Reputation: 2523
scripting language - to execute on the server
I'm looking for a scripting language that would be:
- a scripting language that is embeddable in Java
- actually I mean something that will not be executed as a native code, but interpreted
- secure (users would upload their scripts which would then execute on the server)
- no access to anything outside some 'sandbox', no access to threads, I/O, etc.
- Just flow control + algorithms/data structures (maybe some predefined "classes", like collections) + interaction with explicitly provided API
- it would be possible to limit execution time per script (n seconds or n instructions)
- it is possible if the language is interpreted. For example: replace each instruction with "check if I should execute the next instruction and execute it or quit"
- have simple and readable syntax
The ultimate goal is to be able to run untrusted code which should only be able to use provided API, without breaking anything (like entering infinite loops / consuming too much resources / accessing anything except provided API)
Is there some existing language that I could use?
Upvotes: 1
Views: 198
Answers (2)
Reputation: 718886
First off, I can't think of any language that meets all of those criteria. But it might be helpful to analyse the requirements to understand why:
1) a scripting language that is embeddable in Java
Certainly embeddable scripting languages do exist, though it depends on your definition of a scripting language. Would a simple expression language be a "scripting language"?
2) secure (users would upload their scripts which would then execute on the server)
This is difficult. The problem is ... how can you tell if a language implementation is secure? In simple cases (e.g. a "calculator" language) it is easy, but how would you justify a conclusion that (say) the Rhino Javascript interpreter or JRuby or JPython is secure? (And what does "secure" actually mean?)
Note: if your scripting language allows a script to call Java classes or (shudder) native code, your problem is now roughly equivalent to asking if Java is secure in the face of running arbitrary untrusted code in the JVM. (The answer is NO ... and certainly not while there are unpatched / undiscovered security holes in Java.)
3) it would be possible to limit execution time per script (n seconds or n instructions)
This is theoretically possible, provided that the language has very limited interactions with the Java world. But in the general case you run into the Java "how to safely stop an uncooperative thread" problem ... to which there is no solution in a standard JVM.
A couple of aspects that are difficult to deal with are:
- anything involving threads,
- script-to-Java method calls that take a long time,
- blocking I/O.
(And you also need to consider other "activities" that might disrupt your system; e.g. creating huge data structures, locking objects in the host JVM, or doing things designed to consume system-level resources; e.g. fill up the file system, or drain the system's entropy pool.)
4) have simple and readable syntax
That is something you will need to judge for yourself. (Readability / simplicity cannot be measured objectively ...)
Upvotes: 1
Reputation: 378
Consider the Bean Scripting Framework, which will offer you a choice of different languages.
Upvotes: 1
Related Questions
- Making web server run scripts
- How can I run JavaScript code at server side Java code?
- Client side scripting and Server side scripting languages
- javascript executed from server side in java?
- Java Scripting Interpreter
- Possible for server to run scripts
- Scripting with Server-side Javascript
- Metaprogramming on web server
- how to execute javascript on server-side?
- Scripting language to embed into a Java server application