Go Sandbox Service

A containerized service that exposes a gRPC server streaming endpoint for running an arbitrary Go code in a sandbox.

The arbitrary code runs inside multiple sandboxes using isolate.

Sandbox:

• Multiple sandboxes are created to handle concurrent requests. One sandbox serves one request at a time and keeps other requests waiting till the sandbox is available again.
• Network calls / File creation(size) are restricted.
• Files created inside a specific sandbox are not visible to any other sandboxes.
• Sandboxes are cleaned up periodically.

See the full implementation in action: https://goplayground.dev

Running locally

1. Build image

   make build

2. Run gRPC service (server streaming)

   # starts service in localhost:8080
   make run

3. Make RPC call to execute arbitrary code

   You get real-time output from the executing code through the streaming endpoint, mirroring local execution.

   go-sandbox-example.mov

   Request sample:

   session_id can be used to bind a sandbox to a session(execution), e.g for authenticated users. If not provided, the code will run in random sandboxes.

   {
     "code": "package main\n\nimport (\n\t\"fmt\"\n\t\"time\"\n)\n\nfunc main() {\n\tfor i := 0; i < 3; i++ {\n\t\ttime.Sleep(time.Second)\n\t\tfmt.Println(\"Hello\", i)\n\t}\n\n}\n",
     "session_id": "user_1" // optional
   }

   Response Stream:

   Success:

   {
     "output": "Hello",            // stdout/stderr from executed Go code
     "exec_err": "",               // server error
     "is_error": false,            // true for server error
     "timestamp": "1712415917223"  // stdout/err timestamp
   }

   Error:

   {
     "output": "main.go:10:8: undefined: time.Slseep",
     "exec_err": "",
     "is_error": false,
     "timestamp": "1712416529383"
   }