Merge pull request #521 from ulixee/pathContext

feat: allow per-module choice for vm context

Author: XmiliaH

README.md

@@ -141,7 +141,7 @@ Unlike `VM`, `NodeVM` allows you to require modules in the same way that you wou
 * `require.builtin` - Array of allowed built-in modules, accepts ["\*"] for all (default: none). **WARNING**: "\*" can be dangerous as new built-ins can be added.
 * `require.root` - Restricted path(s) where local modules can be required (default: every path).
 * `require.mock` - Collection of mock modules (both external or built-in).
-* `require.context` - `host` (default) to require modules in the host and proxy them into the sandbox. `sandbox` to load, compile, and require modules in the sandbox. Except for `events`, built-in modules are always required in the host and proxied into the sandbox.
+* `require.context` - `host` (default) to require modules in the host and proxy them into the sandbox. `sandbox` to load, compile, and require modules in the sandbox. `callback(moduleFilename, ext)` to dynamically choose a context per module. The default will be sandbox is nothing is specified. Except for `events`, built-in modules are always required in the host and proxied into the sandbox.
 * `require.import` - An array of modules to be loaded into NodeVM on start.
 * `require.resolve` - An additional lookup function in case a module wasn't found in one of the traditional node lookup paths.
 * `require.customRequire` - Use instead of the `require` function to load modules from the host.

lib/nodevm.js

@@ -17,6 +17,17 @@
  * @return {*} The required module object.
  */
 
+/**
+ * This callback will be called to specify the context to use "per" module. Defaults to 'sandbox' if no return value provided.
+ *
+ * NOTE: many interoperating modules must live in the same context.
+ *
+ * @callback pathContextCallback
+ * @param {string} modulePath - The full path to the module filename being requested.
+ * @param {string} extensionType - The module type (node = native, js = cjs/esm module)
+ * @return {("host"|"sandbox")} The context for this module.
+ */
+
 const fs = require('fs');
 const pa = require('path');
 const {
@@ -177,14 +188,16 @@ class NodeVM extends VM {
 	 * @param {string[]} [options.require.builtin=[]] - Array of allowed built-in modules, accepts ["*"] for all.
 	 * @param {(string|string[])} [options.require.root] - Restricted path(s) where local modules can be required. If omitted every path is allowed.
 	 * @param {Object} [options.require.mock] - Collection of mock modules (both external or built-in).
-	 * @param {("host"|"sandbox")} [options.require.context="host"] - <code>host</code> to require modules in host and proxy them to sandbox.
+	 * @param {("host"|"sandbox"|pathContextCallback)} [options.require.context="host"] -
+	 * <code>host</code> to require modules in host and proxy them to sandbox.
 	 * <code>sandbox</code> to load, compile and require modules in sandbox.
+	 * <code>pathContext(modulePath, ext)</code> to choose a mode per module (full path provided).
 	 * Builtin modules except <code>events</code> always required in host and proxied to sandbox.
 	 * @param {string[]} [options.require.import] - Array of modules to be loaded into NodeVM on start.
 	 * @param {resolveCallback} [options.require.resolve] - An additional lookup function in case a module wasn't
 	 * found in one of the traditional node lookup paths.
 	 * @param {customRequire} [options.require.customRequire=require] - Custom require to require host and built-in modules.
-	 * @param {boolean} [option.require.strict=true] - Load required modules in strict mode.
+	 * @param {boolean} [options.require.strict=true] - Load required modules in strict mode.
 	 * @param {boolean} [options.nesting=false] -
 	 * <b>WARNING: Allowing this is a security risk as scripts can create a NodeVM which can require any host module.</b>
 	 * Allow nesting of VMs.

lib/resolver-compat.js

@@ -113,7 +113,7 @@ class LegacyResolver extends DefaultResolver {
 	loadJS(vm, mod, filename) {
 		filename = this.pathResolve(filename);
 		this.checkAccess(mod, filename);
-		if (this.pathContext(filename, 'js') === 'sandbox') {
+		if (this.pathContext(filename, 'js') !== 'host') {
 			const trustedMod = this.trustedMods.get(mod);
 			const script = this.readScript(filename);
 			vm.run(script, {filename, strict: true, module: mod, wrapper: 'none', dirname: trustedMod ? trustedMod.path : mod.path});
@@ -332,19 +332,21 @@ function resolverFromOptions(vm, options, override, compiler) {
 		};
 	}
 
+	const pathContext = typeof context === 'function' ? context : (() => context);
+
 	if (typeof externalOpt !== 'object') {
-		return new DefaultResolver(fsOpt, builtins, checkPath, [], () => context, newCustomResolver, hostRequire, compiler, strict);
+		return new DefaultResolver(fsOpt, builtins, checkPath, [], pathContext, newCustomResolver, hostRequire, compiler, strict);
 	}
 
 	let transitive = false;
 	if (Array.isArray(externalOpt)) {
 		external = externalOpt;
 	} else {
 		external = externalOpt.modules;
-		transitive = context === 'sandbox' && externalOpt.transitive;
+		transitive = context !== 'host' && externalOpt.transitive;
 	}
 	externals = external.map(makeExternalMatcher);
-	return new LegacyResolver(fsOpt, builtins, checkPath, [], () => context, newCustomResolver, hostRequire, compiler, strict, externals, transitive);
+	return new LegacyResolver(fsOpt, builtins, checkPath, [], pathContext, newCustomResolver, hostRequire, compiler, strict, externals, transitive);
 }
 
 exports.resolverFromOptions = resolverFromOptions;

lib/resolver.js

@@ -197,7 +197,7 @@ class DefaultResolver extends Resolver {
 	loadJS(vm, mod, filename) {
 		filename = this.pathResolve(filename);
 		this.checkAccess(mod, filename);
-		if (this.pathContext(filename, 'js') === 'sandbox') {
+		if (this.pathContext(filename, 'js') !== 'host') {
 			const script = this.readScript(filename);
 			vm.run(script, {filename, strict: this.strict, module: mod, wrapper: 'none', dirname: mod.path});
 		} else {
@@ -216,7 +216,7 @@ class DefaultResolver extends Resolver {
 	loadNode(vm, mod, filename) {
 		filename = this.pathResolve(filename);
 		this.checkAccess(mod, filename);
-		if (this.pathContext(filename, 'node') === 'sandbox') throw new VMError('Native modules can be required only with context set to \'host\'.');
+		if (this.pathContext(filename, 'node') !== 'host') throw new VMError('Native modules can be required only with context set to \'host\'.');
 		const m = this.hostRequire(filename);
 		mod.exports = vm.readonly(m);
 	}

package-lock.json

@@ -228,6 +228,32 @@ describe('modules', () => {
 		assert.ok(vm.run("require('module1')", __filename));
 	});
 
+	it('allows choosing a context by path', () => {
+		const vm = new NodeVM({
+			require: {
+				external: {
+					modules: ['mocha', 'module1'],
+					transitive: true,
+				},
+				context(module) {
+					if (module.includes('mocha')) return 'host';
+					return 'sandbox';
+				}
+			}
+		});
+		function isVMProxy(obj) {
+			const key = {};
+			const proto = Object.getPrototypeOf(obj);
+			if (!proto) return undefined;
+			proto.isVMProxy = key;
+			const proxy = obj.isVMProxy !== key;
+			delete proto.isVMProxy;
+			return proxy;
+		}
+		assert.equal(isVMProxy(vm.run("module.exports = require('mocha')", __filename)), false, 'Mocha is a proxy');
+		assert.equal(isVMProxy(vm.run("module.exports = require('module1')", __filename)), true, 'Module1 is not a proxy');
+	});
+
 	it('can resolve paths based on a custom resolver', () => {
 		const vm = new NodeVM({
 			require: {