Locking up the host about vm2 HOT 8 CLOSED

Unfortunately, this is how node's VM works and there is nothing I can change about that.

from vm2.

Hey! I wrote a module that makes really simple async code sync. I'm interested in expanding it to other stuff like Promises.

Let's join forces on this!

from vm2.

Would using Promise: null in the sandbox options guarantee that the script cannot add any callbacks to the event loop (assuming, of course, that no other async functionality was added to the sandbox scope)?

If not, is there another way to force the code to be only synchronous?

from vm2.

Btw i moved to lolex for all timer-related code (e.g. setTimeout). Rewriting async code like I linked above is still possible but tedious.

For Promises, they usually resolve on next tick, so it would be possible to mock them so that we can control this next tick.

from vm2.

Is there a way to disable promises in the VM?

Using sandbox: { Promise: null } causes issues with contextify.

VM = require('vm2').VM;
new VM({
  sandbox: {
    Promise: null,
  }
}).run('class Foo {}; new Foo();');

TypeError: Right-hand side of 'instanceof' is not an object
    at Object.value (/Users/jtokoph/tmp/node_modules/vm2/lib/contextify.js:232:22)
    at VM.run (/Users/jtokoph/tmp/node_modules/vm2/lib/main.js:207:39)

Using sandbox: { Promise: function() } causes the process to hang with this simple example:

VM = require('vm2').VM;
new VM({
  sandbox: {
    Promise: function() {},
  }
}).run('class Foo {}; new Foo();');

from vm2.

@jtokoph Please open a separate ticket for this.

from vm2.

Even if we can't prevent while(true) loops, setting a memory cap would help. An infinite loop will consume a lot of memory. By adding the possibility to set a threshold for a script, we could mitigate their impact.

Not being able to detect and/or block infinite loops is a BIG issue because the only thing you can do when that happens is to restart your server which is not really a solution.

Do you think that would be possible?

from vm2.

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

from vm2.