diff options
| author | Jan Lehnardt <jan@apache.org> | 2013-09-21 16:28:47 +0200 |
|---|---|---|
| committer | Jan Lehnardt <jan@apache.org> | 2013-10-03 17:21:30 +0200 |
| commit | ba6bdae4e3e941c8f815228d5937f35a33deddf7 (patch) | |
| tree | bc35b0f30f73526e1056b9007f76513e70fd1e82 | |
| parent | 12763ee4b51780f793ce213ca2ae7a99da055f2c (diff) | |
| download | couchdb-ba6bdae4e3e941c8f815228d5937f35a33deddf7.tar.gz | |
add sandbox.js
| -rw-r--r-- | NOTICE | 4 | ||||
| -rw-r--r-- | license.skip | 1 | ||||
| -rw-r--r-- | src/couchjs-node/sandbox.js | 40 |
3 files changed, 45 insertions, 0 deletions
@@ -189,3 +189,7 @@ This product also includes the following third-party components: * share/doc/src/templates/couchdb/domainindex.html Copyright 2007-2011 by the Sphinx team + + * sandbox.js https://github.com/KlausTrainer/sandbox.js + + (c) 2013 Klaus Trainer diff --git a/license.skip b/license.skip index d87cc6ce8..43520110d 100644 --- a/license.skip +++ b/license.skip @@ -110,6 +110,7 @@ ^src/couchdb/priv/couchspawnkillable ^src/couchdb/priv/stat_descriptions.cfg ^src/couchjs-node/package.json +^src/couchjs-node/sandbox.js ^src/couchjs-node/README.md ^src/erlang-oauth/.* ^src/couch_dbupdates diff --git a/src/couchjs-node/sandbox.js b/src/couchjs-node/sandbox.js new file mode 100644 index 000000000..cfdff18ae --- /dev/null +++ b/src/couchjs-node/sandbox.js @@ -0,0 +1,40 @@ +// from https://github.com/KlausTrainer/sandbox.js +exports.runInSandbox = function(src, ctx, whitelist) { + var vm = require('vm'), + sandbox; + + if (ctx && ctx.require) { + whitelist = whitelist || []; + var insecureRequire = ctx.require, + module = require("module"), + oldModulePrototype = module.prototype; + + var secureRequire = function(moduleName) { + if (whitelist.indexOf(moduleName) == -1) { + module.prototype = oldModulePrototype; + throw new Error("'" + moduleName + "' is not whitelisted"); + } else { + var requiredModule = insecureRequire(moduleName); + module.prototype = oldModulePrototype; + return requiredModule; + } + }; + + module.prototype = { + require: secureRequire, + load: module.prototype.load, + _compile: module.prototype._compile + }; + + module._cache = {}; + + ctx.require = secureRequire; + sandbox = Object.freeze(vm.createContext(ctx)); + ctx.require = insecureRequire; + } else { + sandbox = Object.freeze(vm.createContext(ctx || {})); + } + + return vm.createScript('(function() {"use strict"; return (' + + src + ')()}())').runInContext(sandbox); +}; |