Saturday 18 March 2017

What's the difference when passing the reference of require to runInContext and not?

In docs of vm module, is an example of Running an http server within a vm:

'use strict';
const vm = require('vm');

let code =
`(function(require) {

   const http = require('http');

   http.createServer( (request, response) => {
     response.writeHead(200, {'Content-Type': 'text/plain'});
     response.end('Hello World\\n');
   }).listen(8124);

   console.log('Server running at http://127.0.0.1:8124/');
 })`;

 vm.runInThisContext(code)(require);

I am wondering why should we pass the require to the code inside the context? Is there a specific reason? In fact, I tried the following in node 6.10:

'use strict';
const vm = require('vm');

let code =
`(function() {

   const http = require('http');

   http.createServer( (request, response) => {
     response.writeHead(200, {'Content-Type': 'text/plain'});
     response.end('Hello World\\n');
   }).listen(8124);

   console.log('Server running at http://127.0.0.1:8124/');
 })`;

 vm.runInThisContext(code)();

and it works. Would the modification cause potential problem?

There is also a note in the doc, point out that share reference of require could introduce risk. To my understanding, the modified code is now safe, correct?



via minexu
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)