Any experienced folks know if there are any builtins/globals known to be "safe" or "unsafe," at least as of current node? This can help speed up the sandboxing process for an application. Assuming we want to build a generic node web service where we isolate user requests from each other and from the "host."
I believe the default strategy is to keep running workloads, manually adding mocks for each failed standard library function (which allow exactly the specific type of invocation expected and similarly mock all returned values...somehow). But if for instance we know that fs and util should pretty much never be whitelisted, that would speed up the process.
Or for instance if we know that URLSearchParams is a safe global (its return values are also all safe), and http/https/zlib/stream are safe, then that's also helpful. With the caveat that things can change.
Any experienced folks know if there are any builtins/globals known to be "safe" or "unsafe," at least as of current node? This can help speed up the sandboxing process for an application. Assuming we want to build a generic node web service where we isolate user requests from each other and from the "host."
I believe the default strategy is to keep running workloads, manually adding mocks for each failed standard library function (which allow exactly the specific type of invocation expected and similarly mock all returned values...somehow). But if for instance we know that fs and util should pretty much never be whitelisted, that would speed up the process.
Or for instance if we know that URLSearchParams is a safe global (its return values are also all safe), and http/https/zlib/stream are safe, then that's also helpful. With the caveat that things can change.