Questions about framework security, restrictions


One of our customers would like to assess the security, possible limitations and hardening of the framework running the Atlassian plugin, the questions are related to this. The questions don’t relate to a specific add-on, rather we need a general answer where it is possible. If this might be different for each Atlassian product, please focus on Bitbucket now.

The questions:

  1. How does the plugin run? Does a plugin run as a standalone process with its own memory space and permissions, or on a separate thread assigned to the application process? Is there only one way to run a plugin or there are more possible opportunity (e.g. Java running in a container, native application running)?

  2. Does/can a plugin have network communication capabilities? (Either in the application layer (such as http), or in the network layer (such as TCP or UDP).)

  3. If so, can any restrictions be configured (e.g. What IP addresses or URL can the plugin access? Can a plugin start a listener?) in the plugin or in the plugin configuration or in the environment what is running the plugin. If so, where?

  4. Can a plugin handle files through OS-level file handling functions? If so, can it be restricted?

  5. Is it possible to restrict to what files, objects, data is accessible by the plugin (through API, interprocess communication, etc) Where are the settings for this restrictions and how/where are they enforced? (enforced by the plugin framework, by the OS, the plugin restricts itself, etc)

  6. Does the plugin have the capability to execute any application, script or other code?

  7. What user name and rights does the plugin run on? Can I have a dedicated user with limited privileges?

  8. Can the integrity of the plugin be verified? Can this check be enforced automatically, e.g. with an assigned hash value?

  9. Is there a shareable technology description about the structure and operation of the plugin framework? I’m not thinking about the description of the SDK, how to develop a plugin, but how the environment will run the plugin? How do it provide the interfaces, etc.

Thanks in advance for looking into this! :slight_smile: