How to check if a function is clean?

Question

How to check if a function is clean?

I am working on react-metaform , and one of my tasks is that I need to allow the end user to define metadata as functions. Example:

socialSecurityNumber.required: (m) => m.type == 'person'

The problem is obvious: I cannot trust the user. So these are the precautions I plan to take:

Custom functions should be a pure function . In the sense that these functions can only access their parameter, nothing more.
Custom functions will be executed in an environment that is resistant to exceptions, too long runtimes, and endless loops. (I'm not worried about it right now).

Question: How can I make sure that a user function only gets access to these parameters and nothing else?

+5

javascript node.js

André pena Oct 13 '15 at 16:17

source share

1 answer

Martin vseticka · Answer 1 · 2015-10-25T18:15:00+0000

I would use esprima to analyze user JavaScript functions that are stored in files or in a database. And I would allow to run only the code that passes the parsing test (only whitelisted features - using local variables, parameters, ...).

You can start with a very simple verification code that allows you to use very limited scripts and gradually improve it. However, I think you will make a lot of efforts to solve over time, because your users will always want more.

Note: Angular.js uses this type of "trick" for its dependent injection: https://jsfiddle.net/987Lwezy/

 function test() { console.log("This is my secret!"); } function parser(f) { document.body.innerHTML = test.toString(); } parser(test);

How to check if a function is clean?

More articles: