[ECO-637] Implement a safe way to run untrusted user code inside a Forge app

Type: Suggestion
Resolution: Unresolved
Component/s: Forge - App Code Execution
Labels:
None

Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

Issue Summary

The Forge sandbox runtime creates a separate execution environment for each request, while the current Native Node.js runtime keeps the Node environment between invocations.

Forge apps that let users run scripts in the context of the app could use per-execution isolation to ensure scripts did not have access to the data of other tenants. (Note that this is unsafe: without preventive measures, a script could effectively take full control of the whole app, if only for the duration of the request.) However, these apps will not have this isolation on the current runtime.

Configuring an app with users’ scripts is a useful feature. This suggestion is to have a way to execute untrusted scripts isolated between different tenants and from the app itself.

There are no comments yet on this issue.

Assignee:: Alexey Kotlyarov

Reporter:: Gabriel Dias

Votes:: 8 Vote for this issue

Watchers:: 11 Start watching this issue

Created:: 29/Jan/2025 1:31 PM

Updated:: 05/Feb/2025 10:29 PM

Atlassian Ecosystem

Details

Description

Issue Summary

Attachments

Forms

Activity

People

Dates