• Stars
    star
    110
  • Rank 316,770 (Top 7 %)
  • Language
    TypeScript
  • Created about 5 years ago
  • Updated 7 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

JavaScript Near Membrane Library that powers Lightning Locker Service

JavaScript Near Membrane Library

This library implements a "near membrane" that can connect two Realms (the Incubator Realm, and the Child Realm) running on the same process. As a result, the Child Realm will emulate the capabilities of the Incubator Realm, plus the distortions defined as part of the near membrane configuration. Code evaluated inside the Child Realm will function as if it is evaluated in the Incubator Realm, exhibiting identity continuity, while preserving the integrity of the Incubator Realm by limiting the side effects that such code can have.

Goals

  • Code executed inside the sandboxed environment cannot observe the sandbox.
  • Mutations on the object graph should only affect the sandboxed environment.

Non-goals

  • This library does not provide security guarantees, those must be implemented on top of the distortion mechanism.

Terminology

In order to make it easier to explain how this library works, we use a color code to identify objects and values in general from both sides of the sandbox:

  • Blue Realm is the Incubator Realm.
  • Red Realm is the Child Realm that is sandboxed by this library.
  • Blue Object, Blue Array, Blue Function, and Blue Values denote values that belong to the Blue Realm.
  • Red Object, Red Array, Red Function, and Red Values denote values that belong to the Red Realm.
  • Blue Proxy denote a Proxy created in the Blue Realm with a target that belongs to the Red Value.
  • Red Proxy denotes a proxy created in the Red Realm with a target being a Blue Value.

Design

This library implements a near membrane to sandbox a JavaScript environment object graph. This membrane is responsible for connecting the Blue Realm with a Red Realm, and it does that by remapping global references in the Red Realm to be Red Proxies (proxies of Blue Values).

This membrane modulates the communication between the two sides, specifically by creating proxies around objects, arrays and functions, while letting other primitives values travel safely throughout the membrane.

Cross-sandbox communication

Since you can have multiple sandboxes associated to the Blue Realm, there is a possibility that they communicate with each other. This communication relies on the marshaling principle to avoid wrapping proxies over proxies when values are bounced between sandboxes via the Blue Realm. It does that by preserving the identity of the Blue Proxies observed by the Blue Realm. The Blue Realm is in control at all times, and the only way to communicate between sandboxes is to go through the Blue Realm.

Implementation Details

Implementation in Browsers

In browsers, since we don't have a way to create a light-weight Realm that is synchronously accessible (that will be solved in part by the stage 3 ShadowRealms Proposal), we are forced to use a same-domain iframe in order to isolate the code to be evaluated inside a sandbox for a particular window.

Detached iframes

Since the iframes have many ways to reach out to the opener/top window reference, we are forced to use a detached iframe, which is, on itself, a complication. A detached iframe's window is a window that does not have any host behavior associated to it, in other words, this window does not have an origin after disconnecting the iframe, which means it can't execute any DOM API without throwing an error. Luckily for us, the JavaScript intrinsics, and all JavaScript language features specified by ECMA262 and ECMA402 are still alive and kicking in that iframe, except for one feature, dynamic imports in a form of import(specifier).

To mitigate the issue with dynamic imports, we are forced to transpile the code that attempts to use this feature of the language, otherwise it will just fail to fetch the module because there is no origin available at the host level. However, transpiling dynamic imports is a very common way to bundle code for production systems today.

Unforgeables

The window reference in the detached iframe, just like any other window reference in browsers, contains various unforgeable descriptors, these are descriptors installed in Window, and other globals that are non-configurable, and therefor this library cannot remove them or replace them with a Red Proxy. Must notable, we have the window's prototype chain that is completely unforgeable:

window -> Window.prototype -> WindowProperties.prototype -> EventTarget.prototype

What we do in this case is to keep the identity of those unforgeable around, but changing the descriptors installing on them, and any other method that expects these identities to be passed to them. This make them effectively harmless because they don't give any power.

Additionally, there are other unforgeables like location that are host bounded, in that case, we don't have to do much since the detaching mechanism will automatically invalidate them.

These can only be virtualized via transpilation if they need to be available inside the sandbox. Such transpilation process is not provided as part of this library.

Requirements

The only requirement for the in-browser sandboxing mechanism described above is the usage of eval as the main mechanism for evaluating code inside the sandbox. This means your CSP rules should include at least script-src: 'unsafe-eval' in order for this library to function.

Performance

Even though this library is still experimental, we want to showcase that it is possible to have a membrane that is fairly fast. The main feature of this library is the laziness aspect of the Red Proxies. Those proxies are only going to be initialized when one of the proxy's traps is invoked the first time. This allow us to have a sandbox creation process that is extremely fast.

Additionally, since existing host JavaScript environments are immense due to the amount of APIs that they offer, most programs will only need a very small subset of those APIs, and this library only activates the portions of the object graph that are observed by the executed code, making it really light weight compared to other implementations.

Finally, Blue Proxies are not lazy, they are initialized the first time they go through the membrane even if they are not used by the Blue Realm. This could be changed in the future if it becomes a bottleneck. For now, since this is a less common case, it seems to be fine.

Where can I use this library?

We do not know the applications of this library just yet, but we suspect that there are many scenarios where it can be useful. Here are some that we have identified:

  • Sandbox code to preserve the integrity of the app creating the sandbox, all code inside the sandbox will not observe that it is being sandboxed, but will not cause any integrity change that can cause the app's code to malfunction.
  • Sandbox for polyfills: if you need to evaluate code that requires different set of polyfills and environment configuration, you could sandbox it without distortions.
  • Limiting capabilities: if you need to evaluate code that should not have access to certain capabilities (global objects, getter, setters, etc.) you could sandbox it with a set of distortions to accommodate such limitations.
  • Time-sensitive: If you need to evaluate code that should not observe time or should simulate a different time-frame, you should sandbox it with a set of distortions that can adjust the timers.

The Code

  • This library is distributed via npm packages @locker/near-membrane-base, @locker/near-membrane-dom and @locker/near-membrane-node.
  • This library is implemented using TypeScript, and produces the proper TypeScript types, in case you care about it.
  • Few tests are provided as of now, but the plan is to rely on existing tests (e.g.: WPT or ECMA262) to validate that the near membrane created by this library is a high-fidelity membrane.
  • The src/ folder contains the library code, while the dist/ folder will contain the compiled distributable code produced by executing the build script from package.json.
  • This library does not have any runtime dependency, in fact it is very tiny.

Challenges

Debuggability

  • Debugging is still very challenging considering that dev-tools are still catching up with the Proxies. Chrome for example has differences displaying proxies in the console vs the watch panel.

Additionally, there is an existing bug in ChromeDev-tools that prevent a detached iframe to be debugged (https://bugs.chromium.org/p/chromium/issues/detail?id=1015462).

WindowProxy

The window reference in the iframe, just like any other window reference in browsers, exhibit a bizarre behavior, the WindowProxy behavior. This has two big implications for this implementation when attempting to give access to other window references coming from same domain iframes (e.g.: sandboxing the main app + one iframe):

  • each window will require a new detached iframe to sandbox each of them, but if the iframe navigates to another page, the window reference remains the same, but the internal of the non-observable real window are changing. Otherwise distortions defined for the sandbox will not apply to the identity of the methods from the same-domain iframe.
  • GCing the sandbox when the iframe navigates out is tricky due to the fact that the original iframe's window reference remains the same, and it is used by few of the internal maps.

For those reasons, we do not support accessing other realm instances from within the sandbox at the moment.

Browsers Support and Stats

  • Modern browsers with support for ES6 Proxy and WeakMaps.
  • This library: ~3kb minified/gzip for browsers, ~2kb for node (no external dependencies).

More Repositories

1

LAVIS

LAVIS - A One-stop Library for Language-Vision Intelligence
Jupyter Notebook
9,587
star
2

CodeGen

CodeGen is a family of open-source model for program synthesis. Trained on TPU-v4. Competitive with OpenAI Codex.
Python
4,594
star
3

BLIP

PyTorch code for BLIP: Bootstrapping Language-Image Pre-training for Unified Vision-Language Understanding and Generation
Jupyter Notebook
3,879
star
4

akita

🚀 State Management Tailored-Made for JS Applications
TypeScript
3,442
star
5

Merlion

Merlion: A Machine Learning Framework for Time Series Intelligence
Python
3,355
star
6

ja3

JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.
Python
2,666
star
7

CodeT5

Home of CodeT5: Open Code LLMs for Code Understanding and Generation
Python
2,437
star
8

decaNLP

The Natural Language Decathlon: A Multitask Challenge for NLP
Python
2,301
star
9

TransmogrifAI

TransmogrifAI (pronounced trăns-mŏgˈrə-fī) is an AutoML library for building modular, reusable, strongly typed machine learning workflows on Apache Spark with minimal hand-tuning
Scala
2,234
star
10

policy_sentry

IAM Least Privilege Policy Generator
Python
1,986
star
11

cloudsplaining

Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
JavaScript
1,972
star
12

awd-lstm-lm

LSTM and QRNN Language Model Toolkit for PyTorch
Python
1,900
star
13

ctrl

Conditional Transformer Language Model for Controllable Generation
Python
1,766
star
14

lwc

⚡️ LWC - A Blazing Fast, Enterprise-Grade Web Components Foundation
JavaScript
1,619
star
15

WikiSQL

A large annotated semantic parsing corpus for developing natural language interfaces.
HTML
1,606
star
16

sloop

Kubernetes History Visualization
Go
1,457
star
17

CodeTF

CodeTF: One-stop Transformer Library for State-of-the-art Code LLM
Python
1,375
star
18

ALBEF

Code for ALBEF: a new vision-language pre-training method
Python
1,276
star
19

pytorch-qrnn

PyTorch implementation of the Quasi-Recurrent Neural Network - up to 16 times faster than NVIDIA's cuDNN LSTM
Python
1,255
star
20

ai-economist

Foundation is a flexible, modular, and composable framework to model socio-economic behaviors and dynamics with both agents and governments. This framework can be used in conjunction with reinforcement learning to learn optimal economic policies, as done by the AI Economist (https://www.einstein.ai/the-ai-economist).
Python
964
star
21

design-system-react

Salesforce Lightning Design System for React
JavaScript
919
star
22

jarm

Python
914
star
23

tough-cookie

RFC6265 Cookies and CookieJar for Node.js
TypeScript
858
star
24

OmniXAI

OmniXAI: A Library for eXplainable AI
Jupyter Notebook
853
star
25

reactive-grpc

Reactive stubs for gRPC
Java
826
star
26

xgen

Salesforce open-source LLMs with 8k sequence length.
Python
717
star
27

UniControl

Unified Controllable Visual Generation Model
Python
614
star
28

vulnreport

Open-source pentesting management and automation platform by Salesforce Product Security
HTML
593
star
29

hassh

HASSH is a network fingerprinting standard which can be used to identify specific Client and Server SSH implementations. The fingerprints can be easily stored, searched and shared in the form of a small MD5 fingerprint.
Python
529
star
30

progen

Official release of the ProGen models
Python
518
star
31

base-components-recipes

A collection of base component recipes for Lightning Web Components on Salesforce Platform
JavaScript
509
star
32

Argus

Time series monitoring and alerting platform.
Java
501
star
33

CodeRL

This is the official code for the paper CodeRL: Mastering Code Generation through Pretrained Models and Deep Reinforcement Learning (NeurIPS22).
Python
488
star
34

matchbox

Write PyTorch code at the level of individual examples, then run it efficiently on minibatches.
Python
488
star
35

PCL

PyTorch code for "Prototypical Contrastive Learning of Unsupervised Representations"
Python
483
star
36

DialogStudio

DialogStudio: Towards Richest and Most Diverse Unified Dataset Collection and Instruction-Aware Models for Conversational AI
Python
472
star
37

cove

Python
470
star
38

warp-drive

Extremely Fast End-to-End Deep Multi-Agent Reinforcement Learning Framework on a GPU (JMLR 2022)
Python
452
star
39

PyRCA

PyRCA: A Python Machine Learning Library for Root Cause Analysis
Python
408
star
40

observable-membrane

A Javascript Membrane implementation using Proxies to observe mutation on an object graph
TypeScript
368
star
41

DeepTime

PyTorch code for Learning Deep Time-index Models for Time Series Forecasting (ICML 2023)
Python
351
star
42

ULIP

Python
316
star
43

MultiHopKG

Multi-hop knowledge graph reasoning learned via policy gradient with reward shaping and action dropout
Jupyter Notebook
300
star
44

logai

LogAI - An open-source library for log analytics and intelligence
Python
298
star
45

CodeGen2

CodeGen2 models for program synthesis
Python
272
star
46

provis

Official code repository of "BERTology Meets Biology: Interpreting Attention in Protein Language Models."
Python
269
star
47

causalai

Salesforce CausalAI Library: A Fast and Scalable framework for Causal Analysis of Time Series and Tabular Data
Jupyter Notebook
256
star
48

jaxformer

Minimal library to train LLMs on TPU in JAX with pjit().
Python
255
star
49

EDICT

Jupyter Notebook
247
star
50

rules_spring

Bazel rule for building Spring Boot apps as a deployable jar
Starlark
224
star
51

ETSformer

PyTorch code for ETSformer: Exponential Smoothing Transformers for Time-series Forecasting
Python
221
star
52

TabularSemanticParsing

Translating natural language questions to a structured query language
Jupyter Notebook
220
star
53

themify

👨‍🎨 CSS Themes Made Easy. A robust, opinionated solution to manage themes in your web application
TypeScript
216
star
54

simpletod

Official repository for "SimpleTOD: A Simple Language Model for Task-Oriented Dialogue"
Python
212
star
55

grpc-java-contrib

Useful extensions for the grpc-java library
Java
208
star
56

GeDi

GeDi: Generative Discriminator Guided Sequence Generation
Python
207
star
57

aws-allowlister

Automatically compile an AWS Service Control Policy that ONLY allows AWS services that are compliant with your preferred compliance frameworks.
Python
207
star
58

generic-sidecar-injector

A generic framework for injecting sidecars and related configuration in Kubernetes using Mutating Webhook Admission Controllers
Go
203
star
59

mirus

Mirus is a cross data-center data replication tool for Apache Kafka
Java
201
star
60

CoST

PyTorch code for CoST: Contrastive Learning of Disentangled Seasonal-Trend Representations for Time Series Forecasting (ICLR 2022)
Python
196
star
61

factCC

Resources for the "Evaluating the Factual Consistency of Abstractive Text Summarization" paper
Python
192
star
62

runway-browser

Interactive visualization framework for Runway models of distributed systems
JavaScript
188
star
63

glad

Global-Locally Self-Attentive Dialogue State Tracker
Python
186
star
64

cloud-guardrails

Rapidly apply hundreds of security controls in Azure
HCL
181
star
65

ALPRO

Align and Prompt: Video-and-Language Pre-training with Entity Prompts
Python
177
star
66

densecap

Jupyter Notebook
176
star
67

kafka-junit

This library wraps Kafka's embedded test cluster, allowing you to more easily create and run integration tests using JUnit against a "real" kafka server running within the context of your tests. No need to stand up an external kafka cluster!
Java
167
star
68

booksum

Python
167
star
69

sfdx-lwc-jest

Run Jest against LWC components in SFDX workspace environment
JavaScript
162
star
70

hierarchicalContrastiveLearning

Python
149
star
71

ctrl-sum

Resources for the "CTRLsum: Towards Generic Controllable Text Summarization" paper
Python
146
star
72

cos-e

Commonsense Explanations Dataset and Code
Python
144
star
73

secure-filters

Anti-XSS Security Filters for EJS and More
JavaScript
138
star
74

metabadger

Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2).
Python
129
star
75

dockerfile-image-update

A tool that helps you get security patches for Docker images into production as quickly as possible without breaking things
Java
127
star
76

Converse

Python
125
star
77

refocus

The Go-To Platform for Visualizing Service Health
JavaScript
125
star
78

CoMatch

Code for CoMatch: Semi-supervised Learning with Contrastive Graph Regularization
Python
117
star
79

BOLAA

Python
114
star
80

fsnet

Python
111
star
81

rng-kbqa

Python
110
star
82

botsim

BotSIM - a data-efficient end-to-end Bot SIMulation toolkit for evaluation, diagnosis, and improvement of commercial chatbots
Jupyter Notebook
108
star
83

bazel-eclipse

This repo holds two IDE projects. One is the Eclipse Feature for developing Bazel projects in Eclipse. The Bazel Eclipse Feature supports importing, building, and testing Java projects that are built using the Bazel build system. The other is the Bazel Java Language Server, which is a build integration for IDEs such as VS Code.
Java
108
star
84

MUST

PyTorch code for MUST
Python
103
star
85

bro-sysmon

How to Zeek Sysmon Logs!
Zeek
100
star
86

Timbermill

A better logging service
Java
99
star
87

AuditNLG

AuditNLG: Auditing Generative AI Language Modeling for Trustworthiness
Python
97
star
88

eslint-plugin-lwc

Official ESLint rules for LWC
JavaScript
96
star
89

best

🏆 Delightful Benchmarking & Performance Testing
TypeScript
95
star
90

craft

CRAFT removes the language barrier to create Kubernetes Operators.
Go
93
star
91

eslint-config-lwc

Opinionated ESLint configurations for LWC projects
JavaScript
93
star
92

online_conformal

Methods for online conformal prediction.
Jupyter Notebook
90
star
93

lobster-pot

Scans every git push to your Github organisations to find unwanted secrets.
Go
88
star
94

ml4ir

Machine Learning for Information Retrieval
Jupyter Notebook
85
star
95

violet-conversations

Sophisticated Conversational Applications/Bots
JavaScript
84
star
96

apex-mockery

Lightweight mocking library in Apex
Apex
83
star
97

fast-influence-functions

Python
83
star
98

MoPro

MoPro: Webly Supervised Learning
Python
79
star
99

TaiChi

Open source library for few shot NLP
Python
79
star
100

helm-starter-istio

An Istio starter template for Helm
Shell
78
star