Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Questions about framework security, restrictions

Hello Community,

One of our customers would like to assess the security, possible limitations and hardening of the framework running the Atlassian plugin, the questions are related to this. The questions don’t relate to a specific add-on, rather we need a general answer where it is possible. If this might be different for each Atlassian product, please focus on Bitbucket now.

The questions:

  1. How does the plugin run? Does a plugin run as a standalone process with its own memory space and permissions, or on a separate thread assigned to the application process? Is there only one way to run a plugin or there are more possible opportunity (e.g. Java running in a container, native application running)?

  2. Does/can a plugin have network communication capabilities? (Either in the application layer (such as http), or in the network layer (such as TCP or UDP).)

  3. If so, can any restrictions be configured (e.g. What IP addresses or URL can the plugin access? Can a plugin start a listener?) in the plugin or in the plugin configuration or in the environment what is running the plugin. If so, where?

  4. Can a plugin handle files through OS-level file handling functions? If so, can it be restricted?

  5. Is it possible to restrict to what files, objects, data is accessible by the plugin (through API, interprocess communication, etc) Where are the settings for this restrictions and how/where are they enforced? (enforced by the plugin framework, by the OS, the plugin restricts itself, etc)

  6. Does the plugin have the capability to execute any application, script or other code?

  7. What user name and rights does the plugin run on? Can I have a dedicated user with limited privileges?

  8. Can the integrity of the plugin be verified? Can this check be enforced automatically, e.g. with an assigned hash value?

  9. Is there a shareable technology description about the structure and operation of the plugin framework? I’m not thinking about the description of the SDK, how to develop a plugin, but how the environment will run the plugin? How do it provide the interfaces, etc.

Thanks in advance for looking into this!

0 answers

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket Pipelines

Bitbucket Pipelines Runners is now in open beta

We are excited to announce the open beta program for self-hosted runners. Bitbucket Pipelines Runners is available to everyone. Please try it and let us know your feedback. If you have any issue...

912 views 18 11
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you