[BUG] external javascript/nodejs : 'fs' is not allowed to be required. The path is outside the border!

[survivant]

I want to convert a postman collection that I have to Bruno. In postman I had a variable that contains a JS script/libraby that I was loaing with eval in a pre-script. I try to do the same thing in bruno, but the variable doesn't support the content of the script, so I try another way. Using external javascript with nodejs. I followed that link : https://docs.usebruno.com/scripting/external-libraries.html

my package.json

{
  "name": "Test-Postman-To-Bruno",
  "version": "1.0.0",
  "main": "index.js",
  "homepage": "https://github.com/usebruno/github-rest-api-collection#readme",
  "dependencies": {
    "jsrsasign": "^10.8.6",
    "jsrsasign-util": "^1.0.5"
  }
}

and my pre-request-script

const moment = require("moment");
const uuid = require('uuid');
var navigator = {}; // required
var window = {}; // required
console.log("test2=");
//eval(pm.globals.get("jsrsasign")); // Import JavaScript jsrsasign

const header = {"alg":"RS256"};
const date = moment();
const payload = {
    "aud":req.url,
    "iat":date.unix(),
    "exp":date.add(5,"m").unix(),
    //"iss":bru.getEnvVar("clientId"),
    //"sub":bru.getEnvVar("clientId"),
    "jti": uuid.v4()
};

var rs = require('jsrsasign');
var rsu = require('jsrsasign-util');

//const jwk = bru.getEnvVar("privateKey");
const jwk = "-----BEGIN RSA PRIVATE KEY-----\n" +
    "MIIBOgIBAAJBAKj34GkxFhD90vcNLYLInFEX6Ppy1tPf9Cnzj4p4WGeKLs1Pt8Qu\n" +
    "KUpRKfFLfRYC9AIKjbJTWit+CqvjWYzvQwECAwEAAQJAIJLixBy2qpFoS4DSmoEm\n" +
    "o3qGy0t6z09AIJtH+5OeRV1be+N4cDYJKffGzDa88vQENZiRm0GRq6a+HPGQMd2k\n" +
    "TQIhAKMSvzIBnni7ot/OSie2TmJLY4SwTQAevXysE2RbFDYdAiEBCUEaRQnMnbp7\n" +
    "9mxDXDf6AU0cN/RPBjb9qSHDcWZHGzUCIG2Es59z8ugGrDY+pxLQnwfotadxd+Uy\n" +
    "v/Ow5T0q5gIJAiEAyS4RaI9YG8EWx/2w0T67ZUVAw8eOMB6BIUg0Xcu+3okCIBOs\n" +
    "/5OiPgoTdSy7bcF9IGpSE8ZgGKzgYQVZeN97YE00\n" +
    "-----END RSA PRIVATE KEY-----";
const prvKey = rs.KEYUTIL.getKey(jwk);
const jwt = rs.KJUR.jws.JWS.sign(header.alg,
    JSON.stringify(header),
    JSON.stringify(payload),
    prvKey);

console.log(jwt);
//bru.setEnvVar("jwt",jwt);

the error is : Error invoking remote method 'send-http-request': VMError: Module 'C:\Users\survivant\AppData\Local\Programs\bruno\fs' is not allowed to be required. The path is outside the border!

if I run the script in index.js with nodejs it works fine.

PS. I took the private key from here as example : https://phpseclib.com/docs/rsa-keys

the library that I need to use is this : https://github.com/kjur/jsrsasign

if postman the equivalent is

eval(pm.globals.get("jsrsasign")); // the variable contains the jsrasing-min.js  (but Bruno can't save the variable)
....
const prvKey = KEYUTIL.getKey(jwk);
const jwt = KJUR.jws.JWS.sign(header.alg,
    JSON.stringify(header),
    JSON.stringify(payload),
    prvKey);

console.log(jwt);

[survivant]

I got it to work.. just have to remove that line var rsu = require('jsrsasign-util');

but if I couldn't do that and I have to use a library that need fs. There is an alternative to make it works ?

I think we can close that issue

[helloanoop]

@survivant In case you need to use fs, you need to whitelist it in bruno.json

{
  "version": "1",
  "name": "bruno-testbench",
  "type": "collection",
  "scripts": {
    "filesystemAccess": {
      "allow": true
    }
  }
}

[survivant]

Cool, so the documentation : https://docs.usebruno.com/scripting/external-libraries.html could include a reference to that. I'll send a PR for that

[survivant]

sorry it took time but here the PR :usebruno/bruno-docs#28