UNPKG

@stevenleep/sandbox

Version:

A powerful JavaScript sandbox library that provides multiple sandbox implementation options for safely executing untrusted code in browser environments.

382 lines (286 loc) 10.7 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
# @stevenleep/sandbox A powerful JavaScript sandbox library that provides multiple sandbox implementation options for safely executing untrusted code in browser environments. Perfect for micro-frontends and applications that need to run third-party code securely. ## Features - **Multiple sandbox implementations**: - **ProxySandbox**: Based on Proxy to intercept global object operations - **WithEvalSandbox**: Based on with+eval to execute code, isolating global variables - **ShadowRealmSandbox**: Based on the new ShadowRealm API (with polyfill and fallback options) - **SnapshotSandbox**: Based on snapshots to save and restore global state - **Enhanced Security**: - Complete isolation from global objects - Strict mode execution by default - Prevention of prototype pollution attacks - Code validation to detect potentially dangerous patterns - Blacklisting of sensitive APIs - Control over network access - **Resource Management**: - Execution timeouts to prevent infinite loops - Memory usage monitoring - Performance measurement - Automatic cleanup of resources - **Advanced Features**: - Support for asynchronous code execution (async/await) - ES module loading support - Event listener management to prevent memory leaks - Enhanced error handling with detailed information - Symbol handling, including Symbol.unscopables - Tiered implementation approach with graceful fallback ## Installation ```bash npm install @stevenleep/sandbox ``` ## Basic Usage ```javascript import { createSandbox, SandboxType, getBestSandboxType } from '@stevenleep/sandbox'; // Auto-detect best sandbox implementation for current environment const bestSandboxType = getBestSandboxType(); const sandbox = createSandbox(bestSandboxType, { name: 'my-sandbox' }); // Or explicitly select a sandbox type const proxySandbox = createSandbox(SandboxType.Proxy, { name: 'proxy-sandbox', strictMode: true }); // Activate the sandbox sandbox.activate(); // Execute code in the sandbox const result = sandbox.execScript(` const message = 'Hello from sandbox!'; console.log(message); // Won't affect the global environment window.foo = 'bar'; // Return value message; `); console.log(result); // "Hello from sandbox!" console.log(window.foo); // undefined - the property is contained within the sandbox // When finished sandbox.deactivate(); sandbox.destroy(); // Clean up any resources ``` ## ShadowRealm Implementation The ShadowRealmSandbox provides the most secure isolation and uses a tiered implementation approach: 1. Native ShadowRealm API (if available in the browser) 2. ShadowRealm polyfill (automatically used if native implementation is not available) 3. Iframe-based fallback (as last resort if polyfill fails) ```javascript import { ShadowRealmSandbox, isShadowRealmSupported } from '@stevenleep/sandbox'; // Check if ShadowRealm is supported (either native or via polyfill) console.log(`ShadowRealm is ${isShadowRealmSupported() ? 'supported' : 'not supported'}`); // Create a ShadowRealm sandbox const sandbox = new ShadowRealmSandbox({ name: 'shadowrealm-sandbox', initScript: 'console.log("Sandbox initialized")' }); // The implementation will automatically choose the best available option: // - Native ShadowRealm if supported by the browser // - ShadowRealm polyfill if native is not available // - Iframe fallback as last resort // Execute code - this works the same regardless of which implementation is used sandbox.execScript(` // This code runs in complete isolation const privateData = { secret: 'safe' }; // Only explicitly exported values are accessible outside globalThis.exposedValue = 'exposed'; `); // Access exported values const value = await sandbox.execScriptAsync(`globalThis.exposedValue`); console.log(value); // "exposed" // Load an ES module const module = await sandbox.loadModule('https://example.com/module.js'); ``` ## Proxy Sandbox The ProxySandbox provides a good balance of performance and complete isolation: ```javascript import { ProxySandbox } from '@stevenleep/sandbox'; const sandbox = new ProxySandbox({ name: 'proxy-sandbox', strictMode: true, // IMPORTANT: Always set to true for proper isolation blacklist: ['localStorage', 'sessionStorage'], whitelist: ['console', 'setTimeout'] }); sandbox.activate(); // Variables defined in the sandbox stay in the sandbox sandbox.execScript(` // This will be contained within the sandbox window.testValue = 'sandbox value'; // This logs the sandboxed value console.log(window.testValue); // 'sandbox value' // This will log a warning and not be modified due to blacklist localStorage.setItem('test', 'value'); `); // Variables defined in the sandbox are NOT accessible from outside console.log(window.testValue); // undefined - completely isolated sandbox.destroy(); ``` ## WithEval Sandbox The WithEvalSandbox provides simple global variable isolation: ```javascript import { WithEvalSandbox } from '@stevenleep/sandbox'; const sandbox = new WithEvalSandbox({ name: 'eval-sandbox', globals: { // Custom globals to inject customAPI: { getData: () => 'Custom data' } } }); sandbox.activate(); const result = sandbox.execScript(` // Access custom global const data = customAPI.getData(); // Return the data data; `); console.log(result); // "Custom data" sandbox.destroy(); ``` ## ShadowRealm Sandbox The ShadowRealmSandbox uses the new ShadowRealm API (with polyfill and iframe fallback) to provide complete isolation: ```javascript import { ShadowRealmSandbox } from '@stevenleep/sandbox'; const sandbox = new ShadowRealmSandbox({ name: 'shadowrealm-sandbox', // Force using iframe fallback for compatibility forceIframe: true, // Set execution timeout timeLimit: 1000, // Security configuration security: { preventSensitiveAPIs: true, allowNetwork: false }, // Module options if needed moduleOptions: { baseURL: 'https://example.com/', trustedSources: ['https://trusted-cdn.com/'] } }); sandbox.activate(); // Execute code in complete isolation sandbox.execScript(` // Code runs in completely separate environment const secretData = 'This is isolated'; // Define a function we'll export function calculateResult(input) { return input * 2; } `); // Export a function from main environment to sandbox sandbox.exportFunction('multiplyByThree', (value) => value * 3); // Use the exported function in sandbox const result = sandbox.execScript(` // Use the function exported from main environment const result = multiplyByThree(10); return result; `); console.log(result); // 30 // Import a function from sandbox const calculate = sandbox.importFunction('calculateResult'); console.log(calculate(5)); // 10 // Async execution with timeout const asyncResult = await sandbox.execScriptAsync(` return new Promise(resolve => { setTimeout(() => resolve('Completed'), 100); }); `, 500); sandbox.destroy(); ``` ## Snapshot Sandbox The SnapshotSandbox captures and restores window state: ```javascript import { SnapshotSandbox } from '@stevenleep/sandbox'; const sandbox = new SnapshotSandbox({ name: 'snapshot-sandbox' }); // Save current window state sandbox.activate(); // Run code that modifies window sandbox.execScript(` window.modifiedValue = 'modified'; `); console.log(window.modifiedValue); // "modified" // Restore original window state sandbox.deactivate(); console.log(window.modifiedValue); // undefined - window restored ``` ## Security Considerations - **ShadowRealmSandbox**: Provides the strongest isolation - Native implementation offers true realm-based isolation - Polyfill provides excellent compatibility across browsers - Even the iframe fallback gives strong isolation guarantees - Best choice for executing untrusted code - **ProxySandbox**: Offers a good balance between isolation and compatibility - **IMPORTANT**: Always set `strictMode: true` for complete isolation - With proper configuration, provides complete isolation of window modifications - Sandbox variables remain in the sandbox and do not leak to global scope - Uses an isolated object model separate from the global window - Good choice for semi-trusted code when ShadowRealm is not available - **WithEvalSandbox**: Provides limited isolation - Mainly isolates global variables, not full security boundary - Good for code organization more than security - Not recommended for untrusted code - **SnapshotSandbox**: Focuses on state restoration rather than isolation - Useful for temporarily modifying window state - Not a security boundary for untrusted code - Good for isolation between trusted components - **General Security Tips**: - Always sanitize inputs before passing to any sandbox - Validate outputs returned from sandbox execution - Apply Content Security Policy (CSP) restrictions - Consider using a web worker for additional isolation - Limit execution time with timeouts - Restrict access to sensitive APIs through blacklists ## Ensuring Complete Isolation For maximum security, use the following patterns: ```javascript import { createSandbox, getBestSandboxType } from '@stevenleep/sandbox'; // Always use the best available sandbox type with strictMode enabled const sandbox = createSandbox(getBestSandboxType(), { name: 'secure-sandbox', strictMode: true, // Critical for isolation blacklist: [ // Restrict access to sensitive APIs 'localStorage', 'sessionStorage', 'indexedDB', 'WebSocket', 'XMLHttpRequest', 'fetch', // Prevent DOM access 'document', 'navigator', 'location' ] }); sandbox.activate(); // Variables defined inside stay inside sandbox.execScript(` window.secretData = "This stays in the sandbox"; `); // Global window is completely unmodified console.log(window.secretData); // undefined sandbox.destroy(); ``` ## Advanced Usage ### Performance Measurement ```javascript import { performanceMeasure } from '@stevenleep/sandbox'; const { start, end, measure } = performanceMeasure('code-execution'); start(); // Code to measure const result = heavyComputation(); const duration = end(); console.log(`Execution took ${duration}ms`); ``` ### Error Handling ```javascript import { wrapExecution, formatError } from '@stevenleep/sandbox'; const result = wrapExecution(() => { // Potentially dangerous code return riskyOperation(); }); if (result.error) { console.error('Error occurred:', formatError(result.error)); } else { console.log('Success:', result.value); } ``` ## License MIT