0

Basically I need to allow users to submit code to be run periodically server side.

The users should submit simple scripts and I'll run their code server side to determine who came up with a better solution. I created a simple submit form and the code is stored on an SQL database.

I'm obviously worried about safety but I also don't know which language to use. I need an scripting language with an easy syntaxis that let's me limit the number of things users can do (I only need to let them define variables, create functions, use loops and some array and algebraic functions). Maybe even create a pseudolanguage with an easy syntaxis.

So basically:

  1. What language could I use?
  2. How do I run users codes periodically? (only know about cronjobs but I don't know if they will allow for long execution times)
  3. Would it be a good idea to create a pseudolanguage? If it is please point me in the right direction
lisovaccaro
  • 32,502
  • 98
  • 258
  • 410
  • I would say either have some kind of sandbox(chrooted server) so nothing really gets out.. or Parse/interpret the code if its not going complicated stuff – xblitz Feb 16 '13 at 00:12
  • take a look here http://stackoverflow.com/questions/4091887/how-would-you-go-about-writing-a-simple-programming-language – Seder Feb 16 '13 at 00:13
  • You should specify the context of the situation - in some situations it would be best to create own scripting language limited by its commands. Under different circumstances, I'd use some virtual enviroment. – Tomáš Zato Feb 16 '13 at 00:14
  • http://stackoverflow.com/questions/3008375/how-to-start-writing-a-very-simple-programming-language – Seder Feb 16 '13 at 00:15
  • Hey I tried to detail what I wanted to allow users to do, the language should be really limited, I only want them to be able to define variables, do math, comparisons, loops, define functions and allow a few functions to handle arrays. – lisovaccaro Feb 21 '13 at 02:22
  • @xblitz are you recommending to create a simple language and interpret it? how should i approach this? I'm thinking about taking this path – lisovaccaro Feb 21 '13 at 02:24
  • scripting is sometimes done in [Lua](http://www.lua.org/) – Walter Tross Feb 23 '13 at 20:10
  • @Liso22 Yes that is my second suggestion, but I think this can become complicated.. but would definitely work. – xblitz Feb 23 '13 at 22:24

3 Answers3

1
  1. What language: Well, you could use any language, just make sure you have minimal permissions. A scripting language like Ruby or Python would be easier though.

If this task would fall on my lap I'd look into pythons virtualenv so that i have an environment that is isolated. Then obviously I'd make really sure about the permissions of the script running the uploaded programs.

This also means that you could set up a python environment for each user using this service.

  1. Well yeah, cron works.

  2. Indeed, but the scope for a good answer doesn't really fit here. But google DSL or Domain Specific Language and you're sure to find some tutorials.

Daniel Figueroa
  • 10,348
  • 5
  • 44
  • 66
0

If you're targeting PHP specifically you can use the runkit extension - specifically created to run user-supplied PHP code:

http://www.php.net/manual/en/intro.runkit.php

There's also a newer runkit project available (though you'll have to compile it manually):

https://github.com/zenovich/runkit/

leepowers
  • 37,828
  • 23
  • 98
  • 129
0

Q1. What language could I use?

A1. Pretty much any. Because compliers would add to the complexity of the system, an interpreted (or JIT-compiled) language would be preferable.

Q2. How do I run users codes periodically? (only know about cronjobs but I don't know if they will allow for long execution times)

A2. cron jobs are probably the way to go. It doesn't care about execution times. However that means it is your job to make sure you only restart a job if the prior run has finished (assuming that is what you'd like it to do)

Q3. Would it be a good idea to create a pseudolanguage? If it is please point me in the right direction

A3. Inventing the wheel rarely is a good idea. You could do this, but there is reasonable doubt that it is necessary and/or advisable.

My personal pointer would go towards JavaScript as scripting language - since it is so widespread there are tons of tools and documentation around. So you might want to look at Node.js and this sandboxing model to run it server-side.

Hazzit
  • 6,782
  • 1
  • 27
  • 46