Run notebooks inside a Node sandbox (vm module)

it's still not safe at this point, **process** should be removed from the sandbox
propelml · Jun 5, 2018 · 8375cac · 8375cac
1 parent 4ffac95
commit 8375cac
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 6 deletions.
diff --git a/bin/bin.ts b/bin/bin.ts
@@ -21,8 +21,12 @@
  */
 
 import { fork, isMaster } from "cluster";
+import { readFileSync } from "fs";
 import * as opn from "opn";
+import { TextDecoder } from "util";
+import * as vm from "vm";
 import * as WebSocket from "ws";
+import { ClusterRPC } from "../src/rpc";
 import { createHTTPServer } from "./server";
 
 // Constants
@@ -71,5 +75,27 @@ if (isMaster) {
   });
 } else {
   console.log("[%s] Worker started.", process.pid);
-  require("../src/sandbox.ts");
+  const sandboxCode = readFileSync("../build/website/sandbox.js").toString();
+  const clusterRPC = new ClusterRPC(process);
+  // TODO We should not let user to have access to `process`.
+  //  const binding = process.binding('fs');
+  //  binding
+  const sandbox = {
+    require: safeRequire,
+    clusterRPC,
+    TextDecoder,
+    Buffer,
+    process
+  };
+  vm.createContext(sandbox);
+  vm.runInContext(sandboxCode, sandbox);
+}
+
+function safeRequire(moduleName) {
+  const allowedModules = ["url", "http", "https"];
+  if (allowedModules.indexOf(moduleName) < 0) {
+    console.log(moduleName);
+    throw new Error("Calling require is forbidden.");
+  }
+  return require(moduleName);
 }
diff --git a/src/rpc.ts b/src/rpc.ts
@@ -215,7 +215,7 @@ export class WebSocketRPC extends RPCBase {
 }
 
 export class ClusterRPC extends RPCBase {
-  constructor(private process, private calledFromMaster = false) {
+  constructor(private process) {
     super();
   }
 
@@ -229,9 +229,7 @@ export class ClusterRPC extends RPCBase {
 
   start(handlers: RpcHandlers): void {
     super.start(handlers);
-    if (!this.calledFromMaster) {
-      this.process.on("message", this.receive);
-    }
+    this.process.on("message", this.receive);
   }
 
   stop(): void {

diff --git a/src/sandbox.ts b/src/sandbox.ts
@@ -23,6 +23,8 @@ import { ClusterRPC, RPC, WindowRPC } from "./rpc";
 import { describe, InspectorData, InspectorOptions } from "./serializer";
 import { global, globalEval, IS_WEB, URL } from "./util";
 
+declare const clusterRPC: ClusterRPC;
+
 async function fetchText(url: string) {
   const ab = await fetchArrayBuffer(url);
   const enc = new TextDecoder();
@@ -84,7 +86,7 @@ const rpc = function(): RPC {
       .getAttribute("content");
     return new WindowRPC(window.parent, channelId);
   }
-  return new ClusterRPC(process);
+  return clusterRPC;
 }();
 rpc.start({ runCell });