I'm writing a Node app that allows users to execute arbitrary javascript code - sort of an "internal API" / business flow that extends beyond the regular UI.
I'm looking for a sandbox environment that offers the following:
Separate execution without spawning an entirely new thread - this would be run by thousands of users, I'd prefer to stick with anonymous functions that have no access to the parent call stack... OR... in the event of threads... the ability to spawn across multiple servers.
Syntax checking that throws Exceptions on parse/exec errors vs. crashing the entire app.
The ability to disable functions/var access. I'm trying to prevent access to Node's I/O... so a user can't turn this into a DoS script or read /etc/passwd, but can run any native syntax and a list of pre-approved functions.
Timeout control... so an execution ceiling can apply to while(true) do_intensive_stuff();, etc.
Any obvious choices spring to mind?
Google for 'node js sandbox' and you'll get a few hits of projects of various age and maturity.
http://gf3.github.com/sandbox/ seems to be popular.
solution 1: use js.js interpreter. Solves sandboxing, but does nod solve timeout control.
solution 2: have pool of sandboxed worker node.js processes (each in its own chroot or separate vm environment), communicating via tcp socket/dnode/your own rpc. Input tasks wait in the queue, if execution limit is hit whole process is killed and respawned, if not it is reused for the next task. That way you are not limited by single machine and can easily scale horizontally.
Also try to check how workers are implemented in travis-ci
There's another module that can do the job - vm2. Unlike sandbox it allows you to securly run untrusted code with whitelisted built-in node objects.