Evaluate #Javascript in the cloud with #AWS #Lambda
TL;DR;
https://rapidapi.com/dananos/api/evaluate-javascript
Evaluating Javascript on the server side is a bit of an unusual ask, but perhaps you have an application that you’d like to be highly user-configurable, like you want to support fields that are supplied as complex mathematical formulae, or with complex if/else conditions.
Now, this opens a Pandora’s box of problems. What happens if someone writes malicious or simply bad code that could potentially damage or expose private data on your server, in which case, it’s good to run this in an isolated environment like Lambda (Running under a least-privilege IAM Role)
So, I first create a super simple lambda function as follows
exports.handler = async (event) => {
const response = {
statusCode: 200,
body: JSON.stringify(eval(event.body)),
};
return response;
};And then create an API gateway as a Trigger, which means that I can now evaluate Javascript on the server side, using a CURL command as follows;
curl -X POST "https://xxxxxx.execute-api.eu-west-1.amazonaws.com/eval" -d "1+5" -H "Content-Type: application/json"Where xxxx is dynamically assigned during the API gateway setup, and eval was the name of my Lambda function
The result of “1+5” is returned as “6” in the response.
Now, be aware, that the inner workings of your lambda can be exposed by executing Javascript like “process.env”, but as long as the Lambda itself has little permissions, then the damage it can do is limited also. Also, the running time and memory limits are capped, so it is unlikely to cost much.
