Sandbox filesystem

tshemsedinov · tshemsedinov · commit 29e25fdb78e2 · 2018-03-17T06:43:46.000+02:00
diff --git a/JavaScript/application.js b/JavaScript/application.js
@@ -10,6 +10,14 @@ console.log('From application global context');
 const fs = require('fs');
 console.dir({ fs });
 
+const mkdirp = require('mkdirp');
+console.dir({ mkdirp });
+
+mkdirp('/hello/world', (err) => {
+  if (err) console.error(err);
+  else console.log('pow!');
+});
+
 module.exports = () => {
   // Print from the exported function context
   console.log('From application exported function');
diff --git a/JavaScript/framework.js b/JavaScript/framework.js
@@ -10,50 +10,45 @@ const EXECUTION_TIMEOUT = 5000;
 // The framework can require core libraries
 const fs = require('fs');
 const vm = require('vm');
+const sfs = require('sandboxed-fs');
 
 // Create a hash and turn it into the sandboxed context which will be
 // the global context of an application
 const context = {
-  module: {}, console,
+  module: {},
+  console,
   require: (name) => {
-    if (name === 'fs') {
-      console.log('Module fs is restricted');
-      return null;
-    }
-    return require(name);
+    if (name === 'fs') return sfs.bind('./');
+    let exported = execute('./node_modules/' + name + '/index.js');
+    if (!exported) exported = require(name);
   }
 };
 
 context.global = context;
 const sandbox = vm.createContext(context);
 
-// Read an application source code from the file
-const fileName = './application.js';
-fs.readFile(fileName, (err, src) => {
-  // We need to handle errors here
-
-  // Run an application in sandboxed context
-  let script;
-  try {
-    script = new vm.Script(src, { timeout: PARSING_TIMEOUT });
-  } catch (e) {
-    console.log('Parsing timeout');
-    process.exit(1);
-  }
-
-  try {
-    script.runInNewContext(sandbox, { timeout: EXECUTION_TIMEOUT });
-    const exported = sandbox.module.exports;
-    console.dir({ exported });
-  } catch (e) {
-    console.log('Execution timeout');
-    process.exit(1);
-  }
-
-  // We can access a link to exported interface from sandbox.module.exports
-  // to execute, save to the cache, print to console, etc.
-});
+function execute(fileName) {
+  console.log(fileName);
+  fs.readFile(fileName, (err, src) => {
+    console.log(src);
+    let script;
+    try {
+      script = new vm.Script(src, { timeout: PARSING_TIMEOUT });
+      console.dir({ script });
+    } catch (e) {
+      console.dir(e);
+      process.exit(1);
+    }
+    try {
+      script.runInNewContext(sandbox, { timeout: EXECUTION_TIMEOUT });
+      const exported = sandbox.module.exports;
+      console.dir({ exported });
+      return exported;
+    } catch (e) {
+      console.dir(e);
+      process.exit(1);
+    }
+  });
+}
 
-process.on('uncaughtException', (err) => {
-  console.log('Unhandled exception: ' + err);
-});
+execute('./application.js');
diff --git a/JavaScript/package-lock.json b/JavaScript/package-lock.json
diff --git a/JavaScript/package.json b/JavaScript/package.json
@@ -0,0 +1,12 @@
+{
+  "name": "sandboxing",
+  "version": "0.0.2",
+  "author": "Timur Shemsedinov <timur.shemsedinov@gmail.com>",
+  "license": "MIT",
+  "main": "./framework.js",
+  "dependencies": {
+    "metarhia-common": "^0.0.25",
+    "mkdirp": "^0.5.1",
+    "sandboxed-fs": "^0.3.0"
+  }
+}
