Limiting execution of software programs

摘要

Techniques are disclosed for limiting execution of software programs. For example, a method comprises the following steps. A first set of program code is extracted from a second set of program code. The extracted first set of program code is parsed to generate a parsed structure. The parsed structure generated from the first set of program code is examined for one or more expressions predetermined to be unsafe for execution. The one or more expressions predetermined to be unsafe for execution that are contained in the first set of program code are detected. In one example, the first set of program code may be a script generated with the JavaScript™ scripting language and the second set of program code may be a business process.

主权项

1. An apparatus comprising:
a memory; and a processor device operatively coupled to the memory and configured to: generate a configuration file comprising one or more constructs predetermined to be unsafe for execution as identified by a user; extract a first set of program code from a second set of program code; parse the extracted first set of program code to generate a parsed structure; examine the parsed structure generated from the first set of program code for one or more expressions that use at least one of the one or more constructs predetermined to be unsafe for execution, wherein the examination further comprises providing a looping guard to verify if the entire first set of program code has been examined; detect the one or more expressions that use at least one of the one or more constructs predetermined to be unsafe for execution that are contained in the first set of program code, wherein the detecting step further comprises flagging each of the one or more expressions that use at least one of the one or more constructs predetermined to be unsafe for execution that are contained in the first set of program code; and generate an unsafe-expression flagged version of the first set of program code for editing by a user.