How to create save sandbox child scripts

[Norman Paniagua]

Hi, I've a dilema, recently I was create a simple BaaS, it works fine, its build with koa and node 0.11 with harmony flags, but don't know how to build a system that let users upload their Nodejs scripts (not full apps, just simple javascript triggers for the database, like before save and after save) but how can I build a sandbox so the script only access the resources that I provide and not the entire server.

I was thinking this maybe its not all related to Nodejs but also to virtualising environments with something like docker or similar, but if there is a pure Nodejs way I want to know.

Regards

[Jimb Esser]

Short answer: If you want to be completely safe, you need to use OS-level security (chroot, etc) (and possibly still need to block out network communication and such).

Longer answer: There are other less extreme (still in your process) methods that more limit what a user can do.  At Cloud Party (no longer running since our team was acquired by Yahoo Games) we allowed users to script game objects with Javascript and secured it by parsing the Javascript into a syntax tree (I think we used uglify for that), and applied an incredibly strict white list (really creating a butchered subset of the language that only looks like Javascript ;).  Initially we allowed no function declarations (could only call our API functions), no for/do/while loops (otherwise they could hang forever), and had to wrap object property access (to prevent getting at things like .__proto, etc), and eventually expanded our system to insert some hooks to detect loops/recursive functions/etc which were spinning out of control.

Assuming your use case isn't as real-time as ours was (needed to be running thousands of little scripts up to 30 times a second each), I'd probably go the route of spawning a separate node process in a chroot to run your user's code (wrapped appropriately so they can't get at require/module/process/etc if you want to block network access and such).  There is quite a bit of overhead to spawning a new process though, of course.

- Jimb

[greelgorke]

there is the vm module  in the core API http://nodejs.org/api/vm.html

you can create new sandboxes and control them to some extent

[Norman Paniagua]

I need that users scripts run with a trigger, i.e. when a collection is saved/deleted there can be 2 scripts that runs, one before and one after, also will be cool to limit the time that the scripts runs maybe a burst limit of 15 o 30 seconds, so we prevent that users consume so much resources, I don't want to limit loops or conditions, only that user require modules outside their environment and example of what I want to accomplish in similar to Parse Cloud Functions, basically it gave you a structure that you need to follow, like a folder where you have 2 folders one with the data of your app (id and secret keys) and other with your code, where you can require modules inside this folder. but also it have limited functionality, seems that some nodejs functions was override or something similar.

This is not my area so I'm lost of how to start investigating this kind of things, because seems that is required a lot of server management and also touch in some way nodejs (maybe its possible to override nodejs in realtime or for certain child proceses).

Regards

[Norman Paniagua]

Thanks, I'll check it out!

---

Norman Paniagua