Securing SSJS against unverified code

Question

I want to use node.js (or other SSJS solution), running my own code + external written code inside (untrusted).

Any way to seperate and protect my own code? Could I limit the modules and system effect of th untrusted code (limit access to files, non HTTP ports, etc.)?

Answer 1

You can check out this project, it seems very promising:

http://github.com/gf3/node-sandbox

Personally, I don't use Node to do arbitrary SSJS execution. You probably won't like this solution, but it's worked fine for me for about a year:

There's a Perl implementation of Spidermonkey's API (Spidermonkey is Firefox's JS engine) that's available. I hooked that up with the help of some CGI. You can specify in it exactly what functions you want to expose (granted, it's in Perl...blech) and execute whatever code you please. There's no risk of vulnerabilities since the entire setup is completely sandboxed. It does not simulate the DOM.

The way I implemented this on my server (to prevent abuse) was to issue tokens which granted a one-use access through a REST API on a different server. It's a simple HMAC implementation that includes a timestamp to enforce the legitimacy of the token. When the Perl script receives a request, it validates the token and processes the script (the script should just be part of a POST request). The Perl script then just writes the results. My server is set to hit a timeout at around 10 seconds.

Hope this helps!

Answer 2

Check out this from the node.js documentation

script.runInNewContext([sandbox])

Similar to Script.runInNewContext (note capital 'S'), but now being a method of a precompiled Script object. script.runInNewContext runs the code of script with sandbox as the global object and returns the result. Running code does not have access to local scope. sandbox is optional.

http://nodejs.org/api.html#script-runinnewcontext-105