Skip to content Skip to sidebar Skip to footer
Home / Javascript / Node.js / Sandbox

Nodejs In Sandbox

Post a Comment
I'm using nodejs as a middle-man between a client browser and the server to handle all the requests. I'm trying to use nodejs as a filter tool and highlight (if not) all malicious

Solution 1:

Have you looked at the inbuild sandbox abilities of node 0.4.6.

var localVar = 123,
    usingscript, evaled,
    vm = require('vm');

usingscript = vm.runInThisContext('localVar = 1;',
  'myfile.vm');
console.log('localVar: ' + localVar + ', usingscript: ' +
  usingscript);
evaled = eval('localVar = 1;');
console.log('localVar: ' + localVar + ', evaled: ' +
  evaled);

// localVar: 123, usingscript: 1// localVar: 1, evaled: 1

Solution 2:

I've never used it, but apparently there's an npm module for this: sandbox:

A nifty javascript sandbox for node.js

Some features

  • Can be used to execute untrusted code.
  • Support for timeouts (e.g. prevent infinite loops)
  • Support for memory errors (and memory errors)
  • Handles errors gracefully
  • Restricted code (cannot access node.js methods)
  • Supports console.log and print utility methods
  • Supports interprocess messaging with the sandboxed code

This is referenced by the bug report on runThisInContext flagging up that it is not secure mentioned by broofa in a comment on another answer saying to use runThisInContext.

You may like these posts

Post a Comment for "Nodejs In Sandbox"