fix(security): isolate plugin parser subprocess network#1737
Open
anshul23102 wants to merge 1 commit into
Open
fix(security): isolate plugin parser subprocess network#1737anshul23102 wants to merge 1 commit into
anshul23102 wants to merge 1 commit into
Conversation
Issue utksh1#1620: plugin parsers previously inherited the parent's full network stack. A malicious parser.py could exfiltrate scan findings to an attacker-controlled server over a plain socket, with no control here. Fix: on Linux with unprivileged user namespaces, spawn parser subprocesses in a fresh network namespace with 'unshare --user --net'. The child has no network interfaces configured except a loopback that is down by default, so it cannot reach any host. Parsers only transform text already captured from the scanner (never network-bound); they have zero legitimate need for network access. Unshare capability is probed once at startup via _unshare_net_supported(), which checks platform, binary availability, and runtime support. On non-Linux hosts or if the capability check fails for any reason (restrictive container runtime, disabled user namespaces, etc.), we warn once and fail open, spawning without isolation, rather than refusing all plugins. The broader threat model is documented in docs/plugins/plugin-security-checklist.md. Testing: - testing/backend/integration/test_parser_network_isolation.py: 4 tests covering capability probe, argv construction with/without isolation, and successful parser execution under isolation. - pytest testing/backend/integration -q -m "not benchmark" -- 288 passed, 9 skipped (284 baseline + 4 new) - ruff check backend/secuscan/parser_sandbox.py -- all checks passed Fixes utksh1#1620
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Split out of #1700 per review feedback -- this PR is scoped to issue #1620 only.
Problem
Plugin parsers previously inherited the parent's full network stack. A malicious
parser.pycould exfiltrate scan findings to an attacker-controlled server over a plain socket, with no control in place.Fix
On Linux with unprivileged user namespaces, spawn parser subprocesses in a fresh network namespace with
unshare --user --net. The child has no network interfaces configured except a loopback that is down by default, so it cannot reach any host. Parsers only transform text already captured from the scanner (never network-bound); they have zero legitimate need for network access.Unshare capability is probed once at startup via
_unshare_net_supported(), which checks platform, binary availability, and runtime support. On non-Linux hosts or if the capability check fails for any reason (restrictive container runtime, disabled user namespaces, etc.), we warn once and fail open, spawning without isolation, rather than refusing all plugins. The broader threat model is documented indocs/plugins/plugin-security-checklist.md.Testing
testing/backend/integration/test_parser_network_isolation.py: 4 tests covering capability probe, argv construction with/without isolation, and successful parser execution under isolation -- all passingruff check backend/secuscan/parser_sandbox.py-- all checks passedFixes #1620