Comments (10)
Just released 3.0 with a lot of changes. It is now possible to use streams or external libraries inside the sandbox. There is no need for minimal example, just whitelist required modules and you're ready.
from vm2.
@patriksimek Can you take a look at the question again? I'm not sure I understand your answer.
Is it possible for the sandbox to communicate the scope outside of the sandbox? For example using 'pipe' or 'ipc' message options like in node child_process
from vm2.
Yes, in v3, sandboxed script can communicate with anything you allow it to. You don't even need to use ipc, you can just exchange objects, functions, everything...
from vm2.
@patriksimek Thanks. Though I can't see this in the docs. Can you give me a quick example?
I'm trying to 1) start the sandbox, 2) run a function outside the sandbox and 3) return the result back to the sandbox which is waiting for the outer function.
from vm2.
@patriksimek Sorry but I must be missing something obvious. What's the best practice for 'exchanging objects' as you describe?
from vm2.
You can do it like this:
const {VM} = require('.');
const vm = new VM({
sandbox: {
greet: (name) => `Hello ${name}!`
}
});
console.log(vm.run(`greet('world')`));
from vm2.
@patriksimek thanks for your attention on this. But I'm having trouble seeing how to implement "continuous communication" as in the title of this issue. For example how could I asynchronously communicate between two sandboxes?
from vm2.
What exactly continuous communication means for you? You can create a function in one sandbox and pass it to another sandbox so once you call the function from second sandbox, it will call a code in first sandbox.
from vm2.
@patriksimek thanks for the response. I'm looking to have a sandbox call an asnyc function in another sandbox and wait for the callback. I don't want to nest the second sandbox within the first one. I'm not sure what you mean: " so once you call the function from second sandbox, it will call a code in first sandbox." Can you provide a brief example? Thanks again
from vm2.
Example:
const {NodeVM} = require('vm2');
const vm1 = new NodeVM();
const fn = vm1.run(`module.exports = function(callback) { callback(null, 123) }`);
const vm2 = new NodeVM({
sandbox: {
fn
}
});
vm2.run(`fn((err, res) => { console.log(res); })`);
from vm2.
Related Issues (20)
- VM and NodeVM behaves differently on await HOT 3
- Any tips for improving performance of `vm.run()`? HOT 9
- [VM2 Sandbox Escape] Vulnerability in [email protected] HOT 13
- Sandbox Escape in [email protected] HOT 3
- Adding a Security Policy HOT 1
- Modules not loading any more? HOT 16
- Overriding functions of objects from sandbox parameter inside NodeVM HOT 3
- Accessing .buffer property on a Float32Array HOT 8
- Lib memory leak HOT 8
- Hello, is there any way to make the large functions in node equal to those in VM2? Or not isolate large functions? HOT 16
- Usage with NextJS HOT 8
- this.pathResolve is not a function in 3.9.18 HOT 2
- Work in a bundle HOT 3
- Use external modules without filesystem access HOT 1
- Typescript Set transpilation issues
- Node's test runner not available as builtin
- Isolating Imported Modules
- Discontinued HOT 63
- [content removed for the very unfriendly management] HOT 3
- vm2 Sandbox Escape vulnerability (Github Dependabot Issue) HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vm2.