Built-in node / javascript sandbox?

Question

Built-in node / javascript sandbox?

I am writing a Node application that allows users to execute arbitrary javascript code - a kind of "internal API" / business stream that goes beyond the normal user interface.

I am looking for a sandbox environment that offers the following:

Separate execution without creating a completely new thread - this will be performed by thousands of users, I would prefer to stick to anonymous functions that do not have access to the parent call stack ... OR ... in the threads event ... the possibility of appearing on multiple servers.
Syntax checking that throws exceptions for parse / exec errors and the entire application crashes.
Ability to disable access to / var functions. I am trying to deny access to Node I / O ... so the user cannot turn this into a DoS script or read / etc / passwd, but can run any native syntax and list of pre-approved functions.
Timeout control ... so the execution ceiling can be applied to while(true) do_intensive_stuff();etc.

Any obvious spring options for the mind?

+5

javascript node.js v8 sandbox

Lee benson Jul 25 '12 at 9:31

source share

3 answers

Solution 1: use the js.js interpreter. Allows the sandbox, but makes the nod a decisive timeout.

2: node.js( chroot vm), tcp socket/dnode/ rpc. , , , . , .

, travis-ci

0

Andrey Sidorov 25 . '12 13:00

There is another module that can do this job - vm2 . In contrast sandbox, you can safely run untrusted code with built-in node objects with a list of white items.

0

Patrik Šimek Feb 14 '15 at 22:00

source share

Tim · Accepted Answer · 2012-07-31T05:08:06+0000

Google for 'node js sandbox' and you will get some hits of projects of different ages and maturity.

http://gf3.github.com/sandbox/ seems to be popular.

Built-in node / javascript sandbox?

More articles: