From 1b93bcde32f4b4a5c756d456509f885bc1127555 Mon Sep 17 00:00:00 2001 From: Charlike Mike Reagent Date: Thu, 7 Jun 2018 00:41:46 +0300 Subject: [PATCH 1/2] implement sandboxing for js tasks Signed-off-by: Charlike Mike Reagent --- lib/index.js | 39 ++++++++++++++++++++++++++------------- lib/runJavaScript.js | 44 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 70 insertions(+), 13 deletions(-) create mode 100644 lib/runJavaScript.js diff --git a/lib/index.js b/lib/index.js index 0c6b358..a356e69 100644 --- a/lib/index.js +++ b/lib/index.js @@ -1,7 +1,7 @@ const path = require('path') const chalk = require('chalk') const mm = require('micromatch') -const requireFromString = require('require-from-string') +const runJavaScript = require('./runJavaScript') const logger = require('./logger') const readMaidFile = require('./readMaidFile') const MaidError = require('./MaidError') @@ -69,18 +69,31 @@ class Maid { return runCLICommand({ type: 'python', task, resolve, reject }) } if (checkTypes(task, ['js', 'javascript'])) { - let res - try { - res = requireFromString(task.script, this.maidfile.filepath) - } catch (err) { - return handleError(err) - } - res = res.default || res - return resolve( - typeof res === 'function' - ? Promise.resolve(res()).catch(handleError) - : res - ) + runJavaScript(task.script, this.maidfile.filepath) + .then(result => { + result = (result && result.default) || result + + // if code fence module.exports a function (even async one) + // we call it and passing it with `task` object - it may be useful + return typeof result === 'function' ? result(task) : result + }) + .then(resolve) + .catch(handleError) + + return + + // let res + // try { + // res = await runJavaScript(task.script, this.maidfile.filepath) + // } catch (err) { + // return handleError(err) + // } + // res = res.default || res + // return resolve( + // typeof res === 'function' + // ? Promise.resolve(res()).catch(handleError) + // : res + // ) } return resolve() diff --git a/lib/runJavaScript.js b/lib/runJavaScript.js new file mode 100644 index 0000000..fb459ce --- /dev/null +++ b/lib/runJavaScript.js @@ -0,0 +1,44 @@ +const vm = require('vm') + +/** + * Example + * + * ```js + * runJavaScript(`var bar = 123; if (bar) console.log(bar + 5)`) + * .then(() => { + * console.log('done') + * }) + * .catch(console.error) + * ``` + */ + +const runJavaScript = (content, filepath) => { + const run = vm.runInNewContext( + `(() => new Promise((____resolve) => { + ____resolve(${content}); +}))`, + { + global: global, + process: process, + require: require, + console: console, + exports: exports, + module: module + }, + filepath + ) + + return run() +} + +// +// runJavaScript( +// `module.exports = async () => process.env.NODE_ENV`, +// 'lib/loadFile.js' +// ) +// .then(fn => { +// console.log('done', fn()) +// }) +// .catch(console.error) + +module.exports = runJavaScript From 3688cdfc1afbcbe070f08b6aa55975db0508e030 Mon Sep 17 00:00:00 2001 From: Charlike Mike Reagent Date: Thu, 7 Jun 2018 00:48:30 +0300 Subject: [PATCH 2/2] cleanup some things Signed-off-by: Charlike Mike Reagent --- lib/index.js | 19 ++++--------------- lib/runJavaScript.js | 1 + package.json | 1 - yarn.lock | 4 ---- 4 files changed, 5 insertions(+), 20 deletions(-) diff --git a/lib/index.js b/lib/index.js index a356e69..b32f513 100644 --- a/lib/index.js +++ b/lib/index.js @@ -63,10 +63,12 @@ class Maid { throw new MaidError(`Task '${task.name}' failed.\n${err.stack}`) } if (checkTypes(task, ['sh', 'bash'])) { - return runCLICommand({ task, resolve, reject }) + runCLICommand({ task, resolve, reject }) + return } if (checkTypes(task, ['py', 'python'])) { - return runCLICommand({ type: 'python', task, resolve, reject }) + runCLICommand({ type: 'python', task, resolve, reject }) + return } if (checkTypes(task, ['js', 'javascript'])) { runJavaScript(task.script, this.maidfile.filepath) @@ -81,19 +83,6 @@ class Maid { .catch(handleError) return - - // let res - // try { - // res = await runJavaScript(task.script, this.maidfile.filepath) - // } catch (err) { - // return handleError(err) - // } - // res = res.default || res - // return resolve( - // typeof res === 'function' - // ? Promise.resolve(res()).catch(handleError) - // : res - // ) } return resolve() diff --git a/lib/runJavaScript.js b/lib/runJavaScript.js index fb459ce..edbdcf6 100644 --- a/lib/runJavaScript.js +++ b/lib/runJavaScript.js @@ -31,6 +31,7 @@ const runJavaScript = (content, filepath) => { return run() } +// Example // // runJavaScript( // `module.exports = async () => process.env.NODE_ENV`, diff --git a/package.json b/package.json index db03732..0352092 100644 --- a/package.json +++ b/package.json @@ -26,7 +26,6 @@ "joycon": "^1.0.4", "markdown-it": "^8.4.1", "micromatch": "^3.1.10", - "require-from-string": "^2.0.2", "rexrex": "^1.2.0" }, "devDependencies": { diff --git a/yarn.lock b/yarn.lock index c61f5c4..3bce8bf 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3496,10 +3496,6 @@ replace-ext@1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/replace-ext/-/replace-ext-1.0.0.tgz#de63128373fcbf7c3ccfa4de5a480c45a67958eb" -require-from-string@^2.0.2: - version "2.0.2" - resolved "https://registry.yarnpkg.com/require-from-string/-/require-from-string-2.0.2.tgz#89a7fdd938261267318eafe14f9c32e598c36909" - require-precompiled@^0.1.0: version "0.1.0" resolved "https://registry.yarnpkg.com/require-precompiled/-/require-precompiled-0.1.0.tgz#5a1b52eb70ebed43eb982e974c85ab59571e56fa"