forked from denoland/deno
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Co-authored-by: Marco Abbadini <[email protected]> Co-authored-by: Dario Facchinetti <[email protected]> Co-authored-by: Matthew Rossi <[email protected]>
- Loading branch information
4 people
committed
May 25, 2023
1 parent
39cd1ab
commit 0d9edca
Showing
1 changed file
with
26 additions
and
104 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,104 +1,26 @@ | ||
| # Deno | ||
|
|
||
| [![Build Status - Cirrus][]][Build status] [![Twitter handle][]][Twitter badge] | ||
| [](https://discord.gg/deno) | ||
|
|
||
| <img align="right" src="https://deno.land/logo.svg" height="150px" alt="the deno mascot dinosaur standing in the rain"> | ||
|
|
||
| Deno is a _simple_, _modern_ and _secure_ runtime for **JavaScript** and | ||
| **TypeScript** that uses V8 and is built in Rust. | ||
|
|
||
| ### Features | ||
|
|
||
| - Secure by default. No file, network, or environment access, unless explicitly | ||
| enabled. | ||
| - Supports TypeScript out of the box. | ||
| - Ships only a single executable file. | ||
| - [Built-in utilities.](https://deno.land/manual/tools#built-in-tooling) | ||
| - Set of reviewed standard modules that are guaranteed to work with | ||
| [Deno](https://deno.land/std/). | ||
|
|
||
| ### Install | ||
|
|
||
| Shell (Mac, Linux): | ||
|
|
||
| ```sh | ||
| curl -fsSL https://deno.land/x/install/install.sh | sh | ||
| ``` | ||
|
|
||
| PowerShell (Windows): | ||
|
|
||
| ```powershell | ||
| iwr https://deno.land/x/install/install.ps1 -useb | iex | ||
| ``` | ||
|
|
||
| [Homebrew](https://formulae.brew.sh/formula/deno) (Mac): | ||
|
|
||
| ```sh | ||
| brew install deno | ||
| ``` | ||
|
|
||
| [Chocolatey](https://chocolatey.org/packages/deno) (Windows): | ||
|
|
||
| ```powershell | ||
| choco install deno | ||
| ``` | ||
|
|
||
| [Scoop](https://scoop.sh/) (Windows): | ||
|
|
||
| ```powershell | ||
| scoop install deno | ||
| ``` | ||
|
|
||
| Build and install from source using [Cargo](https://crates.io/crates/deno): | ||
|
|
||
| ```sh | ||
| cargo install deno --locked | ||
| ``` | ||
|
|
||
| See | ||
| [deno_install](https://github.com/denoland/deno_install/blob/master/README.md) | ||
| and [releases](https://github.com/denoland/deno/releases) for other options. | ||
|
|
||
| ### Getting Started | ||
|
|
||
| Try running a simple program: | ||
|
|
||
| ```sh | ||
| deno run https://deno.land/std/examples/welcome.ts | ||
| ``` | ||
|
|
||
| Or a more complex one: | ||
|
|
||
| ```ts | ||
| const listener = Deno.listen({ port: 8000 }); | ||
| console.log("http:https://localhost:8000/"); | ||
|
|
||
| for await (const conn of listener) { | ||
| serve(conn); | ||
| } | ||
|
|
||
| async function serve(conn: Deno.Conn) { | ||
| for await (const { respondWith } of Deno.serveHttp(conn)) { | ||
| respondWith(new Response("Hello world")); | ||
| } | ||
| } | ||
| ``` | ||
|
|
||
| You can find a deeper introduction, examples, and environment setup guides in | ||
| the [manual](https://deno.land/manual). | ||
|
|
||
| The complete API reference is available at the runtime | ||
| [documentation](https://doc.deno.land). | ||
|
|
||
| ### Contributing | ||
|
|
||
| We appreciate your help! | ||
|
|
||
| To contribute, please read our | ||
| [contributing instructions](https://deno.land/manual/contributing). | ||
|
|
||
| [Build Status - Cirrus]: https://github.com/denoland/deno/workflows/ci/badge.svg?branch=main&event=push | ||
| [Build status]: https://github.com/denoland/deno/actions | ||
| [Twitter badge]: https://twitter.com/intent/follow?screen_name=deno_land | ||
| [Twitter handle]: https://img.shields.io/twitter/follow/deno_land.svg?style=social&label=Follow | ||
| # Cage4Deno | ||
|
|
||
| This repository contains all the code and data necessary for building | ||
| Cage4Deno, tool presented in our paper | ||
| [Cage4Deno: A Fine-Grained Sandbox for Deno Subprocesses](https://cs.unibg.it/seclab-papers/2023/ASIACCS/paper/cage4deno.pdf). | ||
|
|
||
| ## Abstract | ||
| Deno is a runtime for JavaScript and TypeScript that is receiving | ||
| great interest by developers, and is increasingly used for the | ||
| construction of back-ends of web applications. A primary goal of Deno | ||
| is to provide a secure and isolated environment for the execution of | ||
| JavaScript programs. It also supports the execution of subprocesses, | ||
| unfortunately without providing security guarantees. | ||
| In this work we propose *Cage4Deno*, a set of modifications to | ||
| Deno enabling the creation of fine-grained sandboxes for the | ||
| execution of subprocesses. The design of Cage4Deno satisfies the | ||
| compatibility, transparency, flexibility, usability, security, | ||
| and performance needs of a modern sandbox. The realization of these | ||
| requirements partially stems from the use of Landlock and eBPF, | ||
| two robust and efficient security technologies. Significant attention | ||
| has been paid to the design of a flexible and compact policy model | ||
| consisting of **RWX** permissions, which can be automatically created, | ||
| and deny rules to declare exceptions. The sandbox effectiveness | ||
| is demonstrated by successfully blocking a number of exploits for | ||
| recent CVEs, while runtime experiments prove its efficiency. The | ||
| proposal is associated with an open-source implementation. |