Consider following code as example to reproduce bug:
var VM = require('vm2').VM,
// Case 1:
var vm1 = new VM({
timeout: 5000
});
// Works correct, throws exception
vm1.run('while(1);')
// Case 2:
var vm2 = new VM({
timeout: 5000,
sandbox: {
a: {
get b () {
while(1);
return 1;
}
}
}
});
// Not stopping from looping, too bad!
vm2.run('a.b')
Actualy, that will happen, when exectuing any code inside run(), having that getter inside sandbox because of main.js:79.
Of course, i can find a workaround here, but i suppose, that sandbox can contain something untrusted either.
Consider following code as example to reproduce bug:
Actualy, that will happen, when exectuing any code inside run(), having that getter inside sandbox because of main.js:79.
Of course, i can find a workaround here, but i suppose, that sandbox can contain something untrusted either.