Skip to content

Commit 3a3cf13

Browse files
tshemsedinovtshemsedinov
committed
Add additional injection technique
1 parent 94a9ebb commit 3a3cf13

File tree

2 files changed

+18
-4
lines changed

2 files changed

+18
-4
lines changed

JavaScript/application.js

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,11 +4,14 @@
44
// of a sample application to be executed in the sandboxed context by
55
// another pice of code from `framework.js`. Read README.md for tasks.
66

7+
const fs = require('fs');
8+
const net = require('net');
9+
710
// Print from the global context of application module
811
console.log('From application global context');
9-
10-
const fs = require('fs');
11-
console.dir({ fs });
12+
console.dir({ fs, net }, { depth: 1 });
13+
console.dir({ global }, { depth: 1 });
14+
console.dir({ api }, { depth: 2 });
1215

1316
module.exports = () => {
1417
// Print from the exported function context

JavaScript/framework.js

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,8 @@ const EXECUTION_TIMEOUT = 5000;
1010
// The framework can require core libraries
1111
const fs = require('fs');
1212
const vm = require('vm');
13+
const timers = require('timers');
14+
const events = require('events');
1315

1416
// Create a hash and turn it into the sandboxed context which will be
1517
// the global context of an application
@@ -27,25 +29,34 @@ const context = {
2729
context.global = context;
2830
const sandbox = vm.createContext(context);
2931

32+
// Prepare lambda context injection
33+
const api = { timers, events };
34+
3035
// Read an application source code from the file
3136
const fileName = './application.js';
3237
fs.readFile(fileName, (err, src) => {
3338
// We need to handle errors here
3439

40+
// Wrap source to lambda, inject api
41+
src = `api => { ${src} };`;
42+
3543
// Run an application in sandboxed context
3644
let script;
3745
try {
3846
script = new vm.Script(src, { timeout: PARSING_TIMEOUT });
3947
} catch (e) {
48+
console.dir(e);
4049
console.log('Parsing timeout');
4150
process.exit(1);
4251
}
4352

4453
try {
45-
script.runInNewContext(sandbox, { timeout: EXECUTION_TIMEOUT });
54+
const f = script.runInNewContext(sandbox, { timeout: EXECUTION_TIMEOUT });
55+
f(api);
4656
const exported = sandbox.module.exports;
4757
console.dir({ exported });
4858
} catch (e) {
59+
console.dir(e);
4960
console.log('Execution timeout');
5061
process.exit(1);
5162
}

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy