Skip to content
Permalink
Browse files

SandBox, feat: support freeze function to disable modification of glo…

…bal variables in sandbox.
  • Loading branch information...
xicilion committed Aug 15, 2018
1 parent a1ec0af commit c9fde181ed2b9773cd8a1bbc489628b58af39da7
Showing with 55 additions and 0 deletions.
  1. +1 −0 fibjs/include/SandBox.h
  2. +16 −0 fibjs/include/ifs/SandBox.h
  3. +35 −0 fibjs/src/sandbox/SandBox.cpp
  4. +3 −0 idl/zh-cn/SandBox.idl
@@ -29,6 +29,7 @@ class SandBox : public SandBox_base {
virtual result_t remove(exlib::string id);
virtual result_t has(exlib::string id, bool& retVal);
virtual result_t clone(obj_ptr<SandBox_base>& retVal);
virtual result_t freeze();
virtual result_t run(exlib::string fname, v8::Local<v8::Array> argv);
virtual result_t resolve(exlib::string id, exlib::string base, exlib::string& retVal);
virtual result_t require(exlib::string id, exlib::string base, v8::Local<v8::Value>& retVal);
@@ -33,6 +33,7 @@ class SandBox_base : public object_base {
virtual result_t remove(exlib::string id) = 0;
virtual result_t has(exlib::string id, bool& retVal) = 0;
virtual result_t clone(obj_ptr<SandBox_base>& retVal) = 0;
virtual result_t freeze() = 0;
virtual result_t run(exlib::string fname, v8::Local<v8::Array> argv) = 0;
virtual result_t resolve(exlib::string id, exlib::string base, exlib::string& retVal) = 0;
virtual result_t require(exlib::string id, exlib::string base, v8::Local<v8::Value>& retVal) = 0;
@@ -51,6 +52,7 @@ class SandBox_base : public object_base {
static void s_remove(const v8::FunctionCallbackInfo<v8::Value>& args);
static void s_has(const v8::FunctionCallbackInfo<v8::Value>& args);
static void s_clone(const v8::FunctionCallbackInfo<v8::Value>& args);
static void s_freeze(const v8::FunctionCallbackInfo<v8::Value>& args);
static void s_run(const v8::FunctionCallbackInfo<v8::Value>& args);
static void s_resolve(const v8::FunctionCallbackInfo<v8::Value>& args);
static void s_require(const v8::FunctionCallbackInfo<v8::Value>& args);
@@ -71,6 +73,7 @@ inline ClassInfo& SandBox_base::class_info()
{ "remove", s_remove, false },
{ "has", s_has, false },
{ "clone", s_clone, false },
{ "freeze", s_freeze, false },
{ "run", s_run, false },
{ "resolve", s_resolve, false },
{ "require", s_require, false },
@@ -224,6 +227,19 @@ inline void SandBox_base::s_clone(const v8::FunctionCallbackInfo<v8::Value>& arg
METHOD_RETURN();
}

inline void SandBox_base::s_freeze(const v8::FunctionCallbackInfo<v8::Value>& args)
{
METHOD_NAME("SandBox.freeze");
METHOD_INSTANCE(SandBox_base);
METHOD_ENTER();

METHOD_OVER(0, 0);

hr = pInst->freeze();

METHOD_VOID();
}

inline void SandBox_base::s_run(const v8::FunctionCallbackInfo<v8::Value>& args)
{
METHOD_NAME("SandBox.run");
@@ -187,6 +187,41 @@ result_t SandBox::clone(obj_ptr<SandBox_base>& retVal)
return 0;
}

result_t deepFreeze(v8::Local<v8::Value> v)
{
if (v.IsEmpty() || !v->IsObject())
return 0;

v8::Local<v8::Object> obj = v8::Local<v8::Object>::Cast(v);

if (!isFrozen(obj)) {
obj->SetIntegrityLevel(obj->CreationContext(), v8::IntegrityLevel::kFrozen).ToChecked();
v8::Local<v8::Array> names = obj->GetPropertyNames(obj->CreationContext(), v8::KeyCollectionMode::kIncludePrototypes,
v8::ALL_PROPERTIES, v8::IndexFilter::kIncludeIndices)
.ToLocalChecked();

TryCatch try_catch;
for (int32_t i = 0; i < names->Length(); i++)
deepFreeze(obj->Get(names->Get(i)));
}

return 0;
}

result_t SandBox::freeze()
{
v8::Local<v8::Object> global;
result_t hr;

hr = get_global(global);
if (hr < 0)
return hr;

deepFreeze(global);

return 0;
}

result_t SandBox::get_global(v8::Local<v8::Object>& retVal)
{
if (!m_global)
@@ -72,6 +72,9 @@ interface SandBox : object
*/
SandBox clone();

/*! @brief 冻结当前沙箱,冻结后的沙箱,对 global 所做的修改将被忽略 */
freeze();

/*! @brief 运行一个脚本
@param fname 指定要运行的脚本路径,此路径与当前运行脚本无关,必须为绝对路径
@param argv 指定要运行的参数,此参数可在脚本内使用 argv 获取

0 comments on commit c9fde18

Please sign in to comment.
You can’t perform that action at this time.