What is the best way to run untrusted hooks/plugins?October 13, 2019
I am building a data processing system where users may submit hooks to do on incoming information.
The hooks are untrusted and ought to execute at a sandbox with access only to some API I expose — essentially like a DSL. Ideally, users compose hooks in Python or even ES6. The code should be executable from runtimes, but from Python.
From my standpoint, I’m looking for this particular workflow:
- Users submits origin code for a hook, and I compile and store
- I recover the compiled code and implement it
- Just happens to the predefined APIs possess side-effects
What technology do you recommend to attain this?
These are the ideas
- Users compose hooks in TypeScript, which can be compiled to WebAssembly using AssemblyScript. No recommendations have been discovered by me on safety the feasibility or overhead of conducting sandboxed WebAssembly in Python.
I check to get imports and system/networking calls in user-submitted code and then eval it. No tips have been discovered by me on which checks are necessary to securely eval Python and/or ES6.