isolate action code

[shazron]

Right now all action code that is run, has access to the host's node environment -- which is the developer's machine. This includes the filesystem, running processes, etc. This will not be representative of a true serverless system which we are simulating.

Explore code isolation via the node vm module: https://nodejs.org/docs/latest-v18.x/api/vm.html Take note that if the code to run uses require we will need to pass in the require loader, which may or may not be secure. In general this should not be a problem since we webpack the code.

Related:

1. https://github.com/node-inspector/node-inspector/issues/284
2. https://www.rocket.chat/blog/node-js-vm
3. https://github.com/laverdet/isolated-vm
4. https://github.com/Richienb/node-polyfill-webpack-plugin (note fs is not in there, since browsers do have this now, but we can easily add the fs fallback in)
5. https://blog.logrocket.com/how-to-protect-your-node-js-applications-from-malicious-dependencies-5f2e60ea08f9/
6. https://github.com/tschaub/mock-fs

[aiojbot]

JIRA issue created: https://jira.corp.adobe.com/browse/ACNA-2980

[shazron]

alternative: https://code.visualstudio.com/docs/containers/debug-node