Merge pull request #3 from topheman/feat/permissions

Add permission system for WebAssembly plugin sandboxing

Author: topheman

README.md

@@ -25,7 +25,16 @@ Those hosts then run the same codebase which is compiled to WebAssembly:
 - the REPL logic
 - the plugins
 
-The plugins like `ls` or `cat` can interact with the filesystem using the primitives of the languages they are written in.
+Security model: the REPL cli implements a security model inspired by [deno](https://docs.deno.com/runtime/fundamentals/security/#permissions):
+
+- `--allow-net`: allows network access to the plugins, you can specify a list of domains comma separated (by default, no network access is allowed)
+- `--allow-read`: allows read access to the filesystem
+- `--allow-write`: allows write access to the filesystem
+- `--allow-all`: allows all permissions (same as all the flags above), short: `-A`
+
+Plugins are sandboxed by default - they cannot access the filesystem or network unless explicitly permitted. This allows safe execution of untrusted plugins while maintaining the flexibility to grant specific permissions when needed.
+
+Plugins like `ls` or `cat` can interact with the filesystem using the primitives of the languages they are written in.
 
 - on the CLI, a folder from the disk is mounted via the `--dir` flag
 - on the browser, a virtual filesystem is mounted, the I/O operations are forwarded via the `@bytecodealliance/preview2-shim/filesystem` shim, which shims the `wasi:filesystem` filesystem interface
@@ -35,6 +44,13 @@ The plugins like `ls` or `cat` can interact with the filesystem using the primit
   Check the online demo at<br/><a href="https://topheman.github.io/webassembly-component-model-experiments/">topheman.github.io/webassembly-component-model-experiments</a>
 </p>
 
+<p align="center">
+  Example of running the CLI <code>pluginlab</code>
+  <a href="https://asciinema.org/a/DWYAgrjSpwlejvRJQY8AHCEfD?speed=1.5" title="Click to watch the demo">
+    <img src="./crates/pluginlab/demo-preview.png" alt="pluginlab demo" />
+  </a>
+</p>
+
 ## Previous work with WebAssembly
 
 In the last seven years I've done a few projects involving rust and WebAssembly:
@@ -65,12 +81,17 @@ pluginlab\
   --plugins https://topheman.github.io/webassembly-component-model-experiments/plugins/plugin_ls.wasm\
   --plugins https://topheman.github.io/webassembly-component-model-experiments/plugins/plugin_echo.wasm\
   --plugins https://topheman.github.io/webassembly-component-model-experiments/plugins/plugin_weather.wasm\
-  --plugins https://topheman.github.io/webassembly-component-model-experiments/plugins/plugin_cat.wasm
+  --plugins https://topheman.github.io/webassembly-component-model-experiments/plugins/plugin_cat.wasm\
+  --allow-all
 ```
 
 Other flags:
 
 - `--dir`: directory to be preopened (by default, the current directory)
+- `--allow-net`: allows network access to the plugins, you can specify a list of domains comma separated (by default, no network access is allowed)
+- `--allow-read`: allows read access to the filesystem
+- `--allow-write`: allows write access to the filesystem
+- `--allow-all`: allows all permissions (same as all the flags above), short: `-A`
 - `--help`: displays manual
 - `--debug`: run the host in debug mode (by default, the host runs in release mode)
 
@@ -83,7 +104,8 @@ pluginlab\
   --plugins https://topheman.github.io/webassembly-component-model-experiments/plugins/plugin_ls.wasm\
   --plugins https://topheman.github.io/webassembly-component-model-experiments/plugins/plugin_echo.wasm\
   --plugins https://topheman.github.io/webassembly-component-model-experiments/plugins/plugin_weather.wasm\
-  --plugins https://topheman.github.io/webassembly-component-model-experiments/plugins/plugin_cat.wasm
+  --plugins https://topheman.github.io/webassembly-component-model-experiments/plugins/plugin_cat.wasm\
+  --allow-all
 [Host] Starting REPL host...
 [Host] Loading REPL logic from: https://topheman.github.io/webassembly-component-model-experiments/plugins/repl_logic_guest.wasm
 [Host] Loading plugin: https://topheman.github.io/webassembly-component-model-experiments/plugins/plugin_greet.wasm
@@ -167,7 +189,8 @@ This will (see [justfile](./justfile)):
   --plugins ./target/wasm32-wasip1/debug/plugin_ls.wasm\
   --plugins ./target/wasm32-wasip1/debug/plugin_echo.wasm\
   --plugins ./target/wasm32-wasip1/debug/plugin_weather.wasm\
-  --plugins ./target/wasm32-wasip1/debug/plugin_cat.wasm
+  --plugins ./target/wasm32-wasip1/debug/plugin_cat.wasm\
+  --allow-all
 ```
 
 This will run the `pluginlab` binary which will itself:
@@ -187,7 +210,8 @@ Other example:
   --repl-logic ./target/wasm32-wasip1/debug/repl_logic_guest.wasm\
   --plugins ./target/wasm32-wasip1/debug/plugin_ls.wasm\
   --plugins ./target/wasm32-wasip1/debug/plugin_echo.wasm\
-  --dir /tmp
+  --dir /tmp\
+  --allow-all
 ```
 
 #### Test

crates/pluginlab/README.md

@@ -20,13 +20,29 @@ Those hosts then run the same codebase which is compiled to WebAssembly:
 - the REPL logic
 - the plugins
 
-The plugins like `ls` or `cat` can interact with the filesystem using the primitives of the languages they are written in.
+Security model: the REPL cli implements a security model inspired by [deno](https://docs.deno.com/runtime/fundamentals/security/#permissions):
+
+- `--allow-net`: allows network access to the plugins, you can specify a list of domains comma separated (by default, no network access is allowed)
+- `--allow-read`: allows read access to the filesystem
+- `--allow-write`: allows write access to the filesystem
+- `--allow-all`: allows all permissions (same as all the flags above), short: `-A`
+
+Plugins are sandboxed by default - they cannot access the filesystem or network unless explicitly permitted. This allows safe execution of untrusted plugins while maintaining the flexibility to grant specific permissions when needed.
+
+Plugins like `ls` or `cat` can interact with the filesystem using the primitives of the languages they are written in.
 
 - on the CLI, a folder from the disk is mounted via the `--dir` flag
 - on the browser, a virtual filesystem is mounted, the I/O operations are forwarded via the `@bytecodealliance/preview2-shim/filesystem` shim, which shims the `wasi:filesystem` filesystem interface
 
 More details on the github repo: [topheman/webassembly-component-model-experiments](https://github.com/topheman/webassembly-component-model-experiments).
 
+<p align="center">
+  Example of running the CLI <code>pluginlab</code>
+  <a href="https://asciinema.org/a/DWYAgrjSpwlejvRJQY8AHCEfD?speed=1.5" title="Click to watch the demo">
+    <img src="./demo-preview.png" alt="pluginlab demo" />
+  </a>
+</p>
+
 ## Install
 
 ```bash
@@ -44,12 +60,17 @@ pluginlab\
   --plugins https://topheman.github.io/webassembly-component-model-experiments/plugins/plugin_ls.wasm\
   --plugins https://topheman.github.io/webassembly-component-model-experiments/plugins/plugin_echo.wasm\
   --plugins https://topheman.github.io/webassembly-component-model-experiments/plugins/plugin_weather.wasm\
-  --plugins https://topheman.github.io/webassembly-component-model-experiments/plugins/plugin_cat.wasm
+  --plugins https://topheman.github.io/webassembly-component-model-experiments/plugins/plugin_cat.wasm\
+  --allow-all
 ```
 
 Other flags:
 
 - `--dir`: directory to be preopened (by default, the current directory)
+- `--allow-net`: allows network access to the plugins, you can specify a list of domains comma separated (by default, no network access is allowed)
+- `--allow-read`: allows read access to the filesystem
+- `--allow-write`: allows write access to the filesystem
+- `--allow-all`: allows all permissions (same as all the flags above), short: `-A`
 - `--help`: displays manual
 - `--debug`: run the host in debug mode (by default, the host runs in release mode)
 
@@ -63,7 +84,8 @@ pluginlab\
   --plugins https://topheman.github.io/webassembly-component-model-experiments/plugins/plugin_ls.wasm\
   --plugins https://topheman.github.io/webassembly-component-model-experiments/plugins/plugin_echo.wasm\
   --plugins https://topheman.github.io/webassembly-component-model-experiments/plugins/plugin_weather.wasm\
-  --plugins https://topheman.github.io/webassembly-component-model-experiments/plugins/plugin_cat.wasm
+  --plugins https://topheman.github.io/webassembly-component-model-experiments/plugins/plugin_cat.wasm\
+  --allow-all
 [Host] Starting REPL host...
 [Host] Loading REPL logic from: https://topheman.github.io/webassembly-component-model-experiments/plugins/repl_logic_guest.wasm
 [Host] Loading plugin: https://topheman.github.io/webassembly-component-model-experiments/plugins/plugin_greet.wasm

crates/pluginlab/demo-preview-opt.png

@@ -0,0 +1,48 @@
+use clap::Parser;
+use std::path::PathBuf;
+
+#[derive(Parser, Debug)]
+#[command(author, version, about, long_about = None)]
+pub struct Cli {
+    /// Paths or URLs to WebAssembly plugin files
+    #[arg(long)]
+    pub plugins: Vec<String>,
+
+    /// Path or URL to WebAssembly REPL logic file
+    #[arg(long)]
+    pub repl_logic: String,
+
+    #[arg(long, default_value_t = false)]
+    pub debug: bool,
+
+    /// Path to the directory to mount (the runtime will only have access to this directory) - default is the current directory
+    #[arg(long, default_value = ".")]
+    pub dir: PathBuf,
+
+    /// Allow network access
+    #[arg(long, num_args = 0..=1, default_missing_value = "@")]
+    // How it works:
+    // no flag -> None
+    // --allow-net -> Some("@") - because "@" is not a valid value for a domain nor an IP address
+    // --allow-net google.com,example.com -> Some("google.com,example.com")
+    pub allow_net: Option<String>,
+
+    /// Allow file system read access
+    #[arg(long, default_value_t = false)]
+    pub allow_read: bool,
+
+    /// Allow file system write access
+    #[arg(long, default_value_t = false)]
+    pub allow_write: bool,
+
+    /// Allow all permissions
+    #[arg(
+        short = 'A',
+        long,
+        default_value_t = false,
+        conflicts_with = "allow_net",
+        conflicts_with = "allow_read",
+        conflicts_with = "allow_write"
+    )]
+    pub allow_all: bool,
+}

crates/pluginlab/demo-preview.png

@@ -1,6 +1,8 @@
+use crate::cli::Cli;
+use crate::permissions::NetworkPermissions;
 use anyhow::Result;
 use std::collections::HashMap;
-use std::path::{Path, PathBuf};
+use std::path::Path;
 use wasmtime::component::{Component, Linker as ComponentLinker, ResourceTable};
 use wasmtime::{Config, Engine, Store};
 use wasmtime_wasi::p2::{WasiCtx, WasiCtxBuilder};
@@ -78,29 +80,52 @@ impl WasmEngine {
         Ok(component)
     }
 
-    pub fn build_wasi_ctx(path: &PathBuf) -> Result<WasiCtx> {
-        let wasi_ctx = WasiCtxBuilder::new()
-            .inherit_stdio()
-            .inherit_args()
-            .inherit_env()
-            .preopened_dir(
-                path,
-                ".",
+    pub fn build_wasi_ctx(cli: &Cli) -> Result<WasiCtx> {
+        let host_path = cli.dir.clone();
+        let guest_path = ".";
+
+        let (dir_perms, file_perms) = if cli.allow_all || cli.allow_read && cli.allow_write {
+            (
+                wasmtime_wasi::DirPerms::all(),
+                wasmtime_wasi::FilePerms::all(),
+            )
+        } else if cli.allow_read {
+            (
                 wasmtime_wasi::DirPerms::READ,
                 wasmtime_wasi::FilePerms::READ,
-            )?
-            .build();
+            )
+        } else if cli.allow_write {
+            (
+                wasmtime_wasi::DirPerms::MUTATE,
+                wasmtime_wasi::FilePerms::WRITE,
+            )
+        } else {
+            (
+                wasmtime_wasi::DirPerms::empty(),
+                wasmtime_wasi::FilePerms::empty(),
+            )
+        };
+
+        let mut wasi_builder = WasiCtxBuilder::new();
+        // .inherit_stdio()
+        // .inherit_args()
+        // .inherit_env()
+        wasi_builder.preopened_dir(host_path, guest_path, dir_perms, file_perms)?;
+
+        let wasi_ctx = wasi_builder.build();
         Ok(wasi_ctx)
     }
 
     /// Create a new store with WASI context
-    pub fn create_store(&self, wasi_ctx: WasiCtx) -> Store<WasiState> {
+    pub fn create_store(&self, wasi_ctx: WasiCtx, cli: &Cli) -> Store<WasiState> {
         Store::new(
             &self.engine,
             WasiState {
                 ctx: wasi_ctx,
                 table: ResourceTable::new(),
-                plugin_host: PluginHost {},
+                plugin_host: PluginHost {
+                    network_permissions: NetworkPermissions::from(cli),
+                },
                 repl_vars: HashMap::new(),
                 plugins_names: Vec::new(),
             },

crates/pluginlab/demo.gif

@@ -19,3 +19,81 @@ impl StdoutHandler {
         repl_vars.insert("0".to_string(), result);
     }
 }
+
+pub fn extract_hostname(url: &str) -> String {
+    let url = url.trim();
+    let url = url.trim_start_matches("http://");
+    let url = url.trim_start_matches("https://");
+
+    // Find the first occurrence of '/', '?', or '#' to get just the hostname
+    let hostname = if let Some(pos) = url.find(|c| c == '/' || c == '?' || c == '#') {
+        &url[..pos]
+    } else {
+        url
+    };
+
+    // Remove trailing slash if present
+    let hostname = hostname.trim_end_matches('/');
+
+    hostname.to_string()
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_extract_hostname() {
+        assert_eq!(extract_hostname("https://google.com"), "google.com");
+        assert_eq!(extract_hostname("https://google.com/"), "google.com");
+        assert_eq!(extract_hostname("https://google.com/test"), "google.com");
+        assert_eq!(extract_hostname("https://google.com/test/"), "google.com");
+        assert_eq!(
+            extract_hostname("https://google.com/test/test"),
+            "google.com"
+        );
+        assert_eq!(
+            extract_hostname("https://google.com/test/test/"),
+            "google.com"
+        );
+        assert_eq!(
+            extract_hostname("https://google.com/test/test/test"),
+            "google.com"
+        );
+        assert_eq!(
+            extract_hostname("https://google.com/test/test/test/"),
+            "google.com"
+        );
+        assert_eq!(
+            extract_hostname("https://google.com/test/test/test/test"),
+            "google.com"
+        );
+        assert_eq!(
+            extract_hostname("https://google.com?test=test"),
+            "google.com"
+        );
+        assert_eq!(extract_hostname("https://google.com#test"), "google.com");
+        assert_eq!(extract_hostname("https://192.168.1.10"), "192.168.1.10");
+        assert_eq!(extract_hostname("https://192.168.1.10/"), "192.168.1.10");
+        assert_eq!(
+            extract_hostname("https://192.168.1.10/test"),
+            "192.168.1.10"
+        );
+        assert_eq!(
+            extract_hostname("https://192.168.1.10/test/"),
+            "192.168.1.10"
+        );
+        assert_eq!(
+            extract_hostname("https://192.168.1.10/test/"),
+            "192.168.1.10"
+        );
+        assert_eq!(
+            extract_hostname("https://192.168.1.10?test=test"),
+            "192.168.1.10"
+        );
+        assert_eq!(
+            extract_hostname("https://192.168.1.10#test"),
+            "192.168.1.10"
+        );
+    }
+}

crates/pluginlab/src/cli.rs

@@ -1,6 +1,8 @@
 pub mod api;
+pub mod cli;
 mod engine;
 pub mod helpers;
+pub mod permissions;
 mod store;
 mod wasm_host;