Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
What are the options for running (possibly malicious) user-submitted scripts in node.js, securely? I.e. in an environment that prevents code from accessing sensitive data and APIs?
vm.runInNewContext(userScript, {}) is a tempting starting point… but it seems like there are known issues there.
The sandbox module looks interesting, but uses runInNewContext() as well so I’m a bit leery of it.
You should always run untrusted code in a separate process, which is exactly what the sandbox module does. A simple reason is that
vm.runInNewContext('while(true){}', {})will freeze node.It starts by spawning a separate process, which will later send the result serialized to JSON on its stdout. The parent process continues executing regardless of what the child does and can trigger a timeout.
The untrusted code is then wrapped in a closure with strict mode (in regular JavaScript, you can use
arguments.callee.callerto access data outside of your scope). Finally, a very limitedglobalobject is passed to prevent access to node’s API. The untrusted code can only do basic computation and has no access to files or sockets.While you should read sandbox’s code as an inspiration, I wouldn’t recommend using it as is:
For increased security, you could also consider using setuid-sandbox. It’s the code used by Google Chrome to prevent tab processes from accessing the file system. You would have to make a native module, but this example seems straightforward.