Scope: managed applications, ordinary applications.
1. When you develop applications, note that not only execution of a code written in the Enterprise mode is unsafe, but also places, where the Execute or Eval methods are used to execute the code created based on parameters passed to server functions and procedures. This restriction is not applicable to the code being executed on the client.
For example, the code is written as follows:
- In the form of a client function, a structure is created. To this structure, a string written by a configuration developer is added.
- The client function passes this structure to the server function of the form.
- The server function of the form calls the server function of the common module.
- In the server function, the code from the string inserted in the structure is executed.
In this case, the code that is interactively entered by a user is not executed. However, there is the following vulnerability:
- A malicious user creates a structure, to which a string with a malicious code is inserted.
- The malicious user calls the client function of the form and executes the malicious code on the server.
It is more dangerous when methods, in which Execute or Eval are used to execute the code got from parameters, are placed in modules with the enabled ServerCall flag.
In service mode, data separation is to be considered upon enabling safe mode. Change the example above as follows:
For each SeparatorName in ConfigurationSeparators() Do
If the Standard Subsystems Library is used in the configuration, use the following:
- Common.ExecuteInSafeMode() instead of Execute;
- Common.CalculateInSafeMode() instead of Eval;
- Common.ExecuteConfigurationMethod() instead of generating a string calling the module method and passing it to Execute;
- Common.ExecuteObjectMethod() instead of generating a string calling the object method and passing it to Execute.
If the Standard Subsystems Libraryversion is earlier than 2.4.1, use the following:
- SafeModeManager.ExecuteInSafeMode() instead of Execute;
- SafeModeManager.CalculateInSafeMode() instead of Eval;
- SafeModeManager.ExecuteConfigurationMethod() instead of generating a string calling the module method and passing it to Execute;
- SafeModeManager.ExecuteObjectMethod() instead of generating a string calling the object method and passing it to Execute.
3. If an arbitrary code cannot be successfully executed in safe mode (for example, it accesses files), it is to be preliminarily checked. Place such code in a catalog that is available only to a user responsible for security, for example, the administrator. It is recommended that you use the following scenario when dealing with an external code:
- Place the external code to an external data processor or report. As a last resort, you can pass it as a text snippet.
- Pass the external code to the administrator with a comment that it is to be executed in unsafe mode.
- The administrator or another duly qualified employee needs to check the received code.
- If the code is safe and reliable, the administrator places it in a dedicated catalog, where write access rights are granted only to the administrator.
- Instead of using the Execute or Eval methods, do one of the following:
- Attach a reliable data processor from the catalog and call an export method you need.
- Call a code snippet using a dedicated procedure or function that centrally executes an external code in the configuration.
If the Standard Subsystems Library is used in the configuration, for this purpose, use the Additional reports and data processors subsystem.
4. If the configuration is supposed to be used in SaaS mode and data transfer from the service to the local application version is available in the configuration, you need to disable all user code snippets or query texts that were entered in the local version.
If Standard Subsystems Library is used in the configuration, you can pre-process data being imported from the local version to the service. See documentation to the SaaS subsystem).