vm2 - npm Package Compare versions

Comparing version 0.2.2 to 0.2.3

Cakefile

lib/cli.js

		@@ -1,3 +0,3 @@
		// Generated by CoffeeScript 1.9.0
		var NodeVM, VMError, ex, fs, pa, path, stack, started, _ref;
		// Generated by CoffeeScript 1.10.0
		var NodeVM, VMError, error, ex, fs, pa, path, ref, stack, started;

		@@ -8,3 +8,3 @@ fs = require('fs');

		_ref = require('../'), NodeVM = _ref.NodeVM, VMError = _ref.VMError;
		ref = require('../'), NodeVM = ref.NodeVM, VMError = ref.VMError;

		@@ -22,4 +22,4 @@ if (process.argv[2]) {
		console.log("\x1B[90m[vm] VM created in " + (Date.now() - started) + "ms\x1B[39m");
		} catch (_error) {
		ex = _error;
		} catch (error) {
		ex = error;
		if (ex instanceof VMError) {
		@@ -26,0 +26,0 @@ console.error("\x1B[31m[vm:error] " + ex.message + "\x1B[39m");

lib/contextify.js

		@@ -1,2 +0,2 @@
		// Generated by CoffeeScript 1.9.0
		// Generated by CoffeeScript 1.10.0
		var contextify, global;
		@@ -18,3 +18,3 @@
		'use strict';
		var i, k, o, ut, v;
		var desc, i, j, key, len, o, ref, ut;
		ut = require('util');
		@@ -31,9 +31,9 @@ switch (typeof value) {
		o = (function() {
		var _i, _len, _results;
		_results = [];
		for (_i = 0, _len = value.length; _i < _len; _i++) {
		i = value[_i];
		_results.push(contextify(i));
		var j, len, results;
		results = [];
		for (j = 0, len = value.length; j < len; j++) {
		i = value[j];
		results.push(contextify(i));
		}
		return _results;
		return results;
		})();
		@@ -51,5 +51,16 @@ } else if (ut.isRegExp(value)) {
		o = {};
		for (k in value) {
		v = value[k];
		o[k] = contextify(v);
		ref = Object.getOwnPropertyNames(value);
		for (j = 0, len = ref.length; j < len; j++) {
		key = ref[j];
		desc = Object.getOwnPropertyDescriptor(value, key);
		if (desc.value != null) {
		desc.value = contextify(desc.value);
		}
		if (desc.get != null) {
		desc.get = contextify(desc.get);
		}
		if (desc.set != null) {
		desc.set = contextify(desc.set);
		}
		Object.defineProperty(o, key, desc);
		}
		@@ -56,0 +67,0 @@ }

lib/main.js

		@@ -1,6 +0,6 @@
		// Generated by CoffeeScript 1.9.0
		var AVAILABLE_NATIVE_MODULES, EventEmitter, NodeVM, VM, VMError, cf, fs, pa, sb, ut, version, vm, _compileToJS, _prepareContextify,
		__extends = function(child, parent) { for (var key in parent) { if (__hasProp.call(parent, key)) child[key] = parent[key]; } function ctor() { this.constructor = child; } ctor.prototype = parent.prototype; child.prototype = new ctor(); child.__super__ = parent.prototype; return child; },
		__hasProp = {}.hasOwnProperty,
		__indexOf = [].indexOf \|\| function(item) { for (var i = 0, l = this.length; i < l; i++) { if (i in this && this[i] === item) return i; } return -1; };
		// Generated by CoffeeScript 1.10.0
		var AVAILABLE_NATIVE_MODULES, EventEmitter, NodeVM, VM, VMError, _compileToJS, _prepareContextify, cf, fs, pa, sb, ut, version, vm,
		extend = function(child, parent) { for (var key in parent) { if (hasProp.call(parent, key)) child[key] = parent[key]; } function ctor() { this.constructor = child; } ctor.prototype = parent.prototype; child.prototype = new ctor(); child.__super__ = parent.prototype; return child; },
		hasProp = {}.hasOwnProperty,
		indexOf = [].indexOf \|\| function(item) { for (var i = 0, l = this.length; i < l; i++) { if (i in this && this[i] === item) return i; } return -1; };

		@@ -27,3 +27,3 @@ version = process.versions.node.split('.');

		AVAILABLE_NATIVE_MODULES = ['assert', 'buffer', 'child_process', 'crypto', 'tls', 'dgram', 'dns', 'http', 'https', 'net', 'querystring', 'url', 'domain', 'events', 'fs', 'path', 'os', 'stream', 'string_decoder', 'timers', 'tty', 'util', 'sys', 'vm', 'zlib'];
		AVAILABLE_NATIVE_MODULES = ['assert', 'buffer', 'child_process', 'constants', 'crypto', 'tls', 'dgram', 'dns', 'http', 'https', 'net', 'querystring', 'url', 'domain', 'events', 'fs', 'path', 'os', 'stream', 'string_decoder', 'timers', 'tty', 'util', 'sys', 'vm', 'zlib'];

		@@ -41,3 +41,3 @@
		_prepareContextify = function(value) {
		var i, k, o, v;
		var desc, i, j, key, len, o, ref;
		if (typeof value === 'object') {
		@@ -58,9 +58,9 @@ if (value === null) {
		return (function() {
		var _i, _len, _results;
		_results = [];
		for (_i = 0, _len = value.length; _i < _len; _i++) {
		i = value[_i];
		_results.push(_prepareContextify(i));
		var j, len, results;
		results = [];
		for (j = 0, len = value.length; j < len; j++) {
		i = value[j];
		results.push(_prepareContextify(i));
		}
		return _results;
		return results;
		})();
		@@ -81,5 +81,10 @@ }
		o = {};
		for (k in value) {
		v = value[k];
		o[k] = _prepareContextify(v);
		ref = Object.getOwnPropertyNames(value);
		for (j = 0, len = ref.length; j < len; j++) {
		key = ref[j];
		desc = Object.getOwnPropertyDescriptor(value, key);
		if (desc.value != null) {
		desc.value = _prepareContextify(desc.value);
		}
		Object.defineProperty(o, key, desc);
		}
		@@ -121,4 +126,4 @@ return o;

		VM = (function(_super) {
		__extends(VM, _super);
		VM = (function(superClass) {
		extend(VM, superClass);

		@@ -140,3 +145,3 @@ VM.prototype.running = false;
		function VM(options) {
		var _ref, _ref1, _ref2;
		var ref, ref1, ref2;
		if (options == null) {
		@@ -146,5 +151,5 @@ options = {};
		this.options = {
		timeout: (_ref = options.timeout) != null ? _ref : void 0,
		sandbox: (_ref1 = options.sandbox) != null ? _ref1 : null,
		language: (_ref2 = options.language) != null ? _ref2 : 'javascript'
		timeout: (ref = options.timeout) != null ? ref : void 0,
		sandbox: (ref1 = options.sandbox) != null ? ref1 : null,
		language: (ref2 = options.language) != null ? ref2 : 'javascript'
		};
		@@ -163,3 +168,3 @@ }
		'use strict';
		var contextify, name, script, value, _ref;
		var contextify, name, ref, script, value;
		if (this.options.language !== 'javascript') {
		@@ -188,5 +193,5 @@ code = _compileToJS(code, this.options.language);
		}
		_ref = this.options.sandbox;
		for (name in _ref) {
		value = _ref[name];
		ref = this.options.sandbox;
		for (name in ref) {
		value = ref[name];
		contextify(_prepareContextify(value), name);
		@@ -221,4 +226,4 @@ }

		NodeVM = (function(_super) {
		__extends(NodeVM, _super);
		NodeVM = (function(superClass) {
		extend(NodeVM, superClass);

		@@ -244,3 +249,3 @@ NodeVM.prototype.cache = null;
		function NodeVM(options) {
		var mod, _i, _j, _len, _len1, _ref, _ref1, _ref2, _ref3, _ref4, _ref5;
		var j, k, len, len1, mod, ref, ref1, ref2, ref3, ref4, ref5;
		if (options == null) {
		@@ -251,7 +256,7 @@ options = {};
		this.options = {
		sandbox: (_ref = options.sandbox) != null ? _ref : null,
		console: (_ref1 = options.console) != null ? _ref1 : 'inherit',
		require: (_ref2 = options.require) != null ? _ref2 : false,
		language: (_ref3 = options.language) != null ? _ref3 : 'javascript',
		requireExternal: (_ref4 = options.requireExternal) != null ? _ref4 : false,
		sandbox: (ref = options.sandbox) != null ? ref : null,
		console: (ref1 = options.console) != null ? ref1 : 'inherit',
		require: (ref2 = options.require) != null ? ref2 : false,
		language: (ref3 = options.language) != null ? ref3 : 'javascript',
		requireExternal: (ref4 = options.requireExternal) != null ? ref4 : false,
		requireNative: {}
		@@ -261,6 +266,6 @@ };
		if (Array.isArray(options.requireNative)) {
		_ref5 = options.requireNative;
		for (_i = 0, _len = _ref5.length; _i < _len; _i++) {
		mod = _ref5[_i];
		if (__indexOf.call(AVAILABLE_NATIVE_MODULES, mod) >= 0) {
		ref5 = options.requireNative;
		for (j = 0, len = ref5.length; j < len; j++) {
		mod = ref5[j];
		if (indexOf.call(AVAILABLE_NATIVE_MODULES, mod) >= 0) {
		this.options.requireNative[mod] = true;
		@@ -271,4 +276,4 @@ }
		} else {
		for (_j = 0, _len1 = AVAILABLE_NATIVE_MODULES.length; _j < _len1; _j++) {
		mod = AVAILABLE_NATIVE_MODULES[_j];
		for (k = 0, len1 = AVAILABLE_NATIVE_MODULES.length; k < len1; k++) {
		mod = AVAILABLE_NATIVE_MODULES[k];
		this.options.requireNative[mod] = true;
		@@ -317,3 +322,3 @@ }
		'use strict';
		var closure, contextify, dirname, name, parent, script, value, _ref, _ref1;
		var closure, contextify, dirname, name, parent, ref, ref1, script, value;
		if (global.isVM) {
		@@ -380,3 +385,3 @@ throw new VMError("You can't nest VMs");
		});
		_ref = closure.call(this.context, this, parent, contextify, dirname, filename), this.cache = _ref.cache, this.module = _ref.module, this.proxy = _ref.proxy;
		ref = closure.call(this.context, this, parent, contextify, dirname, filename), this.cache = ref.cache, this.module = ref.module, this.proxy = ref.proxy;
		this.cache[filename] = this.module;
		@@ -387,5 +392,5 @@ if (this.options.sandbox) {
		}
		_ref1 = this.options.sandbox;
		for (name in _ref1) {
		value = _ref1[name];
		ref1 = this.options.sandbox;
		for (name in ref1) {
		value = ref1[name];
		contextify(_prepareContextify(value), name);
		@@ -477,4 +482,4 @@ }

		VMError = (function(_super) {
		__extends(VMError, _super);
		VMError = (function(superClass) {
		extend(VMError, superClass);

		@@ -481,0 +486,0 @@ function VMError(message) {

147

lib/sandbox.js

		@@ -1,6 +0,6 @@
		// Generated by CoffeeScript 1.9.0
		// Generated by CoffeeScript 1.10.0
		var EXTENSIONS, NATIVE_MODULES, Script, fs, noop, pa,
		__slice = [].slice,
		__extends = function(child, parent) { for (var key in parent) { if (__hasProp.call(parent, key)) child[key] = parent[key]; } function ctor() { this.constructor = child; } ctor.prototype = parent.prototype; child.prototype = new ctor(); child.__super__ = parent.prototype; return child; },
		__hasProp = {}.hasOwnProperty;
		slice = [].slice,
		extend = function(child, parent) { for (var key in parent) { if (hasProp.call(parent, key)) child[key] = parent[key]; } function ctor() { this.constructor = child; } ctor.prototype = parent.prototype; child.prototype = new ctor(); child.__super__ = parent.prototype; return child; },
		hasProp = {}.hasOwnProperty;

		@@ -31,3 +31,3 @@ fs = parent.require('fs');
		'use strict';
		var global, _prepareRequire, _requireNative, _resolveFilename;
		var _prepareRequire, _requireNative, _resolveFilename, global;
		global = _this;
		@@ -41,3 +41,3 @@ global.global = global.GLOBAL = global.root = global;
		_resolveFilename = function(path) {
		var ex, exists, isdir, pkg;
		var error, ex, exists, isdir, pkg;
		path = pa.resolve(path);
		@@ -64,4 +64,4 @@ exists = fs.existsSync(path);
		}
		} catch (_error) {
		ex = _error;
		} catch (error) {
		ex = error;
		throw new VMError("Module '" + modulename + "' has invalid package.json", "EMODULEINVALID");
		@@ -103,3 +103,3 @@ }
		'use strict';
		var closure, code, dirname, ex, extname, filename, module, path, paths, script;
		var closure, code, dirname, error, error1, error2, ex, extname, filename, module, path, paths, script;
		if (!vm.options.require) {
		@@ -157,4 +157,5 @@ throw new VMError("Access denied to require '" + modulename + "'", "EDENIED");
		return module.exports;
		} catch (_error) {
		ex = _error;
		} catch (error) {
		ex = error;
		throw error
		throw new VMError("Failed to load '" + filename + "': [" + ex.message + "]", "ELOADFAIL");
		@@ -167,4 +168,4 @@ }
		return module.exports;
		} catch (_error) {
		ex = _error;
		} catch (error1) {
		ex = error1;
		throw new VMError("Failed to load '" + filename + "': [" + ex.message + "]", "ELOADFAIL");
		@@ -175,4 +176,4 @@ }
		code = "(function (exports, require, module, __filename, __dirname) { 'use strict'; " + (fs.readFileSync(filename, "utf8")) + " \n});";
		} catch (_error) {
		ex = _error;
		} catch (error2) {
		ex = error2;
		throw new VMError("Failed to load '" + filename + "': [" + ex.message + "]", "ELOADFAIL");
		@@ -200,6 +201,15 @@ }
		global.setTimeout = function(callback) {
		var tmr;
		arguments[0] = function() {
		return callback.call(null);
		};
		return parent.setTimeout.apply(parent, arguments);
		tmr = parent.setTimeout.apply(parent, arguments);
		return {
		ref: function() {
		return tmr.ref();
		},
		unref: function() {
		return tmr.unref();
		}
		};
		};
		@@ -210,3 +220,11 @@ global.setInterval = function(callback) {
		};
		return parent.setInterval.apply(parent, arguments);
		parent.setInterval.apply(parent, arguments);
		return {
		ref: function() {
		return tmr.ref();
		},
		unref: function() {
		return tmr.unref();
		}
		};
		};
		@@ -217,12 +235,23 @@ global.setImmediate = function(callback) {
		};
		return parent.setImmediate.apply(parent, arguments);
		parent.setImmediate.apply(parent, arguments);
		return {
		ref: function() {
		return tmr.ref();
		},
		unref: function() {
		return tmr.unref();
		}
		};
		};
		global.clearTimeout = function() {
		return parent.clearTimeout.apply(parent, arguments);
		parent.clearTimeout.apply(parent, arguments);
		return null;
		};
		global.clearInterval = function() {
		return parent.clearInterval.apply(parent, arguments);
		parent.clearInterval.apply(parent, arguments);
		return null;
		};
		global.clearImmediate = function() {
		return parent.clearImmediate.apply(parent, arguments);
		parent.clearImmediate.apply(parent, arguments);
		return null;
		};
		@@ -253,32 +282,40 @@ global.process = {
		log: function() {
		var _ref;
		return (_ref = parent.console).log.apply(_ref, arguments);
		var ref;
		(ref = parent.console).log.apply(ref, arguments);
		return null;
		},
		info: function() {
		var _ref;
		return (_ref = parent.console).info.apply(_ref, arguments);
		var ref;
		(ref = parent.console).info.apply(ref, arguments);
		return null;
		},
		warn: function() {
		var _ref;
		return (_ref = parent.console).warn.apply(_ref, arguments);
		var ref;
		(ref = parent.console).warn.apply(ref, arguments);
		return null;
		},
		error: function() {
		var _ref;
		return (_ref = parent.console).error.apply(_ref, arguments);
		var ref;
		(ref = parent.console).error.apply(ref, arguments);
		return null;
		},
		dir: function() {
		var _ref;
		return (_ref = parent.console).dir.apply(_ref, arguments);
		var ref;
		(ref = parent.console).dir.apply(ref, arguments);
		return null;
		},
		time: function() {
		var _ref;
		return (_ref = parent.console).time.apply(_ref, arguments);
		var ref;
		(ref = parent.console).time.apply(ref, arguments);
		return null;
		},
		timeEnd: function() {
		var _ref;
		return (_ref = parent.console).timeEnd.apply(_ref, arguments);
		var ref;
		(ref = parent.console).timeEnd.apply(ref, arguments);
		return null;
		},
		trace: function() {
		var _ref;
		return (_ref = parent.console).trace.apply(_ref, arguments);
		var ref;
		(ref = parent.console).trace.apply(ref, arguments);
		return null;
		}
		@@ -289,24 +326,26 @@ };
		log: function() {
		return vm.emit.apply(vm, ['console.log'].concat(__slice.call(arguments)));
		vm.emit.apply(vm, ['console.log'].concat(slice.call(arguments)));
		return null;
		},
		info: function() {
		return vm.emit.apply(vm, ['console.info'].concat(__slice.call(arguments)));
		vm.emit.apply(vm, ['console.info'].concat(slice.call(arguments)));
		return null;
		},
		warn: function() {
		return vm.emit.apply(vm, ['console.warn'].concat(__slice.call(arguments)));
		vm.emit.apply(vm, ['console.warn'].concat(slice.call(arguments)));
		return null;
		},
		error: function() {
		return vm.emit.apply(vm, ['console.error'].concat(__slice.call(arguments)));
		vm.emit.apply(vm, ['console.error'].concat(slice.call(arguments)));
		return null;
		},
		dir: function() {
		return vm.emit.apply(vm, ['console.dir'].concat(__slice.call(arguments)));
		vm.emit.apply(vm, ['console.dir'].concat(slice.call(arguments)));
		return null;
		},
		time: function() {
		return noop;
		},
		timeEnd: function() {
		return noop;
		},
		time: noop,
		timeEnd: noop,
		trace: function() {
		return vm.emit.apply(vm, ['console.trace'].concat(__slice.call(arguments)));
		vm.emit.apply(vm, ['console.trace'].concat(slice.call(arguments)));
		return null;
		}
		@@ -366,4 +405,4 @@ };
		*/
		global.VMError = (function(_super) {
		__extends(VMError, _super);
		global.VMError = (function(superClass) {
		extend(VMError, superClass);

		@@ -393,5 +432,5 @@ function VMError(message, code) {
		proxy: function() {
		var arg, args, index, method, _i, _len;
		method = arguments[0], args = 2 <= arguments.length ? __slice.call(arguments, 1) : [];
		for (index = _i = 0, _len = args.length; _i < _len; index = ++_i) {
		var arg, args, i, index, len, method;
		method = arguments[0], args = 2 <= arguments.length ? slice.call(arguments, 1) : [];
		for (index = i = 0, len = args.length; i < len; index = ++i) {
		arg = args[index];
		@@ -398,0 +437,0 @@ args[index] = contextify(arg);

package.json

		@@ -16,3 +16,3 @@ {
		],
		"version": "0.2.2",
		"version": "0.2.3",
		"main": "index.js",
		@@ -23,8 +23,3 @@ "repository": {
		},
		"licenses": [
		{
		"type": "MIT",
		"url": "http://opensource.org/licenses/mit-license.php"
		}
		],
		"license": "MIT",
		"dependencies": {
		@@ -31,0 +26,0 @@

README.md

		@@ -13,3 +13,3 @@ # vm2 [![Dependency Status](https://david-dm.org/patriksimek/vm2.png)](https://david-dm.org/patriksimek/vm2) [![NPM version](https://badge.fury.io/js/vm2.png)](http://badge.fury.io/js/vm2) [![Build Status](https://secure.travis-ci.org/patriksimek/vm2.png)](http://travis-ci.org/patriksimek/vm2)
		* You can securely call methods inside sandbox with callbacks
		* Is immune to `while (true) {}`
		* Is immune to `while (true) {}` (VM only, see docs)
		* Is immune to all known methods of attacks
		@@ -46,4 +46,4 @@ * Coffee-Script support

		* `timeout` - Script timeout in milliseconds
		* `sandbox` - VM's global object
		* `timeout` - Script timeout in milliseconds.
		* `sandbox` - VM's global object.
		* `language` - `javascript` (default) or `coffeescript`
		@@ -60,5 +60,13 @@
		var vm = new VM(options);
		vm.run("process.exit()");
		vm.run("process.exit()"); // throws ReferenceError: process is not defined
		```

		You can also retrieve values from VM.

		```javascript
		var number = vm.run("1337"); // returns 1337
		```

		IMPORTANT: Timeout is only effective on code you run trough `run`. Timeout is NOT effective on any method returned by VM.

		## NodeVM
		@@ -79,3 +87,4 @@

		Remember: the more modules you allow, the more fragile your sandbox becomes.
		REMEMBER: The more modules you allow, the more fragile your sandbox becomes.
		IMPORTANT: Timeout is not effective for NodeVM so it is not immune to `while (true) {}` or similar evil.

		@@ -82,0 +91,0 @@ ```javascript

.coffeemaker

src/contextify.coffee

Sorry, the diff of this file is not supported yet

src/main.coffee

Sorry, the diff of this file is not supported yet

src/sandbox.coffee

Sorry, the diff of this file is not supported yet

test/test.coffee

Sorry, the diff of this file is not supported yet

vm2 - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics