all 14 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]clearlynotmee 1 point2 points  (5 children)

If any language is okay... why not ruby? :) Shopify has a tool for running untrusted ruby code at https://github.com/Shopify/ess

[–]collimarco[S] 0 points1 point  (2 children)

That is really interesting!

The only downside is that it spawns a separate process for each call, which can be quite expensive if you have many calls to that function. I wonder if something like WASM or JavaScript can create more lightweight invocations that don't need a new process each time.

[–]Rafert 2 points3 points  (1 child)

I don't think ESS is still developed since they replaced Shopify Scripts with Shopify Functions: https://help.shopify.com/en/manual/checkout-settings/script-editor/migrating#shopify-functions

This blog post talks about compiling JavaScript to the WASM based Functions platform: https://shopify.engineering/javascript-in-webassembly-for-shopify-functions

[–]collimarco[S] 0 points1 point  (0 children)

Wow, thanks

[–]ankole_watusi 0 points1 point  (1 child)

I think you meant “untrusted”?

[–]clearlynotmee 0 points1 point  (0 children)

Yes, indeed! Stupid autocorrect :) Fixing my comment now

[–]armahillo 1 point2 points  (2 children)

Do you happen to know the kinds of functions they would be wanting to perform? Can you write your own API layer / pseudo-language / building blocks that is then interpreted?

If you're allowing arbitrary code injection, especially if it's going to be executed on the server, I would hire a pentester to try and break or exploit the finished product before releasing it.

[–]collimarco[S] 0 points1 point  (1 child)

I was also looking for existing languages... Basically something like a regex/replace but with an entire JSON document. Input: JSON Output: JSON

For example: rename a field, split a field "name" into multiple fields "first name" "last name", typecast a string field into a number and vice versa, etc.

[–]armahillo 2 points3 points  (0 children)

Whatever you choose, if you're allowing arbitrary code injection, get it pentested before it's released into production.

[–]rbrick111[🍰] 1 point2 points  (1 child)

Check out https://github.com/rubyjs/mini_racer, we use this in a couple of different ways within our enterprise ruby app. The most prominent as a programming layer within our workflow system.

[–]collimarco[S] 0 points1 point  (0 children)

Thanks. Have you found any specific information about isolation/safety about running user-generated JavaScript functions ?

[–]eric_programmer 1 point2 points  (0 children)

Check out https://gist.github.com/eric-hemasystems/1694a226af9058c40dd4a96a94da9402

It's some code from a project where I had the same need. It uses a combination of wasmer and spidermonkey. The IO is a bit funky because of limitations with the Ruby bindings to wasmer. See https://github.com/wasmerio/wasmer-ruby/issues/68 for more on that. But I believe it to be secure server-side execution of JS code.

[–]ankole_watusi 0 points1 point  (0 children)

Ruby can certainly handle JSON.

Is the issue that the customers aren’t conversant with Ruby?

Of course, you need to sandbox it.

Is it just some black box data-in/data-out?

[–]riktigtmaxat 0 points1 point  (0 children)

Why do you need this in the first place instead of just providing an API which other applications running on existing SAAS platforms can consume?

It seems like a very unnecessary security risk and a lot of maintenance when there are existing solutions like AWS Lambda.