Security

Security and isolation features.

JavaScript Isolation

• Each reaction runs in separate V8 context
• Memory isolation prevents code interference
• Helper functions provide controlled system access
• No direct system call access

Network Policy Integration

• Network blocking requires netpolicy feature enabled
• Automatic validation of network helper usage
• Graceful degradation when netpolicy unavailable

File System Security

• Temporary directories created with 0700 permissions
• Restricted to safe temporary locations
• Automatic cleanup after execution

Error Handling

• Comprehensive error codes for all operations
• Detailed error messages for debugging
• Graceful failure modes

Security Considerations

Input Validation

Always validate data before using:

function process(data) {
    if (!data || !data.process) {
        Error("Invalid event data");
        return;
    }

    let cmd = data.process.cmd || "unknown";
    if (cmd.length > 1000) {
        cmd = cmd.substring(0, 1000) + "... (truncated)";
    }

    Info("Process: " + cmd);
}

File Path Security

Be careful with file operations:

function process(data) {
    let filePath = data.file ? data.file.file : "";

    if (filePath.startsWith("/etc/") || filePath.startsWith("/sys/")) {
        Error("Sensitive location: " + filePath);
        return;
    }

    let tmpDir = CreateTempDir("evidence-*");
    if (tmpDir !== "") {
        WriteFile(tmpDir + "/evidence.json", JSON.stringify(data));
    }
}

Network Security

Network operations should be judicious:

function process(data) {
    if (data.background && data.background.flows) {
        let remoteIps = [];
        // ... extract IPs ...

        for (let ip of remoteIps) {
            if (!ip.startsWith("10.") &&
                !ip.startsWith("192.168.") &&
                !ip.startsWith("172.16.")) {
                NetBlockIp(ip);
            }
        }
    }
}