Sandboxing – Secure Code Execution – C#

C# Sandbox

C# sandbox is a restricted environment where code runs with limited permissions, resources, and privileges. The main purpose of using a sandbox is to isolate potentially untrusted or unsafe code, limiting the potential damage it can cause in case of a security vulnerability or malicious behavior.

A sandbox environment helps mitigate security risks and ensure safe code execution:

• Sandboxing allows separating potentially untrusted code from the rest of the application, ensuring that vulnerabilities in the sandboxed code do not compromise the entire application.
• Sandboxing allows you to set limited permissions on running code, preventing malicious code from performing actions.
• Sandboxing can be used for resource restriction to prevent the code from consuming excessive system or other resources, negatively affecting the application’s overall performance.
• Developers can monitor and control the code activities in the C# sandbox and terminate it if any suspicious or malicious behavior is detected.
• Sandbox environment helps C# developers reduce security risks associated with third-party libraries, plug-ins, or other untrusted code sources.

Sandbox Environment

Code Security – Blocks Script Execution

In a sandbox, you can ensure code security by isolating potentially untrusted elements from the rest of your application, protecting the entire application from vulnerabilities. A sandboxing flag set is a set of zero or more of the flags, which are used to restrict the abilities of potentially untrusted resources. The sandbox attribute allows you to set a number of restrictions on the content loaded in the frame, for example, block forms and scripts. This improves the code security of the current document, especially when a document is loaded from an unverified source.

The following C# example shows how to mark scripts as an untrusted resource and disable them for HTML to PDF conversion:

1. Initialize an instance of the Configuration class.
2. Set the sandbox flag of the configuration instance to include the Sandbox.Scripts value. This marks scripts as untrusted resources within the sandbox environment. This step is crucial as scripts pose a potential risk in executing malicious code.
3. Create an instance of the HTMLDocument class using HTMLDocument(address, configuration) constructor that takes the HTML file path and the configuration instance.
4. Call the ConvertHTML(document, options, outputPath) method to Convert HTML to PDF.

 1// Create an instance of the Configuration class
 2using (var configuration = new Configuration())
 3{
 4    // Mark "scripts" as an untrusted resource
 5    configuration.Security |= Sandbox.Scripts;
 6
 7    // Initialize an HTML document with specified configuration
 8    using (var document = new HTMLDocument(Path.Combine(DataDir, "document-with-scripts.html"), configuration))
 9    {
10        // Convert HTML to PDF
11        Converter.ConvertHTML(document, new PdfSaveOptions(), Path.Combine(OutputDir, "document-sandbox.pdf"));
12    }
13}            

By setting a security flag to enable Sandbox.Scripts, the Aspose.HTML for .NET library ensures that scripts in an HTML document are not executed, helping to improve security and mitigate the potential risks associated with untrusted scripts.

How to Disable Image Loading

Consider an example where a sandbox is used to disable the loading of images when executing HTML code:

1. Prepare HTML code and save it to a file. The HTML code contains a <span> element with an inline style that sets a background image from the URL.
2. Sandbox Setup. Create a new instance of the Configuration class and set the Security property of the configuration instance with the Sandbox.Images flag. This indicates that the Images resource should be considered untrusted in the sandbox environment. By marking images as untrusted resources, access to potentially malicious image sources is restricted.
3. Initialize the HTML document with the specified configuration.
4. Call the ConvertHTML(document, options, outputPath) method to convert the HTML document to a PDF file.

 1// Prepare HTML code and save it to a file
 2var code = "<span style=\"background-image:url('https://httpbin.org/image/jpeg')\">Hello, World!!</span> " +
 3           "<script>document.write('Have a nice day!');</script>";
 4
 5File.WriteAllText(Path.Combine(OutputDir, "sandboxing.html"), code);
 6
 7// Create an instance of Configuration
 8using (var configuration = new Configuration())
 9{
10    // Mark 'Images' as an untrusted resource
11    configuration.Security |= Sandbox.Images;
12
13    // Initialize an HTML document with specified configuration
14    using (var document = new HTMLDocument(Path.Combine(OutputDir, "sandboxing.html"), configuration))
15    {
16        // Convert HTML to PDF
17        Converter.ConvertHTML(document, new PdfSaveOptions(), Path.Combine(OutputDir, "sandboxing-out.pdf"));
18    }
19}

The above C# example demonstrates the process of sandboxing HTML code, marking specific resources – in this case, images – as untrusted within the sandbox environment and then converting HTML to a PDF format with disabled image loading.

Sandboxing Flags

In the world of software development, security is a prime concern. Sandboxing involves creating a secure environment where untrusted code can run without compromising the system’s integrity. C# sandbox helps developers reduce code security risks by protecting applications from potential vulnerabilities. Aspose.HTML C# library offers several sandboxing flags, each presenting different cases of isolation and security. Here are some sandbox flags: