From 0ac81b886eb3027e8a636f36fd0a0d79c2c05470 Mon Sep 17 00:00:00 2001 From: yoisahb5 Date: Sun, 8 Aug 2021 15:27:05 +0200 Subject: [PATCH] Use vm2 instead of sandbox library --- install | 2 +- modules/js/js.js | 9 +++------ 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/install b/install index ef6a939..54e220f 100755 --- a/install +++ b/install @@ -14,7 +14,7 @@ if [[ $? -gt 0 ]]; then exit 1 fi -npm install googlemaps humanize feedparser node-units tvdb method-override 500px process async wordnik node-uuid underscore request request-promise-native sandbox express moment-timezone moment jade databank databank-redis ent passport passport-local password-hash connect-flash +npm install googlemaps humanize feedparser node-units tvdb method-override 500px process async wordnik node-uuid underscore request request-promise-native vm2 express moment-timezone moment jade databank databank-redis ent passport passport-local password-hash connect-flash cd public/ wget https://github.com/twbs/bootstrap/releases/download/v3.3.2/bootstrap-3.3.2-dist.zip diff --git a/modules/js/js.js b/modules/js/js.js index 13e92d7..0d99374 100644 --- a/modules/js/js.js +++ b/modules/js/js.js @@ -4,18 +4,15 @@ * the channel. Also allows admins to run un-sandboxed Javascript code with * access to the DepressionBot instance memory. */ -var vm = require('vm'); -var sbox = require('sandbox'); +var VM = require('vm2').VM; var js = function(dbot) { var commands = { // Run JS code sandboxed, return result to channel. '~js': function(event) { try { - var s = new sbox(); - s.run(event.input[1], function(output) { - event.reply(output.result); - }.bind(this)); + var s = new VM({timeout: 1000, sandbox: {}}); + event.reply(s.run(code)); } catch(err) {} },