I'm wondering how one would go about sandboxing user javascript and exposing interfaces without allowing modification of those interfaces? Specifically in a nodejs env. Example:
//public class you can interface (should be immutable)
function InterfaceClass () {
this.x = 0;
thix.y = 0;
}
//executing users code (in a sandbox of some sort)
function userCode () {
//disallow this:
InterfaceClass = function () {
};
//allow this:
var interface = new Interface();
interface.x = 1;
}
The only part of a sandbox that is straightforward to implement is the protection of your interfaces and your own custom Javascript functions.
You can create a situation where there are not any globals of your own that can be modified and the only variables that the user code receives from the outside world are copies.
To do this, put the user code inside a function of your creation (similar to how a node module is loaded) and then pass copies of your API to the user code as arguments to that master function you wrap the user code in (probably passing it an object with properties on the object). Then, all the user code can do is modify the copies, not modify any of the originals so it won't affect any other code.
Using your example:
FYI, the only thing this protects is the redefinition of your own functions. This user code is free to do anything any node.js application could do, start up servers, read/write to the file system, shut down the process, fire up child processes, etc... This is not even close to generally secure. That is a much, much harder problem that probably needs full-on firewalled VMs with their own file system and separate processes and lots of process management to solve. That is not an easy task at all.