Lifen/lifen-postman
Lifen/lifen-postman
1
0
Fork 0
Code Pull Requests Releases Activity
lifen-postman/node_modules/postman-sandbox/lib/sandbox/index.js
Simon Priet e69a613a37 feat: Created a mini nodeJS server with NewMan for testing without PostMan GUI. 
This will mimic a run in a CD/CI environment or docker container.
2021-09-08 14:01:19 +02:00

74 lines
3.6 KiB
JavaScript
Raw Blame History

/**!
* @license Copyright 2016 Postdot Technologies, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and limitations under the License.
*
* This file is the Postman scripting sandbox's bootstrap code and would during module usage be exported as part of npm
* cache and deployed for ease of use and performance improvements.
*
* @note
* This file runs within Node and browser sandboxes and standard node aspects may not 100% apply
*/
/* global bridge */
// Although we execute the user code in a well-defined scope using the uniscope
// module but still to cutoff the reference to the globally available properties
// we sanitize the global scope by deleting the forbidden properties in this UVM
// and create a secure sandboxed environment.
// @note this is executed at the very beginning of the sandbox code to make sure
// non of the dependency can keep a reference to a global property.
// @note since this mutates the global scope, it's possible to mess-up as we
// update our dependencies.
(function recreatingTheUniverse () {
var contextObject = this,
// 1. allow all the uniscope allowed globals
allowedGlobals = require('uniscope/lib/allowed-globals').concat([
// 2. allow properties which can be controlled/ignored using uniscope
'require', 'eval', 'console',
// 3. allow uvm internals because these will be cleared by uvm itself at the end.
// make sure any new property added in uvm firmware is allowed here as well.
'bridge', '__uvm_emit', '__uvm_dispatch', '__uvm_addEventListener',
// 4.allow all the timer methods
'setTimeout', 'clearTimeout', 'setInterval', 'clearInterval', 'setImmediate', 'clearImmediate'
]),
deleteProperty = function (key) {
// directly delete the property without setting it to `null` or `undefined`
// because a few properties in browser context breaks the sandbox.
// @note non-configurable keys are not deleted.
// eslint-disable-next-line lodash/prefer-includes
allowedGlobals.indexOf(key) === -1 && delete contextObject[key];
};
do {
// delete all forbidden properties (including non-enumerable)
Object.getOwnPropertyNames(contextObject).forEach(deleteProperty);
// keep looking through the prototype chain until we reach the Object prototype
// @note this deletes the constructor as well to make sure one can't recreate the same scope
contextObject = Object.getPrototypeOf(contextObject);
} while (contextObject && contextObject.constructor !== Object);
}());
// do include json purse
require('./purse');
// setup the ping-pong and execute routines
bridge.on('ping', require('./ping').listener('pong'));
// initialise execution
require('./execute')(bridge, {
console: (typeof console !== 'undefined' ? console : null),
window: (typeof window !== 'undefined' ? window : null)
});
// We don't need direct access to the global bridge once it's part of execution closure.
// eslint-disable-next-line no-global-assign, no-implicit-globals, no-delete-var
bridge = undefined; delete bridge;
View Git Blame Copy Permalink