Add security.md (#3)

* Add security.md * Add dynamic library issue * Add more cells to SimpleUDT
nervosnetwork · Oct 13, 2023 · b72c918 · b72c918
1 parent 7ad933b
commit b72c918
Show file tree

Hide file tree

Showing 5 changed files with 104 additions and 2 deletions.
diff --git a/docs/intro.md b/docs/intro.md
@@ -89,3 +89,12 @@ args: <ckb-js-vm args, 2 bytes> <code_hash to JavaScript code cell, 32 bytes> <h
 
 The tailing bytes are JavaScript code arguments which can be used by JavaScript.
 Note: 2 bytes ckb-js-vm args are reserved for further use. 
+
+## Performance
+The JavaScript code implementation for a ["hello,
+world"](../tests/examples/hello.js) costs an approximate expense of 2.9 M
+cycles. The utilization of a
+[SimpleUDT](../tests/ckb_js_tests/test_data/simple_udt.js) consumes around 5.1 M
+cycles(3.4 M for bytecode), while the
+[ckb-lua-vm](https://github.com/nervosnetwork/ckb-lua-vm) takes a cost of
+roughly 2.0 M(1.3 M for bytecode) cycles.
diff --git a/docs/security.md b/docs/security.md
@@ -0,0 +1,62 @@
+
+
+### Modification on original QuickJS
+To facilitate effective auditing, here we list the changes upon original
+QuickJS. The original version of QuickJS is from:
+https://bellard.org/quickjs/quickjs-2021-03-27.tar.xz
+
+With following modifications in `quickjs` folder:
+1. The qjs.c is rewrote because it becomes a script on CKB
+2. The following files are copied from original QuickJS with very small modifications:
+    - cutils.c
+    - cutils.h
+    - libbf.c
+    - libbf.h
+    - libregexp-opcode.h
+    - libregexp.c
+    - libregexp.h
+    - libunicode-table.h
+    - libunicode.c
+    - libunicode.h
+    - list.h
+    - quickjs-atom.h
+    - quickjs-opcode.h
+    - quickjs.h
+    - quickhs.c
+
+    The major modifications:
+    1. header file including
+    2. A lot of binding functions are removed
+    3. Macros for other platforms
+    4. Replace `alloca` function
+
+3. The following files are removed from original QuickJS:
+    - quickjs-libc.c
+    - quickjs-libc.h
+
+4. The following files are added:
+    - ckb_module.c
+    - ckb_module.h
+    - mocked.c
+    - mocked.h
+    - std_module.c
+    - std_module.h
+
+
+### Dynamic Library Issue
+It is possible to load RISC-V binaries as dynamic libraries on ckb-vm. However,
+using ckb-js-vm as a dynamic library is not recommended due to security issues.
+
+If ckb-js-vm is used as a dynamic library, a host script can load it and execute
+JavaScript code. However, this setup can potentially be exploited by malicious
+JavaScript code, leading to memory overflow issues in QuickJS. It is important
+to note that in this scenario, the host script and the dynamic library share the
+same memory space, which means that the host script may be compromised,
+resulting in unexpected behavior or skipped checks.
+
+To mitigate this security risk, it is strongly advised to use ckb-js-vm with the
+`spawn` or `exec` methods. This allows ckb-js-vm to run in a separate ckb-vm
+instance, preventing malicious JavaScript code from accessing or modifying
+anything in the host script.
+
+
diff --git a/tests/ckb_js_tests/templates/simple_udt.json b/tests/ckb_js_tests/templates/simple_udt.json
@@ -48,6 +48,32 @@
   },
   "tx": {
     "outputs": [
+      {
+        "capacity": "0x0",
+        "lock": {
+          "args": "0x",
+          "code_hash": "0x0000000000000000000000000000000000000000000000000000000000000000",
+          "hash_type": "type"
+        },
+        "type": {
+          "args": "0x0000{{ ref_type js-code-file }}01",
+          "code_hash": "0x{{ ref_type ckb-js-vm }}",
+          "hash_type": "type"
+        }
+      },
+      {
+        "capacity": "0x0",
+        "lock": {
+          "args": "0x",
+          "code_hash": "0x0000000000000000000000000000000000000000000000000000000000000000",
+          "hash_type": "type"
+        },
+        "type": {
+          "args": "0x0000{{ ref_type js-code-file }}01",
+          "code_hash": "0x{{ ref_type ckb-js-vm }}",
+          "hash_type": "type"
+        }
+      },
       {
         "capacity": "0x0",
         "lock": {
@@ -66,7 +92,9 @@
       "0x0001020304050607"
     ],
     "outputs_data": [
-      "0x11000000000000000000000000000000"
+      "0x10000000000000000000000000000000",
+      "0x01000000000000000000000000000000",
+      "0x00000000000000000000000000000000"
     ]
   }
 }
diff --git a/tests/examples/Makefile b/tests/examples/Makefile
@@ -20,7 +20,8 @@ define compile-run
 endef
 
 all:
+	$(call run,hello.js)
 	$(call run,fib.js)
 	$(call debug,pi_bigint.js)
 	$(call compile-run,fib.js)
-	$(call compile-run,pi_bigint.js)
+	$(call compile-run,pi_bigint.js)
diff --git a/tests/examples/hello.js b/tests/examples/hello.js
@@ -0,0 +1,2 @@
+
+console.log("hello, world");