summaryrefslogtreecommitdiff
path: root/src/couchjs-node/sandbox.js
blob: 5c18ef48a39c7992cfcf17b8a287f276c819ca55 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
// from https://github.com/KlausTrainer/sandbox.js
exports.runInSandbox = function(src, ctx, whitelist) {
  var vm = require('vm');
  var sandbox;

  if (ctx && ctx.require) {

    whitelist = whitelist || [];

    var insecureRequire = ctx.require;
    var module = require('module');
    var oldModulePrototype = module.prototype;

    var secureRequire = function(moduleName) {

      if (whitelist.indexOf(moduleName) === -1) {
        module.prototype = oldModulePrototype;

        throw new Error("'" + moduleName + "' is not whitelisted");

      } else {
        var requiredModule = insecureRequire(moduleName);

        module.prototype = oldModulePrototype;

        return requiredModule;
      }
    };

    module.prototype = {
      require: secureRequire,
      load: module.prototype.load,
      _compile: module.prototype._compile
    };

    module._cache = {};

    ctx.require = secureRequire;
    sandbox = Object.freeze(vm.createContext(ctx));
    ctx.require = insecureRequire;

  } else {
    sandbox = Object.freeze(vm.createContext(ctx || {}));
  }

  return vm.createScript('(function() {"use strict"; return (' + src + ')()}())').runInContext(sandbox);
};