Sandboxing Scala

134 views
Skip to first unread message

Jacob Groundwater

unread,
Apr 9, 2012, 9:50:43 AM4/9/12
to scala-...@googlegroups.com
I wonder are there any convenient methods, frameworks etc to load sandboxed scala code?

I would like to create a web site that can run user-created scala code. Two requirements would be that code has limited memory and can be interrupted after a certain timeout. There's probably other more subtle requirements I haven't properly considered either.

Any thoughts would be greatly appreciated.

Aleksey Nikiforov

unread,
Apr 9, 2012, 10:07:26 AM4/9/12
to Jacob Groundwater, scala-...@googlegroups.com
I assume you already know how to embed the Scala interpreter so I will focus on sandboxing.

Interpreted code can be sandboxed with java security manager and custom permissions. This method relies on the fact that intepreter does not set code source location, so it must be updated if interpreter is changed to provide those values. Here is a gist of it:


Policy.setPolicy(new InterpretedPolicy());
System.setSecurityManager(new SecurityManager());

*****************************************************************************

import java.security.AllPermission
import java.security.CodeSource
import java.security.Permissions
import java.security.Policy
import java.security.ProtectionDomain

class InterpretedPolicy extends Policy {
  private val allPermissions = new Permissions
  allPermissions.add(new AllPermission)
  allPermissions.setReadOnly

  private val noPermissions = new Permissions
  noPermissions.setReadOnly

  override def getPermissions(codesource: CodeSource) = {
    if (codesource.getLocation == null) noPermissions
    else allPermissions
  }

  override def getPermissions(domain: ProtectionDomain) = {
    if (domain.getCodeSource.getLocation == null) noPermissions
    else allPermissions
  }
}


Cheers

Razvan Cojocaru

unread,
Apr 9, 2012, 12:47:15 PM4/9/12
to Jacob Groundwater, scala-...@googlegroups.com

You can use https://github.com/razie/scripster

 

see it in action here:

 

http://www.tryscala.com/

 

I did not worry about and/or solve the memory problem – all scripts share the same memory but there is a time check.

 

There is some element of permissions – the ones in use are: https://github.com/razie/scripster/blob/master/policyfile

 

The timeout thing is implemented here: https://github.com/razie/scripster/blob/master/src/main/scala/razie/scripster/Scripster.scala#L129

 

But it’s probably easier to just use Scripster and maybe contribute the memory limitation if you can figure out how… J

 

Cheers,

Razie

Jacob

unread,
Apr 9, 2012, 9:11:05 PM4/9/12
to Razvan Cojocaru, scala-...@googlegroups.com
Thanks Razvan and Aleksey.

I'll check these out today.

Razvan it would be nice to build off your existing tool. Are you actively working on tryscala.com?

From my morning googling it appears memory management is possible but impractical in a single JVM. Perhaps someone else can prove me wrong.

Walter Chang

unread,
Apr 9, 2012, 11:28:15 PM4/9/12
to Jacob, Razvan Cojocaru, scala-...@googlegroups.com
i believe jsr-284(http://jcp.org/en/jsr/detail?id=284) is what you are looking for.  sadly though, i couldn't find any open sourced reference implementation for it.
--
.......__o
.......\<,
....( )/ ( )...

Razvan Cojocaru

unread,
Apr 10, 2012, 8:48:20 AM4/10/12
to Jacob, scala-...@googlegroups.com

Yes – I’m keeping it up to date with major compiler versions etc. I haven’t added many features in a while, but every now and then I find time and work on it a bit. My next thing was to move it to Play and make that scriptable frame a play component or something.

 

Tell me what you need –

 

Cheers,

Razie

Jacob

unread,
Apr 10, 2012, 9:32:14 PM4/10/12
to Razvan Cojocaru, scala-...@googlegroups.com
Hi Razvan, 

I cloned your repo, and had a look. I tried to build the documentation, but am getting an odd error from sbt about not being able to find sbt

          UNRESOLVED DEPENDENCIES
org.scala-tools.sbt#sbt_2.9.1;0.7.7: not found

It looks promising however. I was able to have sbt pull your project into my own play application, so that works.

Do you have an online build of the docs anywhere?
Reply all
Reply to author
Forward
0 new messages