diff --git a/packages/server/src/environment.ts b/packages/server/src/environment.ts index bc4b9eb35b..e137c342e6 100644 --- a/packages/server/src/environment.ts +++ b/packages/server/src/environment.ts @@ -113,6 +113,7 @@ const environment = { process.env[key] = value // @ts-ignore environment[key] = value + cleanVariables() }, isTest: coreEnv.isTest, isJest: coreEnv.isJest, @@ -126,24 +127,26 @@ const environment = { getDefaults: () => { return DEFAULTS }, - useIsolatedVM: { - QUERY_TRANSFORMERS: !!process.env.QUERY_TRANSFORMERS_ISOLATEDVM, - JS_RUNNER: !!process.env.JS_RUNNER_ISOLATEDVM, - }, + ISOLATEDVM_QUERY_TRANSFORMERS: !!process.env.ISOLATEDVM_QUERY_TRANSFORMERS, + ISOLATEDVM_JS_RUNNER: !!process.env.ISOLATEDVM_JS_RUNNER, } -// clean up any environment variable edge cases -for (let [key, value] of Object.entries(environment)) { - // handle the edge case of "0" to disable an environment variable - if (value === "0") { - // @ts-ignore - environment[key] = 0 - } - // handle the edge case of "false" to disable an environment variable - if (value === "false") { - // @ts-ignore - environment[key] = 0 +function cleanVariables() { + // clean up any environment variable edge cases + for (let [key, value] of Object.entries(environment)) { + // handle the edge case of "0" to disable an environment variable + if (value === "0") { + // @ts-ignore + environment[key] = 0 + } + // handle the edge case of "false" to disable an environment variable + if (value === "false") { + // @ts-ignore + environment[key] = 0 + } } } +cleanVariables() + export default environment diff --git a/packages/server/src/jsRunner/index.ts b/packages/server/src/jsRunner/index.ts index 5c863e2855..362dde1fb2 100644 --- a/packages/server/src/jsRunner/index.ts +++ b/packages/server/src/jsRunner/index.ts @@ -7,7 +7,8 @@ import { BuiltInVM, IsolatedVM } from "./vm" export function init() { setJSRunner((js: string, ctx: Record) => { return tracer.trace("runJS", {}, span => { - if (!env.useIsolatedVM.JS_RUNNER) { + const useIsolatedVm = env.ISOLATEDVM_JS_RUNNER + if (!useIsolatedVm) { const vm = new BuiltInVM(ctx, span) return vm.execute(js) } diff --git a/packages/server/src/jsRunner/tests/jsRunner.spec.ts b/packages/server/src/jsRunner/tests/jsRunner.spec.ts index 285ade7097..3baf049eae 100644 --- a/packages/server/src/jsRunner/tests/jsRunner.spec.ts +++ b/packages/server/src/jsRunner/tests/jsRunner.spec.ts @@ -7,18 +7,28 @@ const { runJsHelpersTests } = require("@budibase/string-templates/test/utils") import tk from "timekeeper" import { init } from ".." import TestConfiguration from "../../tests/utilities/TestConfiguration" +import environment from "../../environment" tk.freeze("2021-01-21T12:00:00") -describe("jsRunner", () => { +describe.each([ + ["vm", false], + ["isolated-vm", true], +])("jsRunner (using %s)", (_, useIsolatedVM) => { const config = new TestConfiguration() beforeAll(async () => { + environment._set("ISOLATEDVM_JS_RUNNER", useIsolatedVM) + // Register js runner init() await config.init() }) + afterAll(() => { + config.end() + }) + const processJS = (js: string, context?: object) => { return config.doInContext(config.getAppId(), async () => processStringSync(encodeJSBinding(js), context || {}) @@ -30,7 +40,7 @@ describe("jsRunner", () => { expect(output).toBe(3) }) - it("should prevent sandbox escape", async () => { + it.only("should prevent sandbox escape", async () => { const output = await processJS( `return this.constructor.constructor("return process")()` ) diff --git a/packages/server/src/threads/query.ts b/packages/server/src/threads/query.ts index a8aa428b0a..2c8e59ce64 100644 --- a/packages/server/src/threads/query.ts +++ b/packages/server/src/threads/query.ts @@ -129,7 +129,7 @@ class QueryRunner { // transform as required if (transformer) { let runner: VM - if (!environment.useIsolatedVM.QUERY_TRANSFORMERS) { + if (!environment.ISOLATEDVM_QUERY_TRANSFORMERS) { runner = new VM2({ data: rows, params: enrichedParameters,