corresponding to the identifier; and calling the determined target interface, and returning the obtained calling result to the first server.
In some embodiments, the second server corresponds to a plurality of first servers, the method further comprising: and processing the received call request by adopting an asynchronous mechanism.
In some embodiments, the method further comprises: in response to receiving more than a preset number of computationally intensive invocation requests within a preset time period, forwarding a portion of the received invocation requests to other servers deploying the hosting environment.
In a third aspect, an embodiment of the present application provides an apparatus for running third-party code in a sandbox environment, where the apparatus is applied to a first server in a deployment sandbox environment, and the apparatus includes: an identification obtaining unit configured to obtain an identification of a virtual interface in response to detecting that a third party code calls the virtual interface of the isolation operation type in the sandbox environment at runtime; a request sending unit configured to send a call request for calling a target interface corresponding to the identifier to a second server deploying the hosting environment, the first server being physically isolated from the second server; and the result receiving unit is configured to receive a calling result obtained after the target interface corresponding to the identifier returned by the second server is called.
In some embodiments, the virtual interface is invoked in the same manner as the corresponding target interface.
In some embodiments, the apparatus further comprises: and the resending unit is configured to resend the call request to the second server in response to not receiving the call result within a preset time period.
In some embodiments, the apparatus further comprises: the interface calling unit is configured to respond to the detection that the third-party code calls the target interface of the non-isolation operation type in the sandbox environment at runtime, and directly call the target interface of the non-isolation operation type.
In some embodiments, the apparatus further comprises: and the code deployment unit is configured to receive third-party code submitted by a developer and to be operated in the host environment, and deploy the third-party code in the sandbox environment.
In a fourth aspect, an embodiment of the present application provides an apparatus for running third-party code in a sandbox environment, where the apparatus is applied to deploy a second server in a hosting environment, and the apparatus includes: a request receiving unit configured to receive a call request sent by a first server deploying the sandbox environment, the call request including an identification of a virtual interface of an isolation operation type in the sandbox environment that is called by third party code at runtime, the first server being physically isolated from a second server; an interface determination unit configured to determine a target interface corresponding to the identifier; and the call returning unit is configured to call the determined target interface and return the obtained call result to the first server.
In some embodiments, the second server corresponds to a plurality of first servers, the apparatus further comprising: an asynchronous processing unit configured to process the received call request using an asynchronous mechanism.
In some embodiments, the apparatus further comprises: the request forwarding unit is configured to respond to receiving more than a preset number of computation-intensive call requests within a preset time period, and forward part of the received call requests to other servers of the deployment host environment.
In a fifth aspect, an embodiment of the present application provides an electronic device, including: one or more processors; a storage device having one or more programs stored thereon; when executed by one or more processors, cause the one or more processors to implement a method as described in any implementation of the first aspect or to implement a method as described in any implementation of the second aspect.
In a sixth aspect, the present application provides a computer-readable medium, on which a computer program is stored, which when executed by a processor implements the method described in any of the implementation manners in the first aspect or implements the method described in any of the implementation manners in the second aspect.
According to the method and the device for running the third-party code in the sandbox environment, the identification of the virtual interface is obtained when the third-party code is detected to call the virtual interface of the isolation operation type in the sandbox environment during running, then the request for calling the target interface corresponding to the identification is sent to the second server deploying the host environment, and finally the calling result returned by the second server is received, so that the safety of the third-party code can be effectively controlled.
Drawings
Other features, objects and advantages of the present application will become more apparent upon reading of the detailed description of non-limiting embodiments made with reference to the following drawings:
FIG. 1 is an exemplary system architecture diagram to which one embodiment of the present application may be applied;
FIG. 2 is a flow diagram of one embodiment of a method for running third party code in a sandbox environment according to the present application;
FIG. 3 is a schematic diagram of one application scenario of a method for running third party code in a sandbox environment in accordance with the present application;
FIG. 4 is a flow diagram of another embodiment of a method for running third party code in a sandbox environment in accordance with the present application;
FIG. 5 is a block diagram illustrating one embodiment of an apparatus for running third party code in a sandbox environment according to the present application;
FIG. 6 is a block diagram of another embodiment of an apparatus for running third party code in a sandbox environment in accordance with the present application;
FIG. 7 is a block diagram of a computer system suitable for use in implementing the electronic device of an embodiment of the present application.
Detailed Description
The present application will be described in further detail with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the relevant invention and not restrictive of the invention. It should be noted that, for convenience of description, only the portions related to the related invention are shown in the drawings.
It should be noted that, in the present application, the embodiments and features of the embodiments may be combined with each other without conflict. The present application will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
Fig. 1 illustrates an exemplary system architecture 100 to which embodiments of the present methods for running third party code in a sandbox environment or an apparatus for running third party code in a sandbox environment may be applied.
As shown in fig. 1, the system architecture 100 may include a first server 101, a network 102, and a second server 103. First server 101 is physically isolated from second server 103 (e.g., first server 101 and second server 103 are each located on different computing devices). The network 102 serves as a medium for providing a communication link between the first server 101 and the second server 103. Network 102 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The first server 101 may be a server that provides various services, such as a server for providing a sandbox environment. Third party code provided by the non-hosted environment may run in a sandbox environment. The sandbox environment may be configured with virtual interfaces that are invoked in the same manner as the real interfaces in the host environment. The first server 101 may detect a call to the virtual interface by the third party code. When the first server 101 detects that the third party code calls the virtual interface, it may send a request for calling a real interface corresponding to the virtual interface to the second server 103, and receive a result returned by the second server 103.
The second server 103 may also be a server that provides various services, such as a server for providing a hosting environment. The second server 103 may analyze and process data such as the call request sent by the first server 101 (e.g., determine a corresponding real interface, call the real interface to obtain a call result), and return a processing result (e.g., the call result) to the first server 101.
It should be noted that the method for running the third party code in the sandbox environment provided in the embodiment of the present application may be executed by the first server 101, and may also be executed by the second server 103. Accordingly, the means for running the third party code in the sandbox environment may be located in the first server 101 or in the second server 103. .
It should be noted that the first server 101 and the second server 103 may be hardware or software. When the first server 101 and the second server 103 are hardware, they may be implemented as a distributed server cluster composed of a plurality of servers, or may be implemented as a single server. When the first server 101 and the second server 103 are software, they may be implemented as a plurality of software or software modules (for example, to provide distributed services), or may be implemented as a single software or software module. And is not particularly limited herein.
It should be understood that the number of first servers, networks, and second servers in fig. 1 is merely illustrative. There may be any suitable number of first servers, networks, and second servers, as desired for implementation.
With continued reference to FIG. 2, a flow 200 of one embodiment of a method for running third party code in a sandbox environment in accordance with the present application is shown. The method for running third party code in a sandbox environment may include the steps of:
step 201, in response to detecting that the third party code calls the virtual interface of the isolation operation type in the sandbox environment during the operation, acquiring an identifier of the virtual interface.
In this embodiment, the sandboxed environment may be deployed on a first server (e.g., first server 101 of fig. 1) and the hosted environment may be deployed on a second server (e.g., second server 103 of fig. 1). An executing agent (e.g., the first server 101 of fig. 1) of the method for running third party code in a sandbox environment may detect whether the third party code calls a virtual interface of an isolated operation type in the sandbox environment at runtime, and obtain an identification of the virtual interface when detecting that the third party code calls the virtual interface. Here, the third party code may be code provided by a non-hosted environment (e.g., a light-like application).
Here, the first server is physically isolated from the second server. For example, when a physical host is virtualized into multiple virtual hosts by using virtualization technology, the first server and the second server may be located on different physical hosts, so that physical isolation may be achieved, and further, the influence of third party code on the host environment is avoided.
Sandbox (Sandbox), also known as Sandbox or sand table, refers to a virtual technology in the field of computers. The basic principle is as follows: a virtual running environment is created according to the real running environment of a computer program, when a certain program tries to play a role, the program can be firstly run in a sandbox, and all changes caused by the program in the sandbox cannot cause any influence on the real running environment. Sandboxing is often used in the field of computer security, for example, to study computer virus characteristics using sandboxes, or to provide a test operating environment for programs that are not trusted by some sources, are destructive or cannot determine their intention, etc.
In this embodiment, the sandbox environment may be a restricted secure operating environment for providing an operating environment for third party code. The sandboxed environment may enable simulation of the host environment. In particular, the sandboxed environment may be configured with virtual interfaces of the isolated operation type, each of which may correspond to one of the target interfaces of the host environment, e.g., each of which may have the same identification as one of the target interfaces. The target interface corresponding to the virtual interface may be an interface capable of affecting the host environment.
In some optional implementations of this embodiment, the virtual interface and the corresponding target interface have the same calling mode. For example, the virtual interface and the corresponding target interface have the same call path, call parameter, and the like, but do not have the function of the target interface. The role of the virtual interface is to let the third party code think that it really called the target interface. Generally, since the third-party code does not sense whether the third-party code runs in the host environment or the sandbox environment, the third-party code calls the target interface in the host environment, and actually calls the virtual interface in the sandbox environment, so that the potential safety hazard brought to the host environment by the third-party code is avoided.
In some optional implementations of this embodiment, the method for running third party code in a sandbox environment may further include: and acquiring a calling parameter of the virtual interface in response to detecting that the third-party code calls the virtual interface of the isolation operation type in the sandbox environment at the running time. The implementation may be applicable to virtual interfaces that need to pass parameters.
Step 202, sending a call request for calling the target interface corresponding to the identifier to a second server of the deployment host environment.
In this embodiment, the execution subject may send a call request to the second server, so that the second server determines the target interface corresponding to the identifier obtained in step 201 in the hosting environment, and calls the target interface.
And step 203, receiving a calling result obtained after the target interface corresponding to the identifier returned by the second server is called.
In this embodiment, the execution subject may receive a call result obtained after the target interface corresponding to the identifier returned by the second server is called (and return the received call result to the third party code, thereby completing the interface calling process of the third party code).
Compared with the method for directly running the third party code in the host environment, the method for running the third party code in the sandbox environment provided by the embodiment can effectively isolate the running environment of the third party code from the host environment, so that the host environment can be prevented from being influenced when the third party code calls the interface.
In addition, in the related art, the security of the third party code is ensured by performing qualification auditing on the developers (for example, adding enterprises with strong public trust into a white list), but even the code submitted by the developers in the white list cannot avoid the existence of a bug, so that the host environment is influenced. In the application, even if the third-party code has a vulnerability, the method for running the third-party code in the sandbox environment provided by the embodiment can also avoid potential safety hazards brought to the host environment by the third-party code.
In addition, compared with the third party code submitted by a manual review developer, the method for running the third party code in the sandbox environment provided by the embodiment can reduce the labor cost of code review and accelerate the online progress of the third party code.
In some optional implementations of this embodiment, the method for running third party code in a sandbox environment may further include: and in response to not receiving the calling result within the preset time period, re-sending the calling request to the second server.
When the third party code calls the virtual interface, the first server deploying the sandbox environment communicates with the second server deploying the host environment once. To ensure that the communication is successful, a retry mechanism may be set at each communication. In this implementation, each successful communication can be ensured by setting a timeout (i.e., a preset time period) for retransmission.
Optionally, different timeout times may be set for different interfaces, so that it is possible to avoid that a third-party developer sets an error for an interface return time to send a call request multiple times.
In some optional implementations of this embodiment, the method for running third party code in a sandbox environment may further include: and in response to detecting that the third party code calls the target interface of the non-isolated operation type in the sandbox environment at runtime, directly calling the target interface of the non-isolated operation type. Here, the target interface of the non-isolated operation type may refer to an interface that confirms that it does not affect the host environment. As an example, the target interface of the non-isolated operation type may be an interface that obtains the current system time. By directly calling the target interface of the non-isolated operation type, the communication time between the sandbox environment and the host environment is reduced on one hand, and the request pressure of the second server is also reduced on the other hand.
In some optional implementations of this embodiment, before detecting the third party code, the method for running the third party code in the sandbox environment may further include: third party code submitted by a developer to be run within the hosting environment is received, and the third party code is deployed in the sandbox environment.
With continued reference to FIG. 3, one application scenario of a method for running third party code in a sandbox environment in accordance with the present application is shown. In the application scenario 300 of fig. 3, a light-like application "XX buggy" 301 (i.e., third party code) is deployed in a sandbox environment, and a host application "X letter" 303 runs in the host environment. The sandbox environment and the hosted environment are deployed on a first server and a second server, respectively, that are physically isolated from each other. The virtual interface 302 in the sandbox environment enables invocation of an isolated operation type interface (e.g., an interface to obtain buddy information) in the hosting environment. When detecting that the light-like application 301 calls the virtual interface 302 for obtaining the friend information, the first server obtains an identifier of the virtual interface 302. And then, sending a calling request to a second server to call the target interface corresponding to the identifier. Then, a call result (e.g., friend information) returned by the second server is received after a corresponding target interface (i.e., a real interface for obtaining friend information) in the host environment is called. Finally, the call result is returned to the light-like application 301.
According to the method for running the third party code in the sandbox environment provided by the embodiment of the application, the identifier of the virtual interface is obtained when the third party code is detected to call the virtual interface of the isolation operation type in the sandbox environment during running, then the request for calling the target interface corresponding to the identifier is sent to the second server deploying the host environment, and finally the calling result returned by the second server is received, so that the safety of the third party code can be effectively controlled.
With further reference to FIG. 4, a flow 400 of another embodiment of a method for running third party code in a sandbox environment in accordance with the present application is shown. The method for running third party code in a sandbox environment may comprise the steps of:
step 401, receiving a call request sent by a first server deploying a sandbox environment.
In this embodiment, the sandboxed environment may be deployed on a first server (e.g., first server 101 of fig. 1) and the hosted environment may be deployed on a second server (e.g., second server 103 of fig. 1). An executing agent (e.g., the second server 103 of fig. 1) of a method for running third party code in a sandbox environment may receive a call request sent by a first server. Wherein the invocation request includes an identification of the virtual interface. The identification may be an identification of the virtual interface that the first server obtained upon detecting a virtual interface of the isolation operation type in the sandbox environment that the third party code invoked at runtime. Here, the first server is physically isolated from the second server, and the third party code may be code provided by the non-hosted environment (e.g., light-like applications).
Step 402, determining and identifying a corresponding target interface.
In this embodiment, the executing entity may determine a target interface (for example, an interface for acquiring friend information) in the host environment corresponding to the identifier received in step 401. Here, the target interface corresponding to the identification of the virtual interface may be, for example, the same target interface as the identification of the virtual interface.
Step 403, call the determined target interface, and return the obtained call result to the first server.
In this embodiment, the executing agent may invoke the target interface determined in step 402, and then return an obtained invoking result (for example, friend information) to the first server, and further return the invoking result to the third party code, thereby implementing an interface invoking process of the third party code.
Compared with the method for directly running the third party code in the host environment, the method for running the third party code in the sandbox environment provided by the embodiment can effectively isolate the running environment of the third party code from the host environment, so that the host environment is prevented from being influenced when the third party code calls the interface.
In some optional implementations of this embodiment, the second server may correspond to a plurality of first servers. That is, one host environment may correspond to multiple sandbox environments. That is, the second server may receive invocation requests of the plurality of first servers. Corresponding to the implementation, the method for running third party code in a sandbox environment may further comprise: and an asynchronous mechanism is adopted to process the received call requests, so that the call requests can not be blocked mutually.
In some optional implementations of this embodiment, the hosting environment may also be deployed on other second servers (e.g., a second server other than the currently executing agent). Corresponding to the implementation, the method for running third party code in a sandbox environment may further comprise: in response to receiving more than a preset number of computationally intensive invocation requests (e.g., invocation requests to be trained online for the machine learning model) within a preset time period (e.g., 1 s), forwarding a portion of the received invocation requests to other second servers. The host environment is deployed on the plurality of second servers, and when a certain second server frequently receives the calculation-intensive tasks in a short time period, the tasks are forwarded to other second servers, so that the request pressure can be uniformly shared, and the correct request time sequence of the sandbox environment is guaranteed.
According to the method for running the third-party code in the sandbox environment, the calling request sent by the first server deploying the sandbox environment is received, then the target interface corresponding to the identifier in the calling request is determined in the host environment, finally the target interface is called, and the obtained calling result is returned to the first server, so that the safety of the third-party code can be effectively controlled.
With further reference to fig. 5, as an implementation of the method shown in fig. 2, the present application provides an embodiment of an apparatus for running third-party code in a sandbox environment, where the embodiment of the apparatus corresponds to the embodiment of the method shown in fig. 2, and the apparatus is specifically applicable in a first server deploying the sandbox environment.
As shown in fig. 5, the apparatus 500 for running third party code in a sandbox environment of the present embodiment may include an identification obtaining unit 501, a request sending unit 502 and a result receiving unit 503. Wherein, the identifier obtaining unit 501 is configured to obtain an identifier of a virtual interface in response to detecting that the third party code calls the virtual interface of the isolation operation type in the sandbox environment at runtime; the request sending unit 502 is configured to send a call request to a second server of the deployment hosting environment to call a target interface corresponding to the identification, the first server of the deployment sandbox environment being physically isolated from the second server; and the result receiving unit 503 is configured to receive a calling result obtained after the target interface corresponding to the identifier returned by the second server is called.
In this embodiment, the sandboxed environment may be deployed on a first server (e.g., first server 101 of fig. 1) and the hosted environment may be deployed on a second server (e.g., second server 103 of fig. 1). The identifier obtaining unit 501 of the apparatus 500 for running third party code in a sandbox environment may detect whether the third party code calls a virtual interface of an isolated operation type in the sandbox environment during running, and obtain the identifier of the virtual interface when detecting that the third party code calls the virtual interface. Here, the third party code may be code provided by a non-hosted environment (e.g., a light-like application). The first server is physically isolated from the second server. For example, when virtualization technology is used to virtualize a physical host into multiple virtual hosts, the first server and the second server may be located on different physical hosts.
In some optional implementations of this embodiment, the virtual interface and the corresponding target interface have the same calling mode. For example, the virtual interface and the corresponding target interface have the same call path, call parameter, and the like, but do not have the function of the target interface. The role of the virtual interface is to let the third party code think that it really called the target interface. Generally speaking, since the third party code does not sense whether the third party code runs in the host environment or the sandbox environment, the third party code calls the target interface in the host environment, and actually calls the virtual interface in the sandbox environment, so that the third party code is prevented from bringing potential safety hazards to the host environment.
In some optional implementation manners of this embodiment, the identification obtaining unit 501 may be further configured to obtain a calling parameter of the virtual interface in response to detecting that the third party code calls the virtual interface of the isolation operation type in the sandbox environment at runtime. The implementation may be applicable to virtual interfaces that require parameters to be passed.
In this embodiment, the request sending unit 502 may send a call request to the second server, so that the second server determines a target interface in the hosting environment corresponding to the identifier acquired by the identifier acquiring unit 501, and calls the target interface.
In this embodiment, the result receiving unit 503 may receive a calling result obtained after the target interface corresponding to the identifier is called and returned by the second server (and return the received calling result to the third party code, thereby completing the interface calling process of the third party code).
Compared with the method for directly running the third party code in the host environment, the method for running the third party code in the sandbox environment provided by the embodiment can effectively isolate the running environment of the third party code from the host environment, so that the host environment is prevented from being influenced when the third party code calls the interface.
In some optional implementations of this embodiment, the apparatus 500 may further include a retransmission unit. The resending unit is configured to resend the calling request to the second server in response to not receiving the calling result within the preset time period.
Optionally, different timeout times may be set for different interfaces, so that it is possible to avoid that a third-party developer sets an error for an interface return time to send a call request multiple times.
In some optional implementations of this embodiment, the apparatus 500 may further include an interface calling unit. The interface calling unit is configured to directly call a target interface of a non-isolated operation type in response to detecting that third party code calls the target interface of the non-isolated operation type in the sandbox environment at runtime. Here, the target interface of the non-isolated operation type may refer to an interface that confirms that it does not have an influence on the host environment.
In some optional implementations of this embodiment, the apparatus 500 may further include a code deployment unit. The code deployment unit is configured to receive third-party code submitted by a developer and to be operated in the host environment, and deploy the third-party code in the sandbox environment.
The apparatus for running the third party code in the sandbox environment according to the foregoing embodiment of the present application obtains the identifier of the virtual interface when detecting that the third party code calls the virtual interface of the isolated operation type in the sandbox environment during running, then sends a request for calling the target interface corresponding to the identifier to the second server deploying the host environment, and finally receives a call result returned by the second server, thereby being capable of effectively controlling the security of the third party code.
With further reference to fig. 6, as an implementation of the method shown in fig. 4, the present application provides another embodiment of an apparatus for running third party code in a sandbox environment, where the embodiment of the apparatus corresponds to the embodiment of the method shown in fig. 4, and the apparatus may be applied to a second server deploying a hosting environment.
As shown in fig. 6, the apparatus 600 for running third party code in a sandbox environment of the present embodiment includes a request receiving unit 601, an interface determining unit 602, and a call returning unit 603. Wherein the request receiving unit 601 is configured to receive a call request sent by a first server deploying the sandbox environment, the call request including an identification of a virtual interface of an isolation operation type in the sandbox environment that is called by third-party code at runtime, the first server being physically isolated from a second server deploying the host environment; the interface determination unit 602 is configured to determine a target interface corresponding to the identification; and the call returning unit 603 is configured to call the determined target interface and return the resulting call result to the first server.
In this embodiment, the sandboxed environment may be deployed on a first server (e.g., first server 101 of fig. 1) and the hosted environment may be deployed on a second server (e.g., second server 103 of fig. 1). The request receiving unit 601 of the apparatus 600 for running the third party code in the sandbox environment may receive the call request sent by the first server. Wherein the call request includes an identification of the virtual interface. The identification may be an identification of the virtual interface that the first server obtained upon detecting a virtual interface of the isolation operation type in the sandbox environment that the third party code invoked at runtime. Here, the first server is physically isolated from the second server, and the third party code may be code provided by the non-hosted environment (e.g., light-like applications).
In this embodiment, the interface determining unit 602 may determine a target interface (e.g., an interface for acquiring friend information) in the host environment corresponding to the identifier received by the request receiving unit 601. Here, the target interface corresponding to the identification of the virtual interface may be, for example, the same target interface as the identification of the virtual interface.
In this embodiment, the call returning unit 603 may call the target interface determined by the interface determining unit 602, and then return the obtained call result (for example, the friend information) to the first server, and further return the call result to the third party code, thereby implementing the interface call process of the third party code.
Compared with the method for directly running the third party code in the host environment, the method for running the third party code in the sandbox environment provided by the embodiment can effectively isolate the running environment of the third party code from the host environment, so that the host environment can be prevented from being influenced when the third party code calls the interface.
In some optional implementations of this embodiment, the second server may correspond to a plurality of first servers. That is, one host environment may correspond to multiple sandbox environments. That is, the second server may receive invocation requests of the plurality of first servers. Corresponding to this implementation, the apparatus 600 for running third party code in a sandbox environment may also include an asynchronous processing unit. The asynchronous processing unit is configured to process the received call requests by adopting an asynchronous mechanism, so that the call requests can not be blocked mutually.
In some optional implementations of this embodiment, the hosted environment may also be deployed on other second servers (e.g., a second server other than the currently executing principal). Corresponding to this implementation, the apparatus 600 for running third party code in a sandbox environment may also include a request forwarding unit. Wherein the request forwarding unit is configured to forward part of the received invocation requests to other servers of the deployment host environment in response to receiving more than a preset number of computationally intensive invocation requests (e.g., invocation requests to be trained online on the machine learning model) within a preset time period (e.g., 1 s). The host environment is deployed on the plurality of second servers, and when a certain second server frequently receives the calculation-intensive tasks in a short time period, the tasks are forwarded to other second servers, so that the request pressure can be uniformly shared, and the correct request time sequence of the sandbox environment is guaranteed.
The apparatus for running the third party code in the sandbox environment according to the foregoing embodiment of the present application receives the call request sent by the first server deploying the sandbox environment, then determines the target interface corresponding to the identifier in the call request in the host environment, and finally calls the target interface and returns the obtained call result to the first server, so that the security of the third party code can be effectively controlled.
Referring now to fig. 7, a schematic diagram of a computer system 700 suitable for implementing an electronic device (e.g., the first server 101 or the second server 103 shown in fig. 1) according to an embodiment of the present application is shown. The electronic device shown in fig. 7 is only an example, and should not bring any limitation to the functions and the use range of the embodiment of the present application.
As shown in fig. 7, the computer system 700 includes one or more Central Processing Units (CPUs) 701, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 702 or a program loaded from a storage section 708 into a Random Access Memory (RAM) 703. In the RAM 703, various programs and data necessary for the operation of the system 700 are also stored. The CPU 701, ROM 702, and RAM 703 are connected to each other via a bus 704. An input/output (I/O) interface 705 is also connected to bus 704.
The following components are connected to the I/O interface 705: an input portion 706 including a mouse, a keyboard, and the like; an output section 707 including a display such as an Organic Light Emitting Diode (OLED) display, a Liquid Crystal Display (LCD), and a speaker; a storage section 708 including a hard disk and the like; and a communication section 709 including a network interface card such as a LAN card, a modem, or the like. The communication section 709 performs communication processing via a network such as the internet. A drive 710 is also connected to the I/O interface 705 as needed. A removable medium 711 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 710 as necessary, so that a computer program read out therefrom is mounted into the storage section 708 as necessary.
In particular, according to an embodiment of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program can be downloaded and installed from a network through the communication section 709, and/or installed from the removable medium 711. The computer program performs the above-described functions defined in the method of the embodiment of the present application when executed by the Central Processing Unit (CPU) 701.
It should be noted that the computer readable medium described herein can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In this application, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for embodiments of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present application may be implemented by software or hardware. The described units may also be provided in a processor, and may be described as: a processor includes an identification acquisition unit, a request transmission unit, and a result reception unit. Where the names of these units do not constitute a limitation on the unit itself under certain circumstances, for example, the identification acquisition unit may also be described as a "unit that acquires the identification of a virtual interface in response to detecting that third party code calls the virtual interface of the type of isolation operation in the sandbox environment at runtime".
As another aspect, the present application also provides a computer-readable medium, which may be contained in the client or the server described in the above embodiments; or may exist separately without being assembled into the first server or the second server. The computer readable medium carries one or more programs which, when executed by the first server, cause the first server to: responding to the fact that the third party code is detected to call the virtual interface of the isolation operation type in the sandbox environment when the third party code runs, and obtaining the identification of the virtual interface; sending a call request for calling the target interface corresponding to the identifier to a second server deploying the host environment, wherein the first server is physically isolated from the second server; and receiving a calling result obtained after the target interface corresponding to the identifier returned by the second server is called. The one or more programs, when executed by the second server, cause the second server to: receiving a call request sent by a first server deploying the sandbox environment, wherein the call request comprises an identifier of a virtual interface of an isolation operation type in the sandbox environment called by a third-party code during operation, and the first server is physically isolated from a second server; determining a target interface corresponding to the identifier; and calling the determined target interface, and returning the obtained calling result to the first server.
The foregoing description is only exemplary of the preferred embodiments of the application and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention herein disclosed is not limited to the particular combination of features described above, but also encompasses other arrangements in which any combination of the features described above or their equivalents does not depart from the spirit of the invention disclosed above. For example, the above features may be replaced with (but not limited to) features having similar functions disclosed in the present application.

Claims (11)

1. A method for running third party code in a sandbox environment for a first server deploying the sandbox environment, the method comprising:
responding to the fact that the third party code is detected to call a virtual interface of an isolation operation type in the sandbox environment when running, and obtaining an identification of the virtual interface, wherein the isolation operation type represents an operation type which can cause safety influence on a host environment;
sending a call request to a second server of the deployment hosting environment to call a target interface corresponding to the identification, the first server being physically isolated from the second server;
receiving a calling result which is returned by the second server and is obtained after the target interface corresponding to the identifier is called;
and in response to detecting that the third party code calls a target interface of a non-isolated operation type in the sandbox environment at runtime, directly calling the target interface of the non-isolated operation type.
2. The method of claim 1, wherein the virtual interface is invoked in the same manner as the corresponding target interface.
3. The method of claim 1, wherein the method further comprises:
and in response to the fact that the calling result is not received within a preset time period, the calling request is sent to the second server again.
4. The method of claim 1, wherein prior to detecting the third party code, the method further comprises:
receiving the third party code submitted by a developer to be run in the host environment, and deploying the third party code in the sandbox environment.
5. A method for running third party code in a sandbox environment for deployment of a second server of a hosted environment, the method comprising:
receiving a call request sent by a first server deploying a sandbox environment, wherein the call request comprises an identification of a virtual interface of an isolated operation type in the sandbox environment called by the third party code at runtime, and the first server is physically isolated from the second server, wherein the isolated operation type represents an operation type which can cause a security impact on a host environment, and in response to determining that the third party code calls a target interface of a non-isolated operation type in the sandbox environment at runtime, the third party code directly calls the target interface of the non-isolated operation type;
determining a target interface corresponding to the identifier;
and calling the determined target interface, and returning the obtained calling result to the first server.
6. The method of claim 5, wherein the second server corresponds to a plurality of first servers, the method further comprising:
and processing the received call request by adopting an asynchronous mechanism.
7. The method of claim 5, wherein the method further comprises:
in response to receiving more than a preset number of computationally intensive invocation requests within a preset time period, forwarding a portion of the received invocation requests to other servers deploying the hosting environment.
8. An apparatus for running third party code in a sandbox environment for a first server deploying the sandbox environment, the apparatus comprising:
an identification obtaining unit configured to obtain an identification of a virtual interface in response to detecting that the third party code calls the virtual interface of an isolation operation type in the sandbox environment at runtime, wherein the isolation operation type represents an operation type that may cause a security impact on a host environment;
a request sending unit configured to send a call request for calling a target interface corresponding to the identifier to a second server deploying a hosting environment, the first server being physically isolated from the second server;
a result receiving unit configured to receive a calling result obtained after the target interface corresponding to the identifier returned by the second server is called;
an interface calling unit configured to directly call a target interface of a non-isolated operation type in the sandbox environment in response to detecting that the third party code calls the target interface of the non-isolated operation type at runtime.
9. An apparatus for running third party code in a sandbox environment for deployment of a second server in a hosted environment, the apparatus comprising:
a request receiving unit configured to receive a call request sent by a first server deploying the sandbox environment, the call request including an identification of a virtual interface of an isolated operation type in the sandbox environment that the third party code calls at runtime, the first server being physically isolated from the second server, wherein the isolated operation type characterizes an operation type that may cause a security impact on a host environment, the third party code directly calling a target interface of a non-isolated operation type in the sandbox environment in response to determining that the third party code calls the target interface of the non-isolated operation type at runtime;
an interface determination unit configured to determine a target interface corresponding to the identifier;
and the call returning unit is configured to call the determined target interface and return the obtained call result to the first server.
10. An electronic device, comprising:
one or more processors;
a storage device having one or more programs stored thereon;
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-4, or to implement the method of any one of claims 5-7.
11. A computer-readable medium, on which a computer program is stored which, when being executed by a processor, carries out the method of any one of claims 1 to 4, or carries out the method of any one of claims 5 to 7.
CN201811108552.9A 2018-09-21 2018-09-21 Method and apparatus for running third party code in a sandbox environment Active CN109325345B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811108552.9A CN109325345B (en) 2018-09-21 2018-09-21 Method and apparatus for running third party code in a sandbox environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811108552.9A CN109325345B (en) 2018-09-21 2018-09-21 Method and apparatus for running third party code in a sandbox environment

Publications (2)

Publication Number Publication Date
CN109325345A CN109325345A (en) 2019-02-12
CN109325345B true CN109325345B (en) 2022-10-28

Family

ID=65265766

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811108552.9A Active CN109325345B (en) 2018-09-21 2018-09-21 Method and apparatus for running third party code in a sandbox environment

Country Status (1)

Country Link
CN (1) CN109325345B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111708646A (en) * 2020-06-16 2020-09-25 中国建设银行股份有限公司 Method, device and system for realizing front-end service platform and storage medium
CN114117409A (en) * 2021-11-19 2022-03-01 上海商汤临港智能科技有限公司 User code operation method and device, electronic equipment and storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102232217A (en) * 2008-12-02 2011-11-02 微软公司 Sandboxed execution of plug-ins
CN103377349A (en) * 2012-04-27 2013-10-30 美国博通公司 Security controlled multi-processor system

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8640187B2 (en) * 2010-05-28 2014-01-28 Red Hat, Inc. Systems and methods for providing an fully functional isolated execution environment for accessing content
CN102436508B (en) * 2011-12-28 2013-08-14 奇智软件(北京)有限公司 Method and device for browsing webpage based on sandbox technique
CN104184774B (en) * 2013-05-24 2017-12-26 阿里巴巴集团控股有限公司 A kind of information processing method and system based on sandbox environment
CN103761139B (en) * 2014-01-25 2017-02-08 湖南大学 General purpose computation virtualization implementation method based on dynamic library interception
CN105095970B (en) * 2014-04-25 2018-09-21 阿里巴巴集团控股有限公司 The execution method and system of third-party application
CN106897611A (en) * 2017-03-03 2017-06-27 金光 Secure virtual mobile applications running environment system and method and application without root authority
CN108255708B (en) * 2017-12-14 2021-05-07 海尔优家智能科技(北京)有限公司 Method, device, storage medium and equipment for accessing production file in test environment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102232217A (en) * 2008-12-02 2011-11-02 微软公司 Sandboxed execution of plug-ins
CN103377349A (en) * 2012-04-27 2013-10-30 美国博通公司 Security controlled multi-processor system

Also Published As

Publication number Publication date
CN109325345A (en) 2019-02-12

Similar Documents

Publication Publication Date Title
US11240261B2 (en) Systems and methods for providing user interfaces based on actions associated with untrusted emails
US10848521B1 (en) Malicious content analysis using simulated user interaction without user involvement
US10732962B1 (en) End-to-end deployment infrastructure
CN109032706B (en) Intelligent contract execution method, device, equipment and storage medium
US11461125B2 (en) Methods and apparatus to publish internal commands as an application programming interface in a cloud infrastructure
US8910291B2 (en) Black-box testing of web applications with client-side code evaluation
US11237844B2 (en) Method and apparatus for loading kernel module
US9460291B2 (en) Detecting stored cross-site scripting vulnerabilities in web applications
US20160191547A1 (en) Zero-Day Rotating Guest Image Profile
AU2018201941A1 (en) Automated program code analysis and reporting
US20150332043A1 (en) Application analysis system for electronic devices
US11726800B2 (en) Remote component loader
US20190188384A1 (en) Detecting script-based malware
US10838780B2 (en) Portable hosted content
CN110688428B (en) Method and device for issuing intelligent contracts
CN107368339B (en) Container entrance program operation method, system, device and storage medium
US10908897B2 (en) Distributing services to client systems to develop in a shared development environment
CN109325345B (en) Method and apparatus for running third party code in a sandbox environment
US10902151B2 (en) Cognitive API policy manager
US9632816B2 (en) Scaling past the Java virtual machine thread limit
CN108804713B (en) Image output method, electronic device, and computer-readable medium
CN112579192B (en) Information processing method, apparatus, system, and computer-readable storage medium
CN118260750A (en) Attack behavior detection method and device, and attack behavior blocking method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant