This is an API for running code in different languages, such as Python, Javascript and Ruby. It uses Docker to run the code in a safe environment, avoiding vulnerabilities and security breaches.
- Getting Started
- Testing
- API Reference
- Why Docker? What could go wrong?
- Inspirations and References
- Technologies
- Feedback
Make sure you have Docker e Node.js Installed.
In the project folder, install all dependencies:
npm installPull the docker images, make sure your docker cli works without sudo:
npm run pull-imagesStart the server in development mode, every change in the code will restart the server:
npm run devIn the project folder, install all dependencies:
npm installPull the docker images, make sure your docker CLI works without sudo:
npm run pull-imagesCreate a docker image:
docker build -t code-exec .Run the docker image:
docker run -p 3000:3000 -v /var/run/docker.sock:/var/run/docker.sock --name code-exec code-execFollow the installation steps, then run the following command instead of npm run dev:
npm startTo run the tests, run the following command:
npm testMake sure you have installed all dependencies before running the tests.
POST /run/python| Paramter | Type | Description |
|---|---|---|
code |
string |
Mandatory. |
input |
string |
Optional. stdin separated by \n |
POST /run/javascript| Paramter | Type | Description |
|---|---|---|
code |
string |
Mandatory. |
POST /run/ruby| Paramter | Type | Description |
|---|---|---|
code |
string |
Mandatory. |
input |
string |
Optional. stdin separated by \n |
With the intention of running the user's code safely, it is understood that the user will not be able to have any interaction with the data and files on the server. In this sense, to avoid a vulnerability such as:
import os
os.system('shutdown -f') # shutdown the serveror
while (true) {} // infinite loopor
File.delete('important_file.txt') # delete a fileWith each user request, a container is created (similar to a virtual machine) which closes at the end of the program execution or after 3 seconds, avoiding infinite loops.
Other possible vulnerabilities such as file installation or container exits are escaped by limiting RAM memory and processing. Also, It removes privileges, network and disk writes (even within the container). In this way, a large part of the weaknesses are removed, especially in conjunction with a rate limiter (by IP, by Path, etc), load balancer, a queue system such that the server can run more than one container at a time and other security measures.
If you have any feedback, please reach out at [email protected]
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent