@jsreport/jsreport-core 3.4.1 → 3.6.0

package/lib/worker/sandbox/runInSandbox.js

@@ -1,14 +1,17 @@
 const LRU = require('lru-cache')
 const stackTrace = require('stack-trace')
 const { customAlphabet } = require('nanoid')
-const safeSandbox = require('./safeSandbox')
+const createSandbox = require('./createSandbox')
 const nanoid = customAlphabet('abcdefghijklmnopqrstuvwxyz', 10)
 
 module.exports = (reporter) => {
-  return ({
+  const functionsCache = LRU(reporter.options.sandbox.cache)
+
+  return async ({
     manager = {},
     context,
     userCode,
+    initFn,
     executionFn,
     currentPath,
     onRequire,
@@ -19,7 +22,8 @@ module.exports = (reporter) => {
 
     // we use dynamic name because of the potential nested vm2 execution in the jsreportProxy.assets.require
     // it may turn out it is a bad approach in assets so we gonna delete it here
-    const executionFnName = nanoid() + '_executionFn'
+    const executionFnName = `${nanoid()}_executionFn`
+
     context[executionFnName] = executionFn
     context.__appDirectory = reporter.options.appDirectory
     context.__rootDirectory = reporter.options.rootDirectory
@@ -28,13 +32,14 @@ module.exports = (reporter) => {
     context.__topLevelFunctions = {}
     context.__handleError = (err) => handleError(reporter, err)
 
-    const { sourceFilesInfo, run, restore, contextifyValue, decontextifyValue, unproxyValue, sandbox, safeRequire } = safeSandbox(context, {
+    const { sourceFilesInfo, run, compileScript, restore, sandbox, sandboxRequire } = createSandbox(context, {
       onLog: (log) => {
         reporter.logger[log.level](log.message, { ...req, timestamp: log.timestamp })
       },
       formatError: (error, moduleName) => {
-        error.message += ` To be able to require custom modules you need to add to configuration { "allowLocalFilesAccess": true } or enable just specific module using { sandbox: { allowedModules": ["${moduleName}"] }`
+        error.message += ` To be able to require custom modules you need to add to configuration { "trustUserCode": true } or enable just specific module using { sandbox: { allowedModules": ["${moduleName}"] }`
       },
+      safeExecution: reporter.options.trustUserCode === false,
       modulesCache: reporter.requestModulesCache.get(req.context.rootId),
       globalModules: reporter.options.sandbox.nativeModules || [],
       allowedModules: reporter.options.sandbox.allowedModules,
@@ -61,7 +66,17 @@ module.exports = (reporter) => {
       }
     })
 
-    jsreportProxy = reporter.createProxy({ req, runInSandbox: run, context: sandbox, getTopLevelFunctions, safeRequire })
+    const _getTopLevelFunctions = (code) => {
+      return getTopLevelFunctions(functionsCache, code)
+    }
+
+    jsreportProxy = reporter.createProxy({
+      req,
+      runInSandbox: run,
+      context: sandbox,
+      getTopLevelFunctions: _getTopLevelFunctions,
+      sandboxRequire
+    })
 
     jsreportProxy.currentPath = async () => {
       // we get the current path by throwing an error, which give us a stack trace
@@ -113,13 +128,21 @@ module.exports = (reporter) => {
     // we don't attach these methods to the sandbox, and instead share them through a "manager" object that should
     // be passed in options
     manager.restore = restore
-    manager.contextifyValue = contextifyValue
-    manager.decontextifyValue = decontextifyValue
-    manager.unproxyValue = unproxyValue
 
-    const functionNames = getTopLevelFunctions(userCode)
+    if (typeof initFn === 'function') {
+      const initScriptInfo = await initFn(_getTopLevelFunctions, compileScript)
+
+      if (initScriptInfo) {
+        await run(initScriptInfo.script, {
+          filename: initScriptInfo.filename || 'sandbox-init.js',
+          source: initScriptInfo.source
+        })
+      }
+    }
+
+    const functionNames = getTopLevelFunctions(functionsCache, userCode)
     const functionsCode = `return {${functionNames.map(h => `"${h}": ${h}`).join(',')}}`
-    const executionCode = `;(async () => { ${userCode}; ${functionsCode} })()
+    const executionCode = `;(async () => { ${userCode} \n\n;${functionsCode} })()
         .then((topLevelFunctions) => {
           const mergedTopLevelFunctions = { ...topLevelFunctions, ...__topLevelFunctions }
 
@@ -183,12 +206,11 @@ function handleError (reporter, errValue) {
   })
 }
 
-const functionsCache = LRU({ max: 100 })
-function getTopLevelFunctions (code) {
+function getTopLevelFunctions (cache, code) {
   const key = `functions:${code}`
 
-  if (functionsCache.has(key)) {
-    return functionsCache.get(key)
+  if (cache.has(key)) {
+    return cache.get(key)
   }
 
   // lazy load to speed up boot
@@ -226,6 +248,6 @@ function getTopLevelFunctions (code) {
     return []
   }
 
-  functionsCache.set(key, names)
+  cache.set(key, names)
   return names
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jsreport/jsreport-core",
-  "version": "3.4.1",
+  "version": "3.6.0",
   "description": "javascript based business reporting",
   "keywords": [
     "report",
@@ -32,11 +32,11 @@
     "@babel/code-frame": "7.12.13",
     "@babel/parser": "7.14.4",
     "@babel/traverse": "7.12.9",
-    "@jsreport/advanced-workers": "1.2.0",
+    "@jsreport/advanced-workers": "1.2.2",
     "@jsreport/mingo": "2.4.1",
     "ajv": "6.12.6",
-    "app-root-path": "2.0.1",
-    "async-replace": "1.0.1",
+    "app-root-path": "3.0.0",
+    "bytes": "3.1.2",
     "camelcase": "5.0.0",
     "debug": "4.3.2",
     "decamelize": "2.0.0",
@@ -46,7 +46,7 @@
     "enhanced-resolve": "5.8.3",
     "has-own-deep": "1.1.0",
     "isbinaryfile": "4.0.0",
-    "listener-collection": "1.2.0",
+    "listener-collection": "2.0.0",
     "lodash.get": "4.4.2",
     "lodash.groupby": "4.6.0",
     "lodash.omit": "4.5.0",
@@ -54,21 +54,21 @@
     "lru-cache": "4.1.1",
     "ms": "2.1.3",
     "nanoid": "3.2.0",
-    "nconf": "0.11.3",
+    "nconf": "0.12.0",
     "node.extend.without.arrays": "1.1.6",
-    "reap2": "1.0.1",
+    "@jsreport/reap": "0.1.0",
     "semver": "7.3.5",
     "serializator": "1.0.2",
     "stack-trace": "0.0.10",
     "triple-beam": "1.3.0",
     "unset-value": "1.0.0",
     "uuid": "8.3.2",
-    "vm2": "3.9.5",
+    "vm2": "3.9.9",
     "winston": "3.3.3",
     "winston-transport": "4.4.0"
   },
   "devDependencies": {
-    "mocha": "8.2.1",
+    "mocha": "9.2.2",
     "should": "13.2.3",
     "standard": "16.0.4",
     "std-mocks": "1.0.1",

package/lib/main/monitoring.js

@@ -1,92 +0,0 @@
-const os = require('os')
-
-function cpu () {
-  // Create function to get CPU information
-  function cpuAverage () {
-  // Initialise sum of idle and time of cores and fetch CPU info
-    let totalIdle = 0; let totalTick = 0
-    const cpus = os.cpus()
-
-    // Loop through CPU cores
-    for (let i = 0, len = cpus.length; i < len; i++) {
-    // Select CPU core
-      const cpu = cpus[i]
-
-      // Total up the time in the cores tick
-      for (const type in cpu.times) {
-        totalTick += cpu.times[type]
-      }
-
-      // Total up the idle time of the core
-      totalIdle += cpu.times.idle
-    }
-
-    // Return the average Idle and Tick times
-    return { idle: totalIdle / cpus.length, total: totalTick / cpus.length }
-  }
-
-  // Grab first CPU Measure
-  const startMeasure = cpuAverage()
-
-  return new Promise((resolve) => {
-    // Set delay for second Measure
-    setTimeout(function () {
-    // Grab second Measure
-      const endMeasure = cpuAverage()
-
-      // Calculate the difference in idle and total time between the measures
-      const idleDifference = endMeasure.idle - startMeasure.idle
-      const totalDifference = endMeasure.total - startMeasure.total
-
-      // Calculate the average percentage CPU usage
-      const percentageCPU = 100 - ~~(100 * idleDifference / totalDifference)
-
-      // Output result to console
-      resolve(percentageCPU)
-    }, 1000)
-  })
-}
-
-class Monitoring {
-  constructor (reporter) {
-    this.reporter = reporter
-  }
-
-  async execute () {
-    const monitoring = {
-      cpu: await cpu(),
-      freemem: Math.round(os.freemem() / 1024 / 1024),
-      timestamp: new Date(),
-      hostname: os.hostname()
-    }
-    return this.reporter.documentStore.collection('monitoring').insert(monitoring)
-  }
-
-  init () {
-    this._interval = setInterval(() => {
-      this.execute().catch((e) => this.reporter.logger.warn('unable to persist monitoring info, but no need to worry, we will retry, details:' + e.stack))
-    }, 60000)
-    this._interval.unref()
-  }
-
-  close () {
-    clearInterval(this._interval)
-  }
-}
-
-module.exports = (reporter) => {
-  reporter.documentStore.registerEntityType('MonitoringType', {
-    cpu: { type: 'Edm.Int32' },
-    freemem: { type: 'Edm.Int32' },
-    timestamp: { type: 'Edm.DateTimeOffset', schema: { type: 'null' } },
-    hostname: { type: 'Edm.String' }
-  })
-
-  reporter.documentStore.registerEntitySet('monitoring', {
-    entityType: 'jsreport.MonitoringType',
-    exportable: false,
-    shared: true
-  })
-
-  reporter.monitoring = new Monitoring(reporter)
-}