Limit access to dependencies and modules when running Code.eval_quoted_with_env

Hi everyone, I’m developing a project where I will allow users to dynamically edit and execute code. I was wondering if there is any way to limit what the user can do and access. Something like livebook do.

At the moment, the basic implementation I’m using is this:

code = "\"Hello \#{input}\""
quoted = Code.string_to_quoted!(code)
env = Code.env_for_eval([])
binding = [input: "Name"]
{value, _binding, _env} =  Code.eval_quoted_with_env(quoted, binding, env, prune_binding: true)

For example, I don’t want users to have access to my application’s modules as Ecto. I need a way to limit the user’s environment and allow him to install dependencies and use only the library installed by him.

I don’t believe Code has utilities for running things in a sandbox.

I’m not an expert in this, but I believe the best practice for these sorts of things is to run the code in a fully sandboxed environment, e.g. a container that you can spin up explicitly for this purpose that is configured with limited resources, no Internet connection, etc.


If you need only templating, I would strongly recommend using a templating engine (like mustache), as code generation at runtime is dangerous (access to the system is not the only danger) , there are few other solutions if you need code though:

  1. using a sandboxed environment like luerl, of course the scripts have to be written in lua, this is fully safe and you have full control over the sandbox;
  2. if you want specifically to write only elixir, there is Dune, in this case you will lose a part of the language functionality and it is not fully secure, I would avoid using this if your system is exposed to the internet to be accessed by random users, as there might be ways to ddos the system;.
1 Like

A ideia é construir algo como o Livebook, para gerar fluxos de trabalho para rodar dentro da empresa, mas a ideia principal é transformar isso em um projeto OpenSource.
Seria uma alternativa ao Zapier, n8n, node-red.

I already start the project:

@josevalim do you have any suggestion?