Sofie Bäverstrand

Study, eat, sleep, repeat

2 minute read

Serverless applications

What is Serverless and Function As A Service (FaaS)?

Serverless is where the server capacity is in the cloud, where the cloud provider takes care of the hardware stuff. This means you use capacity on demand as a service instead of having to maintain capacity you rarely use (Private clouds) or having to identify the need for and manage scaling yourself as you do with IaaS. This means you only use (and pay for) capacity when invoked.

FaaS means you deploy small pieces of code (functions) to the cloud and your cloud provider more or less takes it from there. The function gets triggered from some kind of event (a button gets pressed, a timer or some kind of call for example) and executes its function. Then it goes idle again. This means the function only uses resources (and money) when called upon. Also every event triggers its own instance of the function which means there is no risk of overloading the function itself since several instances of the function can run simultaneously.However, if the function uses third-party applications, like a database for example, there is still the same risk of overloading that. Not being dependent on a specific place or service can cut the down time to close to zero.

Describe your calculator

The calculator is a HTTP-triggered Azure Function of the simplest kind. I installed Azure in VS Code, used a template for a HTTP-triggered function and took it from there. Since the point of the exercise is more about trying to keep a descent level of security rather than analyzing indata, I did not separate the BadRequest-messages.

  • Only works with GET-requests
  • I declared two strings, “first” and “second” from the HttpRequest.Query
  • Performs a TryParse to doubles on the strings
  • If the TryParses succeed, the result is returned with a code 200
  • If the TryParses are unsuccessful, a message is returned with a code 400

To make my function run in Azure I created storage and a Function App from the Azure page with a little help from the steps in the sample script on this Microsoft Docs page. Then I made a CI/CD pipeline with GitHub Actions with the “Deploy Node.js to Azure Web App” template, modified it to match my code and deployed it from there. Again with a little help from Microsoft Docs.

YAML file

When I got green lights from the Actions tab in GitHub I went back to Azure to test my function. From the Dashboard in Azure you can find the Code + Test page. Fill in your parameters and check out the result!

Find the test

Enjoy the output

Which are the security issues with your application?

One issue with an application that receives input data is injection - an attach through the request data. To avoid this I validate the input; I don’t use it as is. If it is anything but numbers my functions returns BadRequest.

Another issue might be exposure of sensitive data. When setting up the CI/CD workflow file I used secrets and environmental settings and tokens provided by both GitHub and Azure, being careful not to expose any usernames, passwords or other keys.

Secrets in YAML

You May Also Enjoy

Scaling can be fishy business

2 minute read

Scaling Vertical vs. Horizontal You could compare scaling with hiring new staff. It all depends on your business and on your needs. If you work with assembl...

Beauty is in the eye of the monitorer

2 minute read

Monitoring The application I have, once again, recycled my complaints app (ClApp). It asks the user to submit a complaint and then redirects the user (if th...

Shared files are twice the files

1 minute read

Files and files My application(s) I made two in one. My goal has been a web app made with Razor Pages from start, but I realized I need to take this one st...