isolated-function 0.0.4 → 0.0.5

package/README.md

@@ -6,8 +6,9 @@
 
 **Highlights**
 
-- Based on [v8-sandbox](https://github.com/fulcrumapp/v8-sandbox).
+- Based in [Node.js Permission Model](https://nodejs.org/api/permissions.html#permission-model)
 - Auto install npm dependencies.
+- Memory limit support.
 - Timeout support.
 
 ## Install
@@ -19,10 +20,10 @@ npm install isolated-function --save
 ## Usage
 
 ```js
-const isoaltedFunction = require('isolated-function')
+const isolatedFunction = require('isolated-function')
 
 /* This function will run in a sandbox, in a separate process */
-const sum = isoaltedFunction((y, z) => y + z)
+const sum = isolatedFunction((y, z) => y + z)
 
 /* Interact with it as usual from your main code */
 const result = await sum(3, 2)
@@ -33,7 +34,7 @@ console.log(result)
 You can also use `require' for external dependencies:
 
 ```js
-const isEmoji = isoaltedFunction(emoji => {
+const isEmoji = isolatedFunction(emoji => {
   const isEmoji = require('is-standard-emoji')
   return isEmoji(emoji)
 })
@@ -48,7 +49,7 @@ It's intentionally not possible to expose any Node.js objects or functions direc
 
 ## API
 
-### isoaltedFunction(snippet, [options])
+### isolatedFunction(snippet, [options])
 
 #### snippet
 

package/package.json

@@ -2,7 +2,7 @@
   "name": "isolated-function",
   "description": "Runs untrusted code in a Node.js v8 sandbox.",
   "homepage": "https://github.com/Kikobeats/isolated-function",
-  "version": "0.0.4",
+  "version": "0.0.5",
   "main": "src/index.js",
   "exports": {
     ".": "./src/index.js"
@@ -33,6 +33,7 @@
     "v8"
   ],
   "dependencies": {
+    "@kikobeats/time-span": "~1.0.5",
     "acorn": "~8.12.1",
     "acorn-walk": "~8.3.3",
     "ensure-error": "~3.0.1",

package/src/compile.js

@@ -11,6 +11,8 @@ const path = require('path')
 
 const generateTemplate = require('./template')
 
+const MINIFY = process.env.ISOLATED_FUNCTIONS_MINIFY !== 'false'
+
 const packageManager = (() => {
   try {
     execSync('which pnpm').toString().trim()
@@ -65,12 +67,10 @@ module.exports = async snippet => {
     cwd: tmp.cwd
   })
 
-  // return tmp
-
   const result = await esbuild.build({
     entryPoints: [tmp.filepath],
     bundle: true,
-    // minify: true,
+    minify: MINIFY,
     write: false,
     platform: 'node'
   })

package/src/index.js

@@ -1,33 +1,73 @@
 'use strict'
 
 const { deserializeError } = require('serialize-error')
+const timeSpan = require('@kikobeats/time-span')()
 const $ = require('tinyspawn')
+const path = require('path')
 
 const compile = require('./compile')
 
-class TimeoutError extends Error {
-  constructor (message) {
-    super(message)
-    this.name = 'TimeoutError'
-  }
+const createError = ({ name, message, ...props }) => {
+  const error = new Error(message)
+  error.name = name
+  Object.assign(error, props)
+  return error
+}
+
+const flags = ({ filename, memory }) => {
+  const flags = ['--experimental-permission', `--allow-fs-read=${filename}`]
+  if (memory) flags.push(`--max-old-space-size=${memory}`)
+  return flags.join(' ')
 }
 
-module.exports = (snippet, { timeout = 0 } = {}) => {
+module.exports = (snippet, { timeout = 0, memory } = {}) => {
   if (typeof snippet !== 'function') throw new TypeError('Expected a function')
   const compilePromise = compile(snippet)
 
   const fn = async (...args) => {
+    let duration
     try {
       const { filepath } = await compilePromise
-      const { stdout } = await $(`node ${filepath} ${JSON.stringify(args)}`, {
+
+      const cwd = path.dirname(filepath)
+      const filename = path.basename(filepath)
+      const cmd = `node ${flags({ filename, memory })} ${filename} ${JSON.stringify(args)}`
+
+      duration = timeSpan()
+      const { stdout } = await $(cmd, {
+        cwd,
         timeout,
         killSignal: 'SIGKILL'
       })
-      const { isFulfilled, value } = JSON.parse(stdout)
-      if (isFulfilled) return value
+      const { isFulfilled, value, profiling } = JSON.parse(stdout)
+      profiling.duration = duration()
+      if (isFulfilled) return [value, profiling]
       throw deserializeError(value)
     } catch (error) {
-      if (error.killed) throw new TimeoutError('Execution timed out')
+      if (error.signalCode === 'SIGTRAP') {
+        throw createError({
+          name: 'MemoryError',
+          message: 'Out of memory',
+          profiling: { duration: duration() }
+        })
+      }
+
+      if (error.signalCode === 'SIGKILL') {
+        throw createError({
+          name: 'TimeoutError',
+          message: 'Execution timed out',
+          profiling: { duration: duration() }
+        })
+      }
+
+      if (error.code === 'ERR_ACCESS_DENIED') {
+        throw createError({
+          name: 'PermissionError',
+          message: `Access to '${error.permission}' has been restricted`,
+          profiling: { duration: duration() }
+        })
+      }
+
       throw error
     }
   }

package/src/template/index.js

@@ -2,22 +2,26 @@
 
 const SERIALIZE_ERROR = require('./serialize-error')
 
-const generateTemplate = snippet => {
-  const template = `
+const generateTemplate = snippet => `
   const args = JSON.parse(process.argv[2])
 
   ;(async () => {
+    let value
+    let isFulfilled
+
     try {
-      const value = await (${snippet.toString()})(...args)
-      console.log(JSON.stringify({ isFulfilled: true, value }))
+      value = await (${snippet.toString()})(...args)
+      isFulfilled = true
     } catch (error) {
-     console.log(JSON.stringify({ isFulfilled: false, value: ${SERIALIZE_ERROR}(error) }))
+      value = ${SERIALIZE_ERROR}(error)
+      isFulfilled = false
+    } finally {
+      console.log(JSON.stringify({
+        isFulfilled,
+        value,
+        profiling: { memory: process.memoryUsage().rss }
+      }))
     }
-  })()
-
-  `
-
-  return template
-}
+  })()`
 
 module.exports = generateTemplate