背景与价值WebAssembly具备高性能但需要严格能力治理。限制导入与资源,可防止滥用与越权。统一规范导入白名单:仅允许受控模块与函数导入。资源限制:限定内存与表大小;禁止未经授权的WASI能力。审计:记录实例化与执行异常。核心实现导入过滤与资源限制占位type ImportSpec = { module: string; func: string }
const allowImports = new Set<string>(['env:log','env:getVersion'])
function allowedImport(module: string, func: string): boolean { return allowImports.has(module + ':' + func) }
function memoryAllowed(initialPages: number, maxPages: number): boolean { return initialPages >= 1 && maxPages <= 256 && initialPages <= maxPages }
实例化治理type WasmModule = ArrayBuffer
type WasmInstance = { exports: Record<string, any> }
async function instantiate(wasm: WasmModule, imports: Record<string, Record<string, Function>>, initialPages = 10, maxPages = 64): Promise<WasmInstance | null> {
if (!memoryAllowed(initialPages, maxPages)) return null
for (const [mod, funcs] of Object.entries(imports)) for (const f of Object.keys(funcs)) if (!allowedImport(mod, f)) return null
const mem = new WebAssembly.Memory({ initial: initialPages, maximum: maxPages })
const merged = { ...imports, env: { ...imports.env, memory: mem } }
const { instance } = await WebAssembly.instantiate(wasm, merged)
return instance as any
}
落地建议维护导入白名单与资源上限,禁止未经授权的WASI能力与文件/网络访问。记录实例化与执行异常日志用于审计与优化。验证清单导入是否命中白名单;内存是否在限制范围内。
发表评论 取消回复