You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by rn...@apache.org on 2014/07/17 20:01:23 UTC
[07/12] query-server-node commit: updated refs/heads/master to dc16420
add sandbox.js
Project: http://git-wip-us.apache.org/repos/asf/couchdb-query-server-node/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-query-server-node/commit/fddbdf4f
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-query-server-node/tree/fddbdf4f
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-query-server-node/diff/fddbdf4f
Branch: refs/heads/master
Commit: fddbdf4f9489c9044fb6d42e43d8e216978760b6
Parents: 9308071
Author: Jan Lehnardt <ja...@apache.org>
Authored: Sat Sep 21 16:28:47 2013 +0200
Committer: Jan Lehnardt <ja...@apache.org>
Committed: Thu Oct 3 17:21:30 2013 +0200
----------------------------------------------------------------------
sandbox.js | 40 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 40 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb-query-server-node/blob/fddbdf4f/sandbox.js
----------------------------------------------------------------------
diff --git a/sandbox.js b/sandbox.js
new file mode 100644
index 0000000..cfdff18
--- /dev/null
+++ b/sandbox.js
@@ -0,0 +1,40 @@
+// from https://github.com/KlausTrainer/sandbox.js
+exports.runInSandbox = function(src, ctx, whitelist) {
+ var vm = require('vm'),
+ sandbox;
+
+ if (ctx && ctx.require) {
+ whitelist = whitelist || [];
+ var insecureRequire = ctx.require,
+ module = require("module"),
+ oldModulePrototype = module.prototype;
+
+ var secureRequire = function(moduleName) {
+ if (whitelist.indexOf(moduleName) == -1) {
+ module.prototype = oldModulePrototype;
+ throw new Error("'" + moduleName + "' is not whitelisted");
+ } else {
+ var requiredModule = insecureRequire(moduleName);
+ module.prototype = oldModulePrototype;
+ return requiredModule;
+ }
+ };
+
+ module.prototype = {
+ require: secureRequire,
+ load: module.prototype.load,
+ _compile: module.prototype._compile
+ };
+
+ module._cache = {};
+
+ ctx.require = secureRequire;
+ sandbox = Object.freeze(vm.createContext(ctx));
+ ctx.require = insecureRequire;
+ } else {
+ sandbox = Object.freeze(vm.createContext(ctx || {}));
+ }
+
+ return vm.createScript('(function() {"use strict"; return ('
+ + src + ')()}())').runInContext(sandbox);
+};