Run untrusted code at Google Cloud Functions -


i'm not whitelisted yet use google cloud functions, have question:

  • http functions have access google cloud context?

i wan't run untrusted javascript code want use function sandbox, user can run simple javascripts.

if understand request correctly, looking have cloud http functions evaluate user-provided javascript code on server side.

by description, real ways function able evaluate user's code using eval or new function(). confirm risks mentioned, created cloud function passes post request body eval. without dependencies, issue http requests on behalf of cloud function quite bad.

given useful cloud functions have "@google-cloud" dependency, user gain access context. able require @google-cloud , information accessible object (application credentials, application information, etc.). having such information available malicious user considerably worse first test. in addition, cloud functions authenticated default, presumably default application credentials, gaining abilities of gcloud client library.

in end, safest way run user-provided code on server within container. lock user's code linux box resources , networking capabilities can entirely governed you. on google cloud platform, you're best means of accomplishing using app engine front-end handle user requests , compute engine vms create , run containers user code. it's more complex doesn't risk destroying google cloud platform project.


Comments

Popular posts from this blog

aws api gateway - SerializationException in posting new Records via Dynamodb Proxy Service in API -

asp.net - Problems sending emails from forum -