Rextester - some online tools for anyone who finds them useful. It was started as online .net regex tester.
Regex tester - .net regex tester.
Regex replace - .net regex replacement.
Regex reference - short regex reference.
Diff checker - find difference between two text fragments.
Tools - some offline tools we have to share (one so far).
Run code - online compiling and execution for some languages.
C#, Visual basic, F#
.Net framework v. 4.5 is used. Your code will be given max 5 sec of cpu time and limited memory (~150 Mb). Also your code will run in an appdomain with basic execution, reflection, thread control and web privileges only.
The entry point for you code is given Main method in type Program in namespace Rextester.
This entry point shouldn't be changed.
Types from following assemblies are available:
System.dllSystem.Core.dllSystem.Data.dllSystem.Data.DataSetExtensions.dllSystem.Xml.dllSystem.Xml.Linq.dllSystem.Numerics.dllMicrosoft.CSharp.dll - when C# is usedMicrosoft.VisualBasic.dll - when Visual Basic is usedSystem.Net.dllSystem.Web.dllSystem.ComponentModel.DataAnnotations.dllSystem.ComponentModel.Composition.dllLet us know if you need more.
For F# additional assemblies are included:
FSharp.Core.dllFSharp.Powerpack.dllFSharp.PowerPack.Compatibility.dllFSharp.PowerPack.Linq.dllFSharp.PowerPack.Metadata.dllFSharp.PowerPack.Parallel.Seq.dll
If you found security breaches and can break something in some way - we would appreciate your feedback on this.
Sql Server
Sql Server 2012 Express Edition is used. There is only one database that queries run against. Queries executed on behalf database owner so all sort of actions are allowed including DDL queries.
However, all actions run in transaction which is rolled back immediately after execution is over. This way any desired objects may be built, populated with data and worked on within the scope
of one request. There is 10 seconds limit for work to be completed. Execution of queries is achieved using ado.net mechanisms, in particular SqlDataReader type.
This reader is also monitored for memory and cpu consumption.
'GO' statement just like in transact sql has special meaning: 'GO' will be removed from your code, but statements separated by 'GO' will be executed
separately, in different batches. So, for example, if you want to create a function and later use it in select statement you have to separate create statement and select statement by 'GO',
otherwise you'll receive an error from parser since in select statement you would be reffering to a function which doesn't yet exist.
For convinience there is simple pre-built schema, shown
here.
Java, Python, C, C++ and others
These languages run on linux. For some languages compiler parameters could be supplied. Here are compiler versions (you can always check by
running commands on a server):
Assembly - nasm 2.09.04C++ - g++ 4.7.2 (g++ -Wall -std=c++11 -O2)C - gcc 4.7.2 (gcc -Wall -std=gnu99 -O2)Common Lisp - gnu clisp 2.49Go - go 1.0.2Haskell - ghc 7.4.2Java - Oracle's implementation of Java, compiler version 1.7.0_17 (javac -Xlint -encoding UTF-8 | java -Xmx256m -Dfile.encoding=UTF-8)Javascript - V8 3.12.3Lua - lua 5.0.3Node.js - nodejs 0.10.0Objective-C - gcc 4.7.2 (gcc `gnustep-config --objc-flags` -lobjc -lgnustep-base)Pascal - fpc 2.6.0-6Perl - perl 5.14.2 (perl -w)Php - php 5.4.6Prolog - swi-prolog 5.10.4Python - python 2.7.3Python 3 - python 3.2.3Ruby - ruby 1.9.3 (ruby -w -W1)Scala - scala 2.9.2 (fsc -deprecation -unchecked -encoding UTF-8 | scala -Dfile.encoding=UTF-8)Scheme - guile 1.8.8
Your code will be run on behalf user
'nobody' and group
'nogroup'. Also your code will be executed from Python wrapper which sets various limits to the process. It does so
by using
'setrlimit' system call. You'll have max 5 sec of cpu time, limited memory (~500 Mb) and other restrictions will apply (like no writing permissions). Also your process and all its children will be run in a
newly created process group which will be terminated after 10 seconds from start if still running.
We don't claim that this is secure. In many senses you'll have the power of
'nobody' user. On a bright side, this has some
useful side-effects. The reason why, at least for now,
we leave so many potential security breaches is because it's
hard to make it really secure. What are the options?
- Codepad seems to
'ptrace'
everything and disallow many system calls, for example, 'fork()'. That's pretty restrictive.
- Apparmor - out of everything we tried, this did the job pretty well and it was rather easy to configure. But it doesn't work with OpenVZ virtualization that is used by our server provider.
- SELinux - stopped reading documentation in the middle of it. Too (unnecessarily?) complex.
- Native security mechanisms - like chroot and file permissions. Hard to make it secure this way without breaking the service and the system.
So, if you can take the system down - then be it, but please report how you did this. Your advice on this topic is always
welcome.
Input support
Everything that will be submitted as input will be piped to process via
stdin stream. So your code should consume input as if it came from keyboard.
Live collaboration
Write code so that others see this real-time. Every participant can make changes and see changes made by others.
ShareJS library is used for operational transformations on text.
Credit
Special thanks goes to people behind
CodeMirror,
Edit area,
ShareJS and
Coderev.
Code wall
Code wall as well as
personal code walls - place code on a wall for public display. These entries will be crawled by search engines, so one
possible use is to put there scripts that you may need for easy access later. For example, whenever I need a sql script for searching database definitions I simply search for
'sql definition rextester' and there is my script (it seems that code wall is
crawled better than personal walls, though). It's important that code snippet have a meaningful title.
Feedback - give us feedback. We have implemented almost all requests so far.
Login - once logged in you'll be able to track your saved snippets and more.
