From 29e25fdb78e2c1053aa27a5c19138eab69bae66c Mon Sep 17 00:00:00 2001
From: tshemsedinov <timur.shemsedinov@gmail.com>
Date: Sat, 17 Mar 2018 06:43:46 +0200
Subject: [PATCH] Sandbox filesystem

---
 JavaScript/application.js    |  8 +++++
 JavaScript/framework.js      | 65 +++++++++++++++++-------------------
 JavaScript/package-lock.json | 26 +++++++++++++++
 JavaScript/package.json      | 12 +++++++
 4 files changed, 76 insertions(+), 35 deletions(-)
 create mode 100644 JavaScript/package-lock.json
 create mode 100644 JavaScript/package.json

diff --git a/JavaScript/application.js b/JavaScript/application.js
index 5d5802f..4b27bd6 100644
--- a/JavaScript/application.js
+++ b/JavaScript/application.js
@@ -10,6 +10,14 @@ console.log('From application global context');
 const fs = require('fs');
 console.dir({ fs });
 
+const mkdirp = require('mkdirp');
+console.dir({ mkdirp });
+
+mkdirp('/hello/world', (err) => {
+  if (err) console.error(err);
+  else console.log('pow!');
+});
+
 module.exports = () => {
   // Print from the exported function context
   console.log('From application exported function');
diff --git a/JavaScript/framework.js b/JavaScript/framework.js
index 4e22680..146146f 100644
--- a/JavaScript/framework.js
+++ b/JavaScript/framework.js
@@ -10,50 +10,45 @@ const EXECUTION_TIMEOUT = 5000;
 // The framework can require core libraries
 const fs = require('fs');
 const vm = require('vm');
+const sfs = require('sandboxed-fs');
 
 // Create a hash and turn it into the sandboxed context which will be
 // the global context of an application
 const context = {
-  module: {}, console,
+  module: {},
+  console,
   require: (name) => {
-    if (name === 'fs') {
-      console.log('Module fs is restricted');
-      return null;
-    }
-    return require(name);
+    if (name === 'fs') return sfs.bind('./');
+    let exported = execute('./node_modules/' + name + '/index.js');
+    if (!exported) exported = require(name);
   }
 };
 
 context.global = context;
 const sandbox = vm.createContext(context);
 
-// Read an application source code from the file
-const fileName = './application.js';
-fs.readFile(fileName, (err, src) => {
-  // We need to handle errors here
-
-  // Run an application in sandboxed context
-  let script;
-  try {
-    script = new vm.Script(src, { timeout: PARSING_TIMEOUT });
-  } catch (e) {
-    console.log('Parsing timeout');
-    process.exit(1);
-  }
-
-  try {
-    script.runInNewContext(sandbox, { timeout: EXECUTION_TIMEOUT });
-    const exported = sandbox.module.exports;
-    console.dir({ exported });
-  } catch (e) {
-    console.log('Execution timeout');
-    process.exit(1);
-  }
-
-  // We can access a link to exported interface from sandbox.module.exports
-  // to execute, save to the cache, print to console, etc.
-});
+function execute(fileName) {
+  console.log(fileName);
+  fs.readFile(fileName, (err, src) => {
+    console.log(src);
+    let script;
+    try {
+      script = new vm.Script(src, { timeout: PARSING_TIMEOUT });
+      console.dir({ script });
+    } catch (e) {
+      console.dir(e);
+      process.exit(1);
+    }
+    try {
+      script.runInNewContext(sandbox, { timeout: EXECUTION_TIMEOUT });
+      const exported = sandbox.module.exports;
+      console.dir({ exported });
+      return exported;
+    } catch (e) {
+      console.dir(e);
+      process.exit(1);
+    }
+  });
+}
 
-process.on('uncaughtException', (err) => {
-  console.log('Unhandled exception: ' + err);
-});
+execute('./application.js');
diff --git a/JavaScript/package-lock.json b/JavaScript/package-lock.json
new file mode 100644
index 0000000..7d6d166
--- /dev/null
+++ b/JavaScript/package-lock.json
@@ -0,0 +1,26 @@
+{
+  "name": "sandboxing",
+  "version": "0.0.2",
+  "lockfileVersion": 1,
+  "requires": true,
+  "dependencies": {
+    "minimist": {
+      "version": "0.0.8",
+      "resolved": "https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz",
+      "integrity": "sha1-hX/Kv8M5fSYluCKCYuhqp6ARsF0="
+    },
+    "mkdirp": {
+      "version": "0.5.1",
+      "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz",
+      "integrity": "sha1-MAV0OOrGz3+MR2fzhkjWaX11yQM=",
+      "requires": {
+        "minimist": "0.0.8"
+      }
+    },
+    "sandboxed-fs": {
+      "version": "0.3.0",
+      "resolved": "https://registry.npmjs.org/sandboxed-fs/-/sandboxed-fs-0.3.0.tgz",
+      "integrity": "sha512-IBb+7d7oJSF7HKN4mYXyQsmCSy0tDGd+sjZvbILV/66LFvZt+e0kTC8uyY1yaUnjOm8/jSoYt0S92kPjUuU9og=="
+    }
+  }
+}
diff --git a/JavaScript/package.json b/JavaScript/package.json
new file mode 100644
index 0000000..8685958
--- /dev/null
+++ b/JavaScript/package.json
@@ -0,0 +1,12 @@
+{
+  "name": "sandboxing",
+  "version": "0.0.2",
+  "author": "Timur Shemsedinov <timur.shemsedinov@gmail.com>",
+  "license": "MIT",
+  "main": "./framework.js",
+  "dependencies": {
+    "metarhia-common": "^0.0.25",
+    "mkdirp": "^0.5.1",
+    "sandboxed-fs": "^0.3.0"
+  }
+}