Secure third party scripting environment

US 8,453,239 B2
Filed: 06/20/2011
Issued: 05/28/2013
Est. Priority Date: 08/25/2010
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method for securing a third party scripting environment, the computer-implemented method comprising:

receiving, by a computing device, a document to form a source input;

defining, by the computing device, a schema with functionality of an underlying target script language, wherein defining the schema comprises identifying operations for the target script language to form a group of identified operations, wherein only the identified operations are deemed safe in the target script language;

responsive to determining, by the computing device, that the source input includes at least one operation that is not included in the group of identified operations, rejecting the source input; and

responsive to determining, by the computing device, that the source input includes only operations that are included in the group of identified operations;

applying, by the computing device, the schema to the source input to generate clean language definitions; and

translating, by the computing device, the clean language definitions into a translated script of the target script language.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An illustrative embodiment of a computer-implemented method for securing a third party scripting environment receives a document to form a source input, defines a schema with functionality of an underlying target script language, applies the schema to the source input to generate clean language definitions and translates the clean language definitions into a translated script of the target script language.

13 Citations

20 Claims

1. A computer-implemented method for securing a third party scripting environment, the computer-implemented method comprising:
- receiving, by a computing device, a document to form a source input;
  
  defining, by the computing device, a schema with functionality of an underlying target script language, wherein defining the schema comprises identifying operations for the target script language to form a group of identified operations, wherein only the identified operations are deemed safe in the target script language;
  
  responsive to determining, by the computing device, that the source input includes at least one operation that is not included in the group of identified operations, rejecting the source input; and
  
  responsive to determining, by the computing device, that the source input includes only operations that are included in the group of identified operations;
  
  applying, by the computing device, the schema to the source input to generate clean language definitions; and
  
  translating, by the computing device, the clean language definitions into a translated script of the target script language.
- View Dependent Claims (2, 3, 4, 5, 6, 9, 19)
- - 2. The computer-implemented method of claim 1, wherein translating the clean language definitions to the target script language further comprises:
    - determining whether to apply additional conditional processing to the clean language definitions;
      
      responsive to the determination to apply the additional conditional processing to the clean language definitions, applying the additional conditional processing to the clean language definitions; and
      
      translating the clean language definitions into the translated script of the target script language.
  - 3. The computer-implemented method of claim 2, wherein the additional conditional processing includes application of further controls, filters and constraints including restriction and denial of processing to predetermined amounts of data processing resources.
  - 4. The computer-implemented method of claim 1, further comprising:
    - executing the translated script in a third party execution environment to form a result; and
      
      sending the result to a requester.
  - 5. The computer-implemented method of claim 4, wherein the third party execution environment is capable of processing identified operations and unidentified operations, and wherein unidentified operations are deemed unsafe.
  - 6. The computer-implemented method of claim 1, wherein the document remains unmodified.
  - 9. The computer program product of claim 6, wherein computer executable program code for the additional conditional processing includes computer executable program code for application of further controls, filters and constraints including restriction and denial of processing to predetermined amounts of data processing resources.
  - 19. The method of claim 1, wherein determining that the source input includes at least one operation that is not included in the group of identified operations comprises determining that the source input includes at least one operation that includes a directory in a file name.

7. A computer program product for securing a third party scripting environment, the computer program product comprising:
- a computer-readable storage device containing computer executable program code stored thereon, the computer executable program code comprising;
  
  computer executable program code to receive a document to form a source input;
  
  computer executable program code to define a schema with functionality of an underlying target script language, wherein defining the schema comprises identifying operations for the target script language to form a group of identified operations, wherein only the identified operations are deemed safe in the target script language;
  
  computer executable program code to reject the source input responsive to determining that the source input includes at least one operation that is not included in the group of identified operations;
  
  computer executable program code to apply the schema to the source input to generate clean language definitions responsive to determining that the source input includes only operations that are included in the group of identified operations; and
  
  computer executable program code to translate the clean language definitions into a translated script of the target script language responsive to determining that the source input includes only operations that are included in the group of identified operations.
- View Dependent Claims (8, 10, 11, 12, 20)
- - 8. The computer program product of claim 7, wherein computer executable program code to translate the clean language definitions to the target script language further comprises:
    - computer executable program code to determine whether to apply additional conditional processing to the clean language definitions;
      
      computer executable program code responsive to the determination to apply the additional conditional processing to the clean language definitions, to apply the additional conditional processing to the clean language definitions; and
      
      computer executable program code to translate the clean language definitions into the translated script of the target script language.
  - 10. The computer program product of claim 7, further comprising:
    - computer executable program code to execute the translated script in a third party execution environment to form a result; and
      
      computer executable program code to send the result to a requester.
  - 11. The computer program product of claim 10, wherein the third party execution environment is capable of processing identified operations and unidentified operations, and wherein unidentified operations are deemed unsafe.
  - 12. The computer program product of claim 7, wherein the document remains unmodified.
  - 20. The computer program product of claim 7, wherein the computer executable program code to determine that the source input includes at least one operation that is not included in the group of identified operations comprises computer executable program code to determine that the source input includes at least one operation that includes a directory in a file name.

13. An apparatus for securing a third party scripting environment, the apparatus comprising:
- a communications fabric;
  
  a computer-readable medium connected to the communications fabric, wherein the computer-readable medium contains computer executable program code;
  
  a communications unit connected to the communications fabric;
  
  an input/output unit connected to the communications fabric;
  
  a display connected to the communications fabric; and
  
  a processor unit connected to the communications fabric, wherein the processor unit executes the computer executable program code to direct the apparatus to;
  
  receive a document to form a source input;
  
  define a schema with functionality of an underlying target script language, wherein defining the schema comprises identifying operations for the target script language to form a group of identified operations, wherein only the identified operations are deemed safe in the target script language;
  
  responsive to determining that the source input includes at least one operation that is not included in the group of identified operations, reject the source input; and
  
  responsive to determining that the source input includes only operations that are included in the group of identified operations;
  
  apply the schema to the source input to generate clean language definitions; and
  
  translate the clean language definitions into a translated script of the target script language.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The apparatus of claim 13, wherein the processor unit executing the computer executable program code to translate the clean language definitions to the target script language further directs the apparatus to:
    - determine whether to apply additional conditional processing to the clean language definitions;
      
      responsive to the determination to apply the additional conditional processing to the clean language definitions, apply the additional conditional processing to the clean language definitions; and
      
      translate the clean language definitions into the translated script of the target script language.
  - 15. The apparatus of claim 14, wherein the additional conditional processing includes application of further controls, filters and constraints including restriction and denial of processing to predetermined amounts of data processing resources.
  - 16. The apparatus of claim 13, wherein the processor unit executing the computer executable program code further directs the apparatus to:
    - execute the translated script in a third party execution environment to form a result; and
      
      send the result to a requester.
  - 17. The apparatus of claim 16, wherein the third party execution environment is capable of processing identified operations and unidentified operations, and wherein unidentified operations are deemed unsafe.
  - 18. The apparatus of claim 13, wherein the processor unit executes the computer executable program code to determine that the source input includes at least one operation that is not included in the group of identified operations at least by executing computer executable program code to determine that the source input includes at least one operation that includes a directory in a file name.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Pawlowsky, Marc Andrew
Primary Examiner(s)
DADA, BEEMNET W

Application Number

US13/164,571
Publication Number

US 20120054861A1
Time in Patent Office

708 Days
Field of Search

726 22- 24, 717/114, 717/136, 717/137
US Class Current

726/22
CPC Class Codes

G06F 8/51 Source to source

Secure third party scripting environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

13 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure third party scripting environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links