e5734208e9
Hardened tb-js-executor sandbox script invocation (JVN#16937365)
The args array passed into the sandbox carried the host realm prototype
chain, so a script could reach the host Function constructor via
args.constructor.constructor and execute arbitrary code in the host
process (read files, run shell commands, dump env vars).
Construct args inside the sandbox context using vm.runInContext('[]'),
then populate with string primitives. The resulting array's prototype
chain belongs to the sandbox realm, so constructor traversal cannot
escape. Strings are primitives and safe to cross the realm boundary.
Affects use_sandbox=true path only. The use_sandbox=false path
(invokeFunction) is intentionally left as-is and explicitly marked as
dangerous-by-design — it compiles and runs user-supplied scripts in
the host realm via vm.compileFunction (parsingContext only isolates
parsing, not execution). It remains as a documented performance
trade-off for trusted, non-public clusters; a startup WARN is logged
when script.use_sandbox=false, and an operator-facing yaml comment
sits next to the setting in config/default.yml.
Reported by Hiroki Imai, LAC Co., Ltd.
3 weeks ago
5b5b4dff6b
Update license header
5 months ago
5cf26d4851
Update license header
1 year ago
0a969f22b3
Clear JS executor proto models
1 year ago
d35bdcc981
Clear JS executor dependencies and code
1 year ago
f9d2549c2c
js-executor: added request body on debug level
2 years ago
5c6b4122d3
Add SSL support for Kafka queue connection in JS executor
2 years ago
751abe159a
js executor log memory usage as a single line
2 years ago
09fc025e12
Initial commit from another fork
2 years ago
c5a72ed8df
Update license header to 2024 year.
2 years ago
29c3eddc8a
Merge with branch 'develop/3.5' of github.com:thingsboard/thingsboard
3 years ago
cbdc4517e4
Update license header year to 2023
3 years ago
25f8ff2aef
Handle undefined script execution result.
4 years ago
e32bd456b7
added memory usage log to the js-executors
4 years ago
2d262146ad
Remote JS executor to work with tb-node of previous version
4 years ago
831332be7b
Use hash of tenant id and body when resolving script for remote JS executor
4 years ago
7aab188d0c
Do not send script body to remote JS executor on each invoke request
4 years ago
8d735f4886
Add script invocation result size check to remote JS executor
4 years ago
b4592f5f92
Fix incorrect start JavaScript Executor AWS SQS queue
4 years ago
bbc43c2572
Graceful shutdown JavaScript Executor Microservice and minor change in logs
4 years ago
ed6e636918
Refactor JS-Executor microservice to typescript
4 years ago
4968d0101c
je-executors: expireTs implemented to drop any expired message and prevent congestion on js eval requests queue
4 years ago
352abb3f60
JS-executor: Fixed incorrect parse error code for message
4 years ago
8f4746c64d
JS-executor: Added logs compilation time; Cache script map delete min used script
4 years ago
da4c742872
Update license year to 2022
4 years ago
cda6f3678b
js-executor: fixed license header
5 years ago
98bea8eaf5
js-executor: http livenessProbe added
5 years ago
ff7fa6237f
js-executor: zero check and code cleanup
5 years ago
ab5f1b5b63
js-executor: ScriptMap optimize work
5 years ago
41391dbef8
js-executor: code format
5 years ago
a4e28ad945
js-executor fixed promises for each message for Kafka batches
5 years ago
93bea70205
js-executor: added parameters for producer TB_KAFKA_BATCH_SIZE and TB_KAFKA_LINGER_MS; added print stats frequency SCRIPT_STAT_PRINT_FREQUENCY
5 years ago
35e2ff99c3
js-executor: send messages as batch
5 years ago
0c88665654
js-executor: scriptMap refactored from Object to the Map()
5 years ago
c94dc5972e
remote js-executor: parameter added TB_KAFKA_ACKS="1"
5 years ago
a569058c29
remote js-executor: added metric response sent to queue ms in debug level; parameter added SLOW_QUERY_LOG_BODY="true" to enable log bloat
5 years ago
d25d13d7c0
remote js-executor: added slow query log, log config on service start
5 years ago
d31358b2ea
Update license header - set 2021 year
5 years ago
30a2d19d2d
Fixes to Kafka JS headers issue
6 years ago
7a47cd503b
Revert "Develop/2.5 js executor ( #2685 )"
This reverts commit 1599b24c3a
6 years ago
1599b24c3a
Develop/2.5 js executor ( #2685 )
* moved kafka from service.js to own module
* created awsSqs, pubSub, rabbitmq js-executors
* revert RemoteJsInvokeService
* revert thingsboard.yml
* added queue settings to js-executor
* refactored queue factories
* added queue params to pubsub js-executor
* azure service bus js-executor
6 years ago
43b2eedbd5
azure service bus js-executor
6 years ago
0dc31fbdde
created awsSqs, pubSub, rabbitmq js-executors
6 years ago
38ebbe2576
Revert "Merge with master. AlarmRepository.findAlarms is failing ( #2663 )"
This reverts commit 2c02406ee5
6 years ago
2c02406ee5
Merge with master. AlarmRepository.findAlarms is failing ( #2663 )
* Merge with master. AlarmRepository.findAlarms is failing
* Fix Alarm repository. Add queue type list select.
Co-authored-by: Igor Kulikov <ikulikov@thingsboard.io>
6 years ago
4fb309c37e
moved kafka from service.js to own module
6 years ago
1dd3334825
moved jsinvoke.proto to queue, fixed js-executor, added createRemoteJsRequestTemplate to RuleEngine and Core factories
6 years ago
3e2a87135f
Prepare for merge with master
6 years ago
850d6d948c
Update License header year to 2020
6 years ago
1265a9a1e3
Revert "Update License header year to 2020"
This reverts commit 9b42397c4a
6 years ago
Sergey Matvienko
Viacheslav Klimov
Igor Kulikov
Vladyslav_Prykhodko
Ivan Raznatovskyi
Seraphym-Tuhai
YevhenBondarenko
Andrii Shvaika
Yevhen Bondarenko