I'd like to offer our users the ability to script some things on the server side. (Our app is developer-oriented). I'd like them to be able to call a few functions in our app, create variables, and do basic looping and branching. I want their scripts to be sandboxed, though, so they can't break out and write to the disk or open a network connection or muck with our app's internals. Think of it like a SQL stored procedure: you can interact with the server but not the outside world.
Are there any pre-built scripting languages for the JVM that will do this? I could write my own DSL, but that's a lot of work.
A few years ago I started something like this using Rhino, but it turned out that I couldn't properly sandbox it. Would be happy to use GraalJS, but I can't tell if it's sandboxable. There is some reference to stopping malicious code (https://www.graalvm.org/docs/graalvm-as-a-platform/embed/#reliable-timeouts-for-malicious-code), but it looks like a JS script can still access all kinds of things in the host application.
From: https://www.graalvm.org/truffle/javadoc/org/graalvm/polyglot/Context.html
Each context is by default isolated from all other instances with respect to both language evaluation semantics and resource consumption. By default a new context instance has no access to host resources, like threads, files or loading new host classes. To allow access to such resources either the individual access right must be granted or all access must be set to true.
In short: GraalJS embedded through the PolyglotAPI cannot access any native resources unless explicitly allowed.