src/views/docs/security.ejs
<%
title = 'security'
description = 'Securing mountebank against remote execution attacks'
%>
<%- include('../_header') -%>
<h1>Security</h1>
<p>mountebank is programmable through <a href='/docs/api/injection'>injection</a>. This makes
the tool very extensible and flexible, but it should only be used with an understanding of the
security implications. When you enable the <a href='/docs/commandLine'><code>--allowInjection</code></a>
flag, you aren't just giving yourself the ability to extend mountebank: you're also potentially enabling
attackers remote execution capabilities on your machine.</p>
<p>mountebank highly recommends you take the following approaches to securing your environment if you
require <code>--allowInjection</code>:</p>
<ul class='bullet-list'>
<li>ALWAYS run <code>mb</code> as an unprivileged user</li>
<li>If possible, set the <a href='/docs/commandLine'><code>--localOnly</code></a> flag to only accept
requests from localhost. There's no reason not to do this when running directly (e.g., not inside
Docker or a VM) on your local developer machine.</li>
<li>Whitelist all IP addresses allowed to connect to mountebank by setting the
<a href='/docs/commandLine'><code>--ipWhitelist</code></a> flag.</li>
<li>Consider using a local OS level firewall like iptables</li>
<li>Consider running <code>mb</code> in a Docker environment or under a <code>chroot</code> operation
to prevent access to the full filesystem</li>
</ul>
<p>The most secure option, of course, is to simply not use the <code>--allowInjection</code> flag.
If there are common operations you find yourself using injection for, feel free to suggest those operations
as core features in a future release of mountebank.</p>
<p>By default, CORS is disabled to prevent CSRF attacks. To enable, you must explicitly pass safe origins
on the command line using the <a href='/docs/commandLine'><code>--origin</code></a> flag.</p>
<%- include('../_footer') -%>