Sandbox where users can create their own code/formulas in web application

Question

Looking for some guidance to point me in the right direction. Our web service is built in Symfony/PHP (however the question might be a bit platform-agnostic).

First let me explain our current setup:

The database contains thousands of datasets. Each dataset contains only date/value pairs, where the value is always a float or integer. Example (dummy data):

Date       | Temperature in London
----------------------------------
10-07-2017 | 28
11-07-2017 | 26


Date       | Is Bank Holiday
----------------------------
10-07-2017 | 1
11-07-2017 | 0


Date       | Population in London
---------------------------------
10-07-2017 | 8788235
11-07-2017 | 8789804

Our service combines those datasets and applies (sometimes complicated) formulas to calculate 'results' based on the data. Basically a functions which receives the required date and the data sources that need to be combined, which then does some calculations and returns the 'result' for that day. A result could for example be "expected # bottles of beer to be sold in Londen", based on the datasets shown above.

The expected bottles of beer to be sold in London, based on three datasets, is now actually a new dataset depending on the three datasets above. We can use this dataset now to calculate new results, like "Total expected alcohol sales".

The Problem:

We would like to give our users the ability to code up their own formulas. Our users work in a niche where basic programming skills are common. What we need is a secure sandbox environment, where people can use a still to be determined programming language (or a custom language?) to write procedural code which allows:

• the use of variables
• Apply some basic mathematical basics: adding, distracting, multiplying, dividing.
• if/else blocks
• ideally being able to create and manipulate arrays
• ideally being able to use loops

Creating an interface where users can select datasets as input & type their code is not a problem. The actual questions we are looking for some guidance :

1. Which programming language should we allow them to use (preferably one which has fast performance and not much more features than the functions listed above), or should we create our own syntax?
2. How do we integrate the custom code in our existing symfony/php web environment, without creating enormous security risks? Executing the calculations fully on the frontend is not an option - we need to store the outcomes of the formulas on the server somehow.
3. How can we safely deal with syntax errors, divisions by zero, etc etc and make sure users don't have access to any other functions than the whitelisted ones of the selected language?

Any thoughts on the best approach to make this feature possible would be highly appreciated, even just pointing in the right direction would help a lot! Many thanks in advance!

Answer 1

I think there are many possible solutions for your problem and selecting the "right one" depends highly on the needs and experiences of your users.

I had a Java project recently where users where able to write scoring functions that evaluate the state of a list of objects. After some search I decided to use Java Nashorn Engine and thus use Javascript as programming language. There is a PHP alternative called V8js that integrates the V8 Javascript Engine. I never used this one, but - reading the documentation - is is very similar to Nashorn.

1. Which programming language should we allow them to use

I think there is no objective reason to choose language X instead of Y. Yet javascript has some advantages for your users. For me, Javascripts functional aspects were the decisive factor.

Advantages:

• You can pass PHP variables to your javascript and vice versa. This is even possible for arrays and objects.

• Javascript is a very popular programming language that may already be known by our users.

• Your users may use different programming paradigms that fit their needs (procedural, functional, object oriented).

• Javascript v8 is very fast as it compiles just-in-time to native machine code.

Disadvantages:

• You need to install the PHP extension v8js and V8 Javascript Engine library (libv8).

2. How do we integrate the custom code in our existing symfony/php web environment, without creating enormous security risks?

You can limit max execution time and maximum memory consumption with this plugin. The javascript also runs in a sandbox. From GitHub readme:

The extension allows you to execute Javascript code in a secure sandbox from PHP. The executed code can be restricted using a time limit and/or memory limit. This provides the possibility to execute untrusted code with confidence.

3. How can we safely deal with syntax errors, divisions by zero, etc etc

Also from readme:

If the JavaScript code throws (without catching), causes errors or doesn't compile, V8JsScriptException exceptions are thrown unless the V8Js object is constructed with report_uncaught_exceptions set FALSE.

I can not see a function-whitelisting feature. But considering it runs in a sandbox I think there is no need for it?