Skip to content
This repository has been archived by the owner on Jan 1, 2025. It is now read-only.

NodeVM: child require calls contexified causing problems with parent modules being loaded in sandbox #127

Closed
tcf909 opened this issue Apr 8, 2018 · 1 comment
Closed

NodeVM: child require calls contexified causing problems with parent modules being loaded in sandbox #127

tcf909 opened this issue Apr 8, 2018 · 1 comment
Labels
stale

Comments

@tcf909
Copy link

tcf909 commented Apr 8, 2018
edited
Loading

Hello,

I'm working to use require in sandbox mode but what I'm finding is that if one module requires another module they are contextified to the point the original module may have a problem using it. Example:

//This is a simplified example from the popular jws module (data-stream.js)
var Stream = require('stream');
var util = require('util');

function DataStream(data) {
//(whatever in here)
}

util.inherits(DataStream, Stream);

DataStream.prototype.write = function write(data) {
  this.buffer = Buffer.concat([this.buffer, Buffer.from(data)]);
  this.emit('data', data);
};

I understand that if the module were to build its class (write to prototype) before extending the child required module everything would be fine. But this highlights one of many problems I'm running in to with child require calls.

let requireParentVm = new NodeVM({
						sandbox: {},
						console: 'off', //TODO: make this redirect and capture console.log events for user
						require: {
							external: true,
							builtin: ['buffer', 'stream', 'util' ],
							root: '/tmp/node_modules',
							mock: {},
							context: 'sandbox'
						},
						nesting: false,
						wrapper: 'commonjs' });

requireParentVm.run(`module.exports = {}; module.exports['jws'] = require('jws');`) // <-- throws with set on proxy: trap returned falsish

It would be nice if sub require calls brought the module in to the same context as the already contexified original require call without all the proxies (since the context its running in will already proxy any results).

I've tried to nest vms as well, but did not have any luck.

Maybe I'm missing something?

My goal is to require a bunch of modules (and their dependencies) in a protected way (keeping them from interacting with global, but having them each share each others context).

Thanks
@tcf909 tcf909 mentioned this issue Apr 8, 2018
Closed
@stale
Copy link

stale bot commented Jan 26, 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Jan 26, 2019
@stale stale bot closed this as completed Feb 3, 2019
@jonasgheer jonasgheer mentioned this issue Oct 7, 2023
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tcf909