SES: Cannot register `lockdown` in new VM context
See original GitHub issueTrying to lock down a new context by creating an isolatedRequire
function:
function isolatedRequire(specifier) {
const sandbox = createContext({ require, console });
/**
* Lock down the component context and then import the module.
*/
const sesRequire = `
require('ses');
lockdown();
require(${JSON.stringify(specifier)});
`;
return runInNewContext(sesRequire, sandbox)
}
But it throws:
evalmachine.<anonymous>:3
lockdown();
^
ReferenceError: lockdown is not defined
at evalmachine.<anonymous>:3:5
at Script.runInContext (node:vm:139:12)
at Script.runInNewContext (node:vm:144:17)
at runInNewContext (node:vm:298:38)
It works if we require('ses')
and then pass in the lockdown
function for the initial context, but that locks down the parent context and kind of invalidates the scoping principle here.
Why won’t the lockdown
identifier register in a new VM context?
Issue Analytics
- State:
- Created 2 years ago
- Comments:7 (5 by maintainers)
Top Results From Across the Web
VMware vCenter Server 7.0 Update 3f Release Notes
As a result, I/O filter storage providers remains registered with the vCenter even though the ESXi host is not in the inventory.
Read more >Draft proposal for SES (Secure EcmaScript) - GitHub
Identity discontinuity. Two realms, made by same origin iframes or vm contexts, can be put in contact. Once in contact, they can mix...
Read more >Coronavirus (COVID-19): SME policy responses - OECD
Chapter 2 discusses the background to SME impact and policy responses, ... the expected liquidity shortage of SMEs due to the pandemic and...
Read more >Falling living standards during the COVID-19 crisis - Science
In most of cases, we cannot reject equality in the share of high and low SES households affected. However, the impact of an...
Read more >dpm error codes - macellerialucio.it
But we create a new server and want to install DPM 2016. ... 2019 · DPM cannot browse the contents of the virtual...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Node’s
vm
module is pretty barebones. Afaik it doesn’t contain any node provided APIs such asrequire
, only v8 intrinsics. I highly recommend you don’t try to build your own isolation mechanism based on it. You may have better luck withvm2
orisolated-vm
.SES will not on its own load external modules and evaluate them in isolated Compartments. For that you need other parts of Endo. You may instead be interested in LavaMoat which uses SES/Endo under the hood, and helps you isolate your package dependencies according to policies you define.
What I’m saying is that I don’t believe you’re loading the ses shim inside the context you created. You’re loading it in the parent realm.