Run notebooks inside a Node sandbox (vm module)

qti3e · qti3e · commit ca512b70e3b6 · 2018-06-05T20:39:08.000+04:30
it's still not safe at this point, **process** should be removed from the sandbox
diff --git a/bin/bin.ts b/bin/bin.ts
@@ -21,8 +21,12 @@
  */
 
 import { fork, isMaster } from "cluster";
+import { readFileSync } from "fs";
 import * as opn from "opn";
+import { TextDecoder } from "util";
+import * as vm from "vm";
 import * as WebSocket from "ws";
+import { ClusterRPC } from "../src/rpc";
 import { createHTTPServer } from "./server";
 
 // Constants
@@ -71,5 +75,27 @@ if (isMaster) {
   });
 } else {
   console.log("[%s] Worker started.", process.pid);
-  require("../src/sandbox.ts");
+  const sandboxCode = readFileSync("../build/website/sandbox.js").toString();
+  const clusterRPC = new ClusterRPC(process);
+  // TODO We should not let user to have access to `process`.
+  //  const binding = process.binding('fs');
+  //  binding
+  const sandbox = {
+    Buffer,
+    TextDecoder,
+    clusterRPC,
+    process,
+    require: safeRequire
+  };
+  vm.createContext(sandbox);
+  vm.runInContext(sandboxCode, sandbox);
+}
+
+function safeRequire(moduleName) {
+  const allowedModules = ["url", "http", "https"];
+  if (allowedModules.indexOf(moduleName) < 0) {
+    console.log(moduleName);
+    throw new Error("Calling require is forbidden.");
+  }
+  return require(moduleName);
 }
diff --git a/src/rpc.ts b/src/rpc.ts
@@ -215,7 +215,7 @@ export class WebSocketRPC extends RPCBase {
 }
 
 export class ClusterRPC extends RPCBase {
-  constructor(private process, private calledFromMaster = false) {
+  constructor(private process) {
     super();
   }
 
@@ -229,9 +229,7 @@ export class ClusterRPC extends RPCBase {
 
   start(handlers: RpcHandlers): void {
     super.start(handlers);
-    if (!this.calledFromMaster) {
-      this.process.on("message", this.receive);
-    }
+    this.process.on("message", this.receive);
   }
 
   stop(): void {
diff --git a/src/sandbox.ts b/src/sandbox.ts
@@ -23,6 +23,8 @@ import { ClusterRPC, RPC, WindowRPC } from "./rpc";
 import { describe, InspectorData, InspectorOptions } from "./serializer";
 import { global, globalEval, IS_WEB, URL } from "./util";
 
+declare const clusterRPC: ClusterRPC;
+
 async function fetchText(url: string) {
   const ab = await fetchArrayBuffer(url);
   const enc = new TextDecoder();
@@ -84,7 +86,7 @@ const rpc = function(): RPC {
       .getAttribute("content");
     return new WindowRPC(window.parent, channelId);
   }
-  return new ClusterRPC(process);
+  return clusterRPC;
 }();
 rpc.start({ runCell });
 

Original file line number	Diff line number	Diff line change
`@@ -215,7 +215,7 @@ export class WebSocketRPC extends RPCBase {`
`215`	`215`	`}`
`216`	`216`
`217`	`217`	`export class ClusterRPC extends RPCBase {`
`218`		`- constructor(private process, private calledFromMaster = false) {`
	`218`	`+ constructor(private process) {`
`219`	`219`	`super();`
`220`	`220`	`}`
`221`	`221`
`@@ -229,9 +229,7 @@ export class ClusterRPC extends RPCBase {`
`229`	`229`
`230`	`230`	`start(handlers: RpcHandlers): void {`
`231`	`231`	`super.start(handlers);`
`232`		`- if (!this.calledFromMaster) {`
`233`		`- this.process.on("message", this.receive);`
`234`		`- }`
	`232`	`+ this.process.on("message", this.receive);`
`235`	`233`	`}`
`236`	`234`
`237`	`235`	`stop(): void {`