How to add and install deps without stopping phoenix server (hex package)

kokolegorille · April 10, 2022, 6:26pm

It is not the tool that is insecure, it is how You use it. And the way You want to use it is insecure.

The Beam was not created with security in mind. If You can load a module, You can potentially do whatever You want.

There are ways to safely add functionalities, with a sandbox, and Luerl.

shahryarjb · April 10, 2022, 7:24pm

Sorry, I can not understand the security part, for example you have a project and add some mix after compile you start it again!! Now we create another node, before this we add mix and compile and start it again.

What is the difference between them?

I will try Luerl but it is Erlang, and I am not familiar Enough

If it is possible, please explain this
Thank you

kokolegorille · April 10, 2022, 7:48pm

I did not say adding dependencies was a security issue.

I wanted to highlight loading module dynamically, as You intended to do at first, is not secure.

Luerl is not Erlang, it’s Lua on the Beam.

shahryarjb · April 10, 2022, 8:03pm

Oh, thank you, yes after your suggestion and the other dear friends I left that idea.
At first, I want to try to create different node and compile all new dependencies in new node of source.
But some gap I have in my mind like how to create some hook to migrate developer’s state and even how to create another node and test it is loaded or not completely automatic.

I will try it and create a new post for this idea.

I appreciate you in advance, this post has prepared many things Informative for me.

Exadra37 · April 10, 2022, 10:49pm

To give you some context I work as a Developer Advocate in API and Mobile Security.

I am without words, because to me this is pure no sense.

No programming language or framework will make impossible for the developer to create security issues in the application he is developing.

Ultimately is up to the developer to educate himself about security and think like an attacker when designing is project and coding it. The problem is that in our industry developers are not educated to do so, instead they are learn how to ship it as fast as they can, you know the sentence “it works, ship it!”, and then is what we see, data breaches daily all over the place.

I strongly recommend you to invest some time in educating yourself about security and how to think like an attacker.

The best resource I know, and that I took several years ago, is this one:

The prevalence of online attacks against websites has accelerated quickly in recent years and the same risks continue to be readily exploited. However, these are very often easily identified directly within the browser; it’s just a matter of understanding the vulnerable patterns to look for.

This course, Hack Yourself First: How to go on the Cyber-Offense, comes at security from the view of the attacker in that their entry point is typically the browser. They have a website they want to probe for security risks and this is how they go about it.

This approach is more reflective of the real online threat than reviewing source code is and it empowers developers to begin immediately assessing their applications even when they’re running in a live environment without access to the source. After all, that’s what online attackers are doing.

During the course you will be playing with this very vulnerable website to learn how to think like an attacker.

shahryarjb · April 29, 2022, 10:21am

Hi friends, I have created a simple code to install deps in runtime. You can see it in this video.

It can help my CMS to have an installer, like Joomla, WordPress! But losing the app state will be updated is my problem.
The question is when admin user want to update a library which has state (it has been installed and activated before), I need to stop and unload it, hence I am going to lose the dep state, it is my responsibility to save external developer dep, or I need to create structure to send him a request and he/she saves the state.

I need your suggestion, thank you in advance.

Code:

github.com

mishka-group/mishka_installer/blob/master/lib/installer/run_time_sourcing.ex

defmodule MishkaInstaller.Installer.RunTimeSourcing do
  @moduledoc """
  This module is created just for compiling and sourcing, hence if you want to work with Json file and the other compiling dependencies
  please see the `MishkaInstaller.Installer.DepHandler` module.
  """

  @type ensure() :: :bad_directory | :load | :no_directory | :sure_all_started
  @type do_runtime() :: :application_ensure | :prepend_compiled_apps

  @spec do_runtime(atom(), atom()) ::{:ok, :application_ensure} | {:error, do_runtime(), ensure(), any}
  def do_runtime(app, :add) when is_atom(app) do
    get_build_path()
    |> File.ls!()
    |> compare_dependencies()
    |> prepend_compiled_apps()
    |> application_ensure(app, :add)
  end

  def do_runtime(app, :soft_update) when is_atom(app) do
    if(Atom.to_string(app) in File.ls!(get_build_path()), do: ["#{app}"], else: false)

This file has been truncated. show original

Update

I see some Erlang source code, when they want to update a gen server, they freeze it and after update resume.

But how can freeze all the state which are created by a specific app I want to update and the states maybe dynamic supervisors

Why I do stop, because I can not use Application.load(app) when the app exists before, so I need to unload it, for example update timex to new version, it needs to be stop and after that it lets me to update and load again

This section code:

github.com

mishka-group/mishka_installer/blob/master/lib/installer/run_time_sourcing.ex#L76-L88

      
        
            defp application_ensure({:ok, :prepend_compiled_apps}, app, :soft_update) do
              Application.stop(app)
              with {:unload, :ok} <- {:unload, Application.unload(app)},
                   {:load, :ok} <- {:load, Application.load(app)},
                   {:sure_all_started, {:ok, _apps}} <- {:sure_all_started, Application.ensure_all_started(app)} do
            
            
      {:ok, :application_ensure}
              else
                {:unload, {:error, term}} -> {:error, :application_ensure, :unload, term}
                {:load, {:error, term}} -> {:error, :application_ensure, :load, term}
                {:sure_all_started, {:error, {app, term}}} -> {:error, :application_ensure, :sure_all_started, {app, term}}
              end
            end