API For Code Execution

README in portuguese

This is an API for running code in different languages, such as Python, Javascript and Ruby. It uses Docker to run the code in a safe environment, avoiding vulnerabilities and security breaches.

Table of Contents

• Getting Started
  • Pre requisites
  • Installation
  • Run with docker
  • Run in production
• Testing
• API Reference
  • Returns python code output
  • Returns javacript code output
  • Returns ruby code output
• Why Docker? What could go wrong?
• Inspirations and References
• Technologies
• Feedback

Getting Started

Pre requisites

Make sure you have Docker e Node.js Installed.

Installation

In the project folder, install all dependencies:

  npm install

Pull the docker images, make sure your docker cli works without sudo:

  npm run pull-images

Start the server in development mode, every change in the code will restart the server:

  npm run dev

Run with docker

In the project folder, install all dependencies:

  npm install

Pull the docker images, make sure your docker CLI works without sudo:

  npm run pull-images

Create a docker image:

  docker build -t code-exec .

Run the docker image:

  docker run -p 3000:3000 -v /var/run/docker.sock:/var/run/docker.sock --name code-exec code-exec

Run in production

Follow the installation steps, then run the following command instead of npm run dev:

  npm start

Testing

To run the tests, run the following command:

  npm test

Make sure you have installed all dependencies before running the tests.

API Reference

Returns python code output

  POST /run/python

Paramter	Type	Description
code	string	Mandatory.
input	string	Optional. stdin separated by \n

Returns javacript code output

  POST /run/javascript

Paramter	Type	Description
code	string	Mandatory.

Returns ruby code output

  POST /run/ruby

Paramter	Type	Description
code	string	Mandatory.
input	string	Optional. stdin separated by \n

Why Docker? What could go wrong?

With the intention of running the user's code safely, it is understood that the user will not be able to have any interaction with the data and files on the server. In this sense, to avoid a vulnerability such as:

import os
os.system('shutdown -f') # shutdown the server

or

while (true) {} // infinite loop

or

File.delete('important_file.txt') # delete a file

With each user request, a container is created (similar to a virtual machine) which closes at the end of the program execution or after 3 seconds, avoiding infinite loops.

Other possible vulnerabilities such as file installation or container exits are escaped by limiting RAM memory and processing. Also, It removes privileges, network and disk writes (even within the container). In this way, a large part of the weaknesses are removed, especially in conjunction with a rate limiter (by IP, by Path, etc), load balancer, a queue system such that the server can run more than one container at a time and other security measures.

Inspirations and References

• Tim Nolet - @FreeCodeCamp
• Codex API - Jaagrav

Technologies

• Docker
• Typescript
• Node.js
• Express
• Vitest

Feedback

If you have any feedback, please reach out at marcelorissette15@gmail.com