沙箱换成 ses

This commit is contained in:
fofolee
2022-04-21 18:30:05 +08:00
parent 51679f4391
commit 6d1e7f8347
4 changed files with 29 additions and 28 deletions

View File

@@ -12,14 +12,12 @@ const nodeFns = {
Float32Array, Float32Array,
Float64Array, Float64Array,
Function, Function,
Infinity,
Int16Array, Int16Array,
Int32Array, Int32Array,
Int8Array, Int8Array,
Intl, Intl,
JSON, JSON,
Math, Math,
NaN,
Number, Number,
Object, Object,
RangeError, RangeError,

View File

@@ -7,7 +7,8 @@
"dependencies": { "dependencies": {
"axios": "^0.24.0", "axios": "^0.24.0",
"iconv-lite": "^0.6.3", "iconv-lite": "^0.6.3",
"lodash": "^4.17.21" "lodash": "^4.17.21",
"ses": "^0.15.15"
} }
}, },
"node_modules/axios": { "node_modules/axios": {
@@ -57,6 +58,11 @@
"version": "2.1.2", "version": "2.1.2",
"resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
"integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==" "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
},
"node_modules/ses": {
"version": "0.15.15",
"resolved": "https://registry.npmmirror.com/ses/-/ses-0.15.15.tgz",
"integrity": "sha512-sJM4HRlM3VouA3RhRmS7wG5MRQPqZZnc6O4BvAefU7yeM+qp8EUfGAWQ9iB/X5cNh3+m5N9lC7DEpyxQ+E4D+w=="
} }
}, },
"dependencies": { "dependencies": {
@@ -90,6 +96,11 @@
"version": "2.1.2", "version": "2.1.2",
"resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
"integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==" "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
},
"ses": {
"version": "0.15.15",
"resolved": "https://registry.npmmirror.com/ses/-/ses-0.15.15.tgz",
"integrity": "sha512-sJM4HRlM3VouA3RhRmS7wG5MRQPqZZnc6O4BvAefU7yeM+qp8EUfGAWQ9iB/X5cNh3+m5N9lC7DEpyxQ+E4D+w=="
} }
} }
} }

View File

@@ -2,6 +2,7 @@
"dependencies": { "dependencies": {
"axios": "^0.24.0", "axios": "^0.24.0",
"iconv-lite": "^0.6.3", "iconv-lite": "^0.6.3",
"lodash": "^4.17.21" "lodash": "^4.17.21",
"ses": "^0.15.15"
} }
} }

View File

@@ -8,6 +8,8 @@ const axios = require('axios');
const http = require('http'); const http = require('http');
const url = require('url') const url = require('url')
const nodeFns = require("./lib/nodeFns") const nodeFns = require("./lib/nodeFns")
require('ses')
window._ = require("lodash") window._ = require("lodash")
window.yuQueClient = axios.create({ window.yuQueClient = axios.create({
baseURL: 'https://www.yuque.com/api/v2/', baseURL: 'https://www.yuque.com/api/v2/',
@@ -472,17 +474,17 @@ window.getuToolsLite = () => {
let getSandboxFuns = () => { let getSandboxFuns = () => {
var sandbox = { var sandbox = {
utools: getuToolsLite(), utools: getuToolsLite(),
quickcommand: quickcommand, quickcommand,
electron: electron, electron,
axios: axios, axios,
Audio: Audio, Audio,
fetch: fetch, fetch,
_: _, _,
// 兼容老版本 // 兼容老版本
fs: fs, fs,
path: path, path,
os: os, os,
child_process: child_process, child_process,
} }
shortCodes.forEach(f => { shortCodes.forEach(f => {
sandbox[f.name] = f sandbox[f.name] = f
@@ -499,23 +501,12 @@ let liteErr = e => {
utools.isDev() && (window.godMode = code => eval(code)) utools.isDev() && (window.godMode = code => eval(code))
// vm 模块将无法在渲染进程中使用,改用简单的沙箱来执行代码 // vm 模块将无法在渲染进程中使用,改用 ses 来执行代码
let createSandbox = (code, sandbox, async = false) => {
if (!async) code = `return (${code})`
const sandFn = new Function('sandbox', `with(sandbox){${code}}`);
const proxy = new Proxy(sandbox, {
has(target, key) {
return true;
}
});
return sandFn(proxy);
}
window.evalCodeInSandbox = (code, userVars = {}) => { window.evalCodeInSandbox = (code, userVars = {}) => {
let sandbox = getSandboxFuns() let sandbox = getSandboxFuns()
let sandboxWithUV = Object.assign(userVars, sandbox) let sandboxWithUV = Object.assign(userVars, sandbox)
try { try {
return createSandbox(code, sandboxWithUV); return new Compartment(sandboxWithUV).evaluate(code);
} catch (error) { } catch (error) {
throw liteErr(error) throw liteErr(error)
} }
@@ -535,7 +526,7 @@ window.runCodeInSandbox = (code, callback, userVars = {}) => {
} }
let sandboxWithUV = Object.assign(userVars, sandbox) let sandboxWithUV = Object.assign(userVars, sandbox)
try { try {
createSandbox(code, sandboxWithUV, true) new Compartment(sandboxWithUV).evaluate(code)
} catch (e) { } catch (e) {
console.log('Error: ', e) console.log('Error: ', e)
callback(null, liteErr(e)) callback(null, liteErr(e))