I made a beautiful graphviz editor! (Feedback needed)

Hi! I made an online graphviz editor which generates graphviz images that can be used directly on any website without a need to host images on a server. Instead of downloading the image and hosting it on a server, the user can just copy the link generated and use it anywhere.

Any feedback is highly appreciated! :blush:

Source code: https://github.com/ztjhz/graphviz-editor
Website: https://graphviz.tjh.sg/

Very cool! I played with this just now and it’s quite fun to experiment.

One minor thing: I don’t know much about building web sites, but this site absolutely hammers my machine. Typing visibly laggy, CPUs at 100%, … This doesn’t appear to be related to graph generation itself, because this is happening when just typing, not clicking “Generate.” If I had to guess, I’d say it was the background animation, which is also quite distracting while you’re trying to type. This is in Firefox 104.0.1 on Fedora 36 in an X11 session.

The functionality itself is very nice though!

Thanks for the feedback! :blush:
I have removed the animations, and will look into the CPU issue on fedora Firefox.

You’ll want to be a bit careful running Graphviz on the server and exposing it to the public internet; there’s a lot of possible exploits; you might want to sandbox it, or at least be careful to run it as a user that has very few permissions.

Thanks for the heads up! :slight_smile:
My partner who did the backend is an expert in cyber security, and the server is 100% secure.

I kinda doubt people in cybersecurity would claim anything to be 100% secure.

Graphviz has more memory corruption issues than we have people who can fix them: https://gitlab.com/graphviz/graphviz/-/issues/?search=fuzz&sort=updated_desc&state=opened&first_page_size=20; some of these issues may be exploitable.

I agree with Mark (I would seriously question the expertise of anyone who claims a computer-based system is “100% secure”), but from a quick look at the back end it appears to run the server inside Docker. So for a useful exploit, presumably you would have to chain a Graphviz bug with a container escape. So it’s more than script-kiddie level hacking.

Having said that, I would assume such a thing is possible. From the issues filed by Google Autofuzz that Mark linked, I expect most can be leveraged into RCE. At a guess, I would say it would take a motivated attacker only a few days to come up with something usable.

In the past, I’ve pondered whether we should ship a sandboxing tool with Graphviz. OS sandboxing mechanisms have reached a level of maturity on all the platforms we support that this would not be complex to implement. But I’ve shied away from this for threat modeling reasons. If you don’t trust a binary your vendor is shipping you, why would you trust the sandboxer they ship you? There’s a bit of nuance here (we’re trying to defend against malicious input, not an actively malicious binary), but I still think it’s wiser to depend on a third-party sandboxer with a more paranoid mindset (e.g. Bubblewrap). Ubuntu Snaps kind of have the right idea and macOS is moving in this direction, but decades of users expecting promiscuous file system access from their programs is making rolling this stuff out a bit of a tightrope-walk.

The wasm version is effectively sandboxed and Browsers aren’t the only environments that can host them…

Good point. WASM is probably the apex contemporary sandbox environment.