You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by rn...@apache.org on 2014/07/17 20:01:23 UTC

[07/12] query-server-node commit: updated refs/heads/master to dc16420

add sandbox.js


Project: http://git-wip-us.apache.org/repos/asf/couchdb-query-server-node/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-query-server-node/commit/fddbdf4f
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-query-server-node/tree/fddbdf4f
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-query-server-node/diff/fddbdf4f

Branch: refs/heads/master
Commit: fddbdf4f9489c9044fb6d42e43d8e216978760b6
Parents: 9308071
Author: Jan Lehnardt <ja...@apache.org>
Authored: Sat Sep 21 16:28:47 2013 +0200
Committer: Jan Lehnardt <ja...@apache.org>
Committed: Thu Oct 3 17:21:30 2013 +0200

----------------------------------------------------------------------
 sandbox.js | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-query-server-node/blob/fddbdf4f/sandbox.js
----------------------------------------------------------------------
diff --git a/sandbox.js b/sandbox.js
new file mode 100644
index 0000000..cfdff18
--- /dev/null
+++ b/sandbox.js
@@ -0,0 +1,40 @@
+// from https://github.com/KlausTrainer/sandbox.js
+exports.runInSandbox = function(src, ctx, whitelist) {
+  var vm = require('vm'),
+    sandbox;
+
+  if (ctx && ctx.require) {
+    whitelist = whitelist || [];
+    var insecureRequire = ctx.require,
+      module = require("module"),
+      oldModulePrototype = module.prototype;
+
+    var secureRequire = function(moduleName) {
+      if (whitelist.indexOf(moduleName) == -1) {
+        module.prototype = oldModulePrototype;
+        throw new Error("'" + moduleName + "' is not whitelisted");
+      } else {
+        var requiredModule = insecureRequire(moduleName);
+        module.prototype = oldModulePrototype;
+        return requiredModule;
+      }
+    };
+
+    module.prototype = {
+      require: secureRequire,
+      load: module.prototype.load,
+      _compile: module.prototype._compile
+    };
+
+    module._cache = {};
+
+    ctx.require = secureRequire;
+    sandbox = Object.freeze(vm.createContext(ctx));
+    ctx.require = insecureRequire;
+  } else {
+    sandbox = Object.freeze(vm.createContext(ctx || {}));
+  }
+
+  return vm.createScript('(function() {"use strict"; return ('
+                         + src + ')()}())').runInContext(sandbox);
+};