Hello all,
I have a project where I need to take 3rd party XQuery expressions and evaluate them in the context of a single xml document. The expressions are untrusted and I want to limit them to read-only and only allow them to access a single xml document being passed in as an external variable.
I read in the XQuery Module docs (http://docs.basex.org/wiki/XQuery_Module) that with the evaluate() command the evaluated query is prevented from opening new database.
I believe I could run the evaluate() call from a session connected as a read only user to prevent any update commands. Also, since I only want the evaluated expressions to be able to access a document declared as external I could, I believe, evaluate() from a session connected to an empty database as well.
However, would the evaluated expressions still be able to execute functions from other BaseX modules like, for example, proc:system()?
I know that in general using eval on untrusted code is a huge risk. Is there anyway to create a secure 'sandbox' for evaluating untrusted XQuery expressions?
Any advice would be greatly appreciated.
Thanks, -Jesse