xaqt (ɛksəkjuti) is a Docker based sandbox to run untrusted code and return the output to your app. Users can submit their code in any of the supported languages. The system will test the code in an isolated environment. This way you do not have to worry about untrusted code possibly damaging your server intentionally or unintentionally.
A client submits their code and a languageID to the API. The API then creates a new Docker container and runs the code using the compiler/interpreter of that language. The program runs inside a virtual machine with limited resources and has a time-limit for execution (20s by default). Once the output is ready it is returned as a result of the API request. The Docker container is destroyed and all the files are deleted from the server.
No two coders have access to each other’s Docker or files.
If running on OS X, ensure that the command gtimeout is installed, commonly via brew install coreutils.
- Install docker as appropriate for your platform.
- Run
docker pull frenata/xaqt-sandboxin project root.
- Install the Go toolchain as appropriate for your platform.
- Run
go get github.com/frenata/xaqt/...
- Set the desired port for xaqt via the environment variable
XAQT_PORT. - From project root, run
xaqt.
Included with the xaqt library is a simple REST api server. Two endpoints are exposed by the running server:
- GET
/languages/: This will return a JSON list with the available target languages. - POST
/evaluate/: This evaluates code, encoded in a JSON body of the following form:
{
"language": "python",
"stdins": ["1","2"],
"code": "import sys\nprint(sys.stdin.read())"
}
Returned is a JSON object that reports success or failure of evaluation, and for each element of stdins, what the code has printed to stdout for that element.
we currently use govendor as our vendoring tool for external dependencies.