Received: by 10.236.191.40 with SMTP id f28mr100092953yhn.2.1342045929668; Wed, 11 Jul 2012 15:32:09 -0700 (PDT) X-BeenThere: nodejs@googlegroups.com Received: by 10.236.141.11 with SMTP id f11ls2277076yhj.9.gmail; Wed, 11 Jul 2012 15:31:55 -0700 (PDT) Received: by 10.236.200.131 with SMTP id z3mr20045338yhn.8.1342045915524; Wed, 11 Jul 2012 15:31:55 -0700 (PDT) Received: by 10.236.200.131 with SMTP id z3mr20045334yhn.8.1342045915492; Wed, 11 Jul 2012 15:31:55 -0700 (PDT) Return-Path: Received: from mail-gh0-f182.google.com (mail-gh0-f182.google.com [209.85.160.182]) by gmr-mx.google.com with ESMTPS id r48si876603yhm.3.2012.07.11.15.31.55 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 11 Jul 2012 15:31:55 -0700 (PDT) Received-SPF: pass (google.com: domain of mar...@laverdet.com designates 209.85.160.182 as permitted sender) client-ip=209.85.160.182; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of mar...@laverdet.com designates 209.85.160.182 as permitted sender) smtp.mail=mar...@laverdet.com Received: by ghbz22 with SMTP id z22so2529465ghb.27 for ; Wed, 11 Jul 2012 15:31:55 -0700 (PDT) d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:content-type:x-gm-message-state; bh=szIyeojmaZkKgm0J+SfL/D0gATRkzDpvT4CS8Io7lpg=; b=MY+HYSGiVuHW0qUYQAdSlvXfz8oVbf05JAwFaTAv6/JffkjhsO2gt0f5G3c7TF6b8i DAKs4+1qZF6O228AvSOFsVuhtESb+Q7qMKplgGQf5cwSAMrzQerRryO9BTujQ3PK3mbg hm+0G6Ryco3MPfeWhVABAxxqshXPEKuu3fiRXt3hiSYQS2LL0hlim+vd6o9EUBCy+zqL Ck36/mn+OCTzDCIVZ/CT1r/C2Ffn+i3x1nFn61GpSKRamXlYI/nyS2qtHjIek2/uYl5x 6bUEcUL3LHlGiws7P6QHa6aqGCOCDTzemxdRVhb3Ac+VbWJrP6dBGmZdn/4zbCLwqV4D UcIw== MIME-Version: 1.0 Received: by 10.50.217.137 with SMTP id oy9mr15928073igc.56.1342045915064; Wed, 11 Jul 2012 15:31:55 -0700 (PDT) Received: by 10.231.117.149 with HTTP; Wed, 11 Jul 2012 15:31:54 -0700 (PDT) X-Originating-IP: [72.179.53.198] In-Reply-To: <61b13cb6-4660-41c9-b0f2-bdc2b8a2639c@googlegroups.com> References: <883c40c0-16c9-42e0-b39a-ce9a81536f31@googlegroups.com> <61b13cb6-4660-41c9-b0f2-bdc2b8a2639c@googlegroups.com> Date: Wed, 11 Jul 2012 17:31:54 -0500 Message-ID: Subject: Re: [nodejs] Compiling JS for Safe vm.runInNewContext() From: Marcel Laverdet To: nodejs@googlegroups.com Content-Type: multipart/alternative; boundary=14dae9340e850a297004c4956acc X-Gm-Message-State: ALoCoQnKAJQYinkD5JCmFiCpWW8VBtP6tnJhJlj9gL1Azf791Jevsdabim3tbfAZi+2vou80JmgX --14dae9340e850a297004c4956acc Content-Type: text/plain; charset=ISO-8859-1 "Too robust" is not a thing. This is a problem that is very complex. As mentioned in later replies by the Caja team and others since node is using a very modern version of v8 you can run Caja with minimal translations that are all done in pure-JS. With regards to infinite loops you've got another thing on your hands. You will need to write some C++ code for this, but it's certainly possible to write a version of vm.runInNextContext() that has a timeout. Alternatively you could use a node process for each instance, and terminate with a SIGKILL. On Wed, Jul 11, 2012 at 1:24 PM, Kevin O wrote: > Thanks for the suggestion. Caja does seem like it's pretty robust but > maybe more than I need. Plus, I would have to call out to a service every > time I compile or re-implement the whole thing in node to use it. Neither > is really an option, unfortunately. > > On Wednesday, 11 July 2012 13:17:23 UTC-4, Marcel wrote: >> >> Look at Google Caja, this does exactly what you describe. It's a very >> complicated problem. >> >> On Wednesday, July 11, 2012, Angel Java Lopez wrote: >> >>> I presented a project (idea, no code yet) that needs that feature, too. >>> >>> Game server (as a service?) that accepts logic code from game tenants. >>> Another project needs something like this (it's like >>> https://github.com/ryanb/ruby-**warrior/ >>> ) >>> >>> So, thanks for the question, and for any answer! >>> >>> Angel "Java" Lopez >>> >>> On Wed, Jul 11, 2012 at 1:52 PM, Kevin O wrote: >>> >>>> We are working on an app where we want to give users the ability to >>>> upload JS scripts to process their data in our app. >>>> >>>> Insane, right? :) Well we are going to do it in a sane way or not do >>>> it at all. We understand the risks. >>>> >>>> I want to take raw JS input from the user, generate an AST, >>>> cleanse/evaluate/mangle it, then "re-compile" to minified JS *only*when we know is safe. If the script is doing unsafe things, we'll return >>>> compiler errors. Our compiler needs to be able to limit the JS globals to a >>>> short "whitelist". i.e. stuff like eval() is not available within the >>>> script. >>>> >>>> Scripts will be run in our node app using vm.runInNewContext(). We will >>>> pass in a context object with the data that the user will be processing >>>> with their script. >>>> >>>> Has anyone done something like this? I have a small bit of code started >>>> using uglify but am wondering if there are some other projects or design >>>> ideas I can pluck from before getting to deep into the weeds. >>>> >>>> Thanks >>>> >>>> Kevin >>>> >>>> -- >>>> Job Board: http://jobs.nodejs.org/ >>>> Posting guidelines: https://github.com/joyent/**node/wiki/Mailing-List- >>>> **Posting-Guidelines >>>> You received this message because you are subscribed to the Google >>>> Groups "nodejs" group. >>>> To post to this group, send email to nodejs@googlegroups.com >>>> To unsubscribe from this group, send email to >>>> nodejs+unsubscribe@**googlegroups.com >>>> For more options, visit this group at >>>> http://groups.google.com/**group/nodejs?hl=en?hl=en >>>> >>> >>> -- >>> Job Board: http://jobs.nodejs.org/ >>> Posting guidelines: https://github.com/joyent/**node/wiki/Mailing-List-* >>> *Posting-Guidelines >>> You received this message because you are subscribed to the Google >>> Groups "nodejs" group. >>> To post to this group, send email to nodejs@googlegroups.com >>> To unsubscribe from this group, send email to >>> nodejs+unsubscribe@**googlegroups.com >>> For more options, visit this group at >>> http://groups.google.com/**group/nodejs?hl=en?hl=en >>> >> > On Wednesday, 11 July 2012 13:17:23 UTC-4, Marcel wrote: >> >> Look at Google Caja, this does exactly what you describe. It's a very >> complicated problem. >> >> On Wednesday, July 11, 2012, Angel Java Lopez wrote: >> >>> I presented a project (idea, no code yet) that needs that feature, too. >>> >>> Game server (as a service?) that accepts logic code from game tenants. >>> Another project needs something like this (it's like >>> https://github.com/ryanb/ruby-**warrior/ >>> ) >>> >>> So, thanks for the question, and for any answer! >>> >>> Angel "Java" Lopez >>> >>> On Wed, Jul 11, 2012 at 1:52 PM, Kevin O wrote: >>> >>>> We are working on an app where we want to give users the ability to >>>> upload JS scripts to process their data in our app. >>>> >>>> Insane, right? :) Well we are going to do it in a sane way or not do >>>> it at all. We understand the risks. >>>> >>>> I want to take raw JS input from the user, generate an AST, >>>> cleanse/evaluate/mangle it, then "re-compile" to minified JS *only*when we know is safe. If the script is doing unsafe things, we'll return >>>> compiler errors. Our compiler needs to be able to limit the JS globals to a >>>> short "whitelist". i.e. stuff like eval() is not available within the >>>> script. >>>> >>>> Scripts will be run in our node app using vm.runInNewContext(). We will >>>> pass in a context object with the data that the user will be processing >>>> with their script. >>>> >>>> Has anyone done something like this? I have a small bit of code started >>>> using uglify but am wondering if there are some other projects or design >>>> ideas I can pluck from before getting to deep into the weeds. >>>> >>>> Thanks >>>> >>>> Kevin >>>> >>>> -- >>>> Job Board: http://jobs.nodejs.org/ >>>> Posting guidelines: https://github.com/joyent/**node/wiki/Mailing-List- >>>> **Posting-Guidelines >>>> You received this message because you are subscribed to the Google >>>> Groups "nodejs" group. >>>> To post to this group, send email to nodejs@googlegroups.com >>>> To unsubscribe from this group, send email to >>>> nodejs+unsubscribe@**googlegroups.com >>>> For more options, visit this group at >>>> http://groups.google.com/**group/nodejs?hl=en?hl=en >>>> >>> >>> -- >>> Job Board: http://jobs.nodejs.org/ >>> Posting guidelines: https://github.com/joyent/**node/wiki/Mailing-List-* >>> *Posting-Guidelines >>> You received this message because you are subscribed to the Google >>> Groups "nodejs" group. >>> To post to this group, send email to nodejs@googlegroups.com >>> To unsubscribe from this group, send email to >>> nodejs+unsubscribe@**googlegroups.com >>> For more options, visit this group at >>> http://groups.google.com/**group/nodejs?hl=en?hl=en >>> >> -- > Job Board: http://jobs.nodejs.org/ > Posting guidelines: > https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines > You received this message because you are subscribed to the Google > Groups "nodejs" group. > To post to this group, send email to nodejs@googlegroups.com > To unsubscribe from this group, send email to > nodejs+unsubscribe@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/nodejs?hl=en?hl=en > --14dae9340e850a297004c4956acc Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable "Too robust" is not a thing. This is a problem that is very compl= ex. As mentioned in later replies by the Caja team and others since node is= using a very modern version of v8 you can run Caja with minimal translatio= ns that are all done in pure-JS.

With regards to infinite loops you've got another thing = on your hands. You will need to write some C++ code for this, but it's = certainly possible to write a version of vm.runInNextContext() that has a t= imeout. Alternatively you could use a node process for each instance, and t= erminate with a SIGKILL.

On Wed, Jul 11, 2012 at 1:24 PM, Kevin O <kevinohar...@gmail.com> wrote:
Thanks for the suggestion.=A0Caja does seem like it's pretty robust but= maybe more than I need.=A0Plus, I would have to call out to a service ever= y time I compile or re-implement the whole thing in node to use it. Neither= is really an option, unfortunately.

On Wednesday, 11 July 2012 13:17:23 UTC-4, = Marcel wrote:
Look at Google Caja, = this does exactly what you describe. It's a very complicated problem.

On Wednesday, July 11, 2012, Angel Java Lopez wrote:
I presented a project (idea, no code yet) that needs that feature, too.
Game server (as a service?) that accepts logic code from ga= me tenants.
Another project needs something like this (it's l= ike=A0 https:= //github.com/ryanb/ruby-warrior/=A0)

So= , thanks for the question, and for any answer!

Ang= el "Java" Lopez

On Wed, Jul 11, 2012 at 1:52 PM, Kevin O <kevinohar...@gmail.com> wrote:
We are working on an app where we want to give users the ability to upload = JS scripts to process their data in our app.

Insane, rig= ht? :) =A0Well we are going to do it in a sane way or not do it at all. We = understand the risks.

I want to take raw JS input from the user, generate an = AST, cleanse/evaluate/mangle it, then "re-compile" to minified JS= only when we know is safe. If the script is doing unsafe things, we= 'll return compiler errors.=A0Our compiler needs to be able to limit th= e JS globals to a short "whitelist". i.e. stuff like eval() is no= t available within the script.=A0

Scripts will be run in our node app using vm.runInNewCo= ntext(). We will pass in a context object with the data that the user will = be processing with their script.=A0

Has anyone don= e something like this? I have a small bit of code started using uglify but = am wondering if there are some other projects or design ideas I can pluck f= rom before getting to deep into the weeds.=A0

Thanks

Kevin

--
Job Board: http://job= s.nodejs.org/
Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to nodejs@googlegroups.com
To unsubscribe from this group, send email to
nodejs+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=3Den?hl=3Den

--
Job Board: http://job= s.nodejs.org/
Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to nodejs@googlegroups.com
To unsubscribe from this group, send email to
nodejs+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=3Den?hl=3Den

On Wednesday, 11 July 2= 012 13:17:23 UTC-4, Marcel wrote:
Look at Google Caja, this does exactly what you describe. It's a very = complicated problem.

On Wednesday, July 11, 2012, Angel Java Lopez wrote:
I presented a project (idea, no code yet) that needs that feature, too.
Game server (as a service?) that accepts logic code from ga= me tenants.
Another project needs something like this (it's l= ike=A0 https:= //github.com/ryanb/ruby-warrior/=A0)

So= , thanks for the question, and for any answer!

Ang= el "Java" Lopez

On Wed, Jul 11, 2012 at 1:52 PM, Kevin O <kevinohar...@gmail.com> wrote:
We are working on an app where we want to give users the ability to upload = JS scripts to process their data in our app.

Insane, rig= ht? :) =A0Well we are going to do it in a sane way or not do it at all. We = understand the risks.

I want to take raw JS input from the user, generate an = AST, cleanse/evaluate/mangle it, then "re-compile" to minified JS= only when we know is safe. If the script is doing unsafe things, we= 'll return compiler errors.=A0Our compiler needs to be able to limit th= e JS globals to a short "whitelist". i.e. stuff like eval() is no= t available within the script.=A0

Scripts will be run in our node app using vm.runInNewCo= ntext(). We will pass in a context object with the data that the user will = be processing with their script.=A0

Has anyone don= e something like this? I have a small bit of code started using uglify but = am wondering if there are some other projects or design ideas I can pluck f= rom before getting to deep into the weeds.=A0

Thanks

Kevin

--
Job Board: http://job= s.nodejs.org/
Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to nodejs@googlegroups.com
To unsubscribe from this group, send email to
nodejs+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=3Den?hl=3Den

--
Job Board: http://job= s.nodejs.org/
Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to nodejs@googlegroups.com
To unsubscribe from this group, send email to
nodejs+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=3Den?hl=3Den

--
Job Board: http://job= s.nodejs.org/
Posting guidelines: https://github.com/joyent/node/w= iki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to nodejs@googlegroups.com
To unsubscribe from this group, send email to
= nodejs+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=3Den?hl=3Den

--14dae9340e850a297004c4956acc--