diff --git a/packages/nodes-base/nodes/Code/JavaScriptSandbox.ts b/packages/nodes-base/nodes/Code/JavaScriptSandbox.ts index 9c726503f9758..68a5fcc767f7f 100644 --- a/packages/nodes-base/nodes/Code/JavaScriptSandbox.ts +++ b/packages/nodes-base/nodes/Code/JavaScriptSandbox.ts @@ -1,5 +1,5 @@ import type { NodeVMOptions } from 'vm2'; -import { NodeVM } from 'vm2'; +import { NodeVM, makeResolverFromLegacyOptions } from 'vm2'; import type { IExecuteFunctions, INodeExecutionData, WorkflowExecuteMode } from 'n8n-workflow'; import { ValidationError } from './ValidationError'; @@ -10,16 +10,23 @@ import { Sandbox } from './Sandbox'; const { NODE_FUNCTION_ALLOW_BUILTIN: builtIn, NODE_FUNCTION_ALLOW_EXTERNAL: external } = process.env; +export const vmResolver = makeResolverFromLegacyOptions({ + external: external + ? { + modules: external.split(','), + transitive: false, + } + : false, + builtin: builtIn?.split(',') ?? [], +}); + const getSandboxOptions = ( context: SandboxContext, workflowMode: WorkflowExecuteMode, ): NodeVMOptions => ({ console: workflowMode === 'manual' ? 'redirect' : 'inherit', sandbox: context, - require: { - builtin: builtIn ? builtIn.split(',') : [], - external: external ? { modules: external.split(','), transitive: false } : false, - }, + require: vmResolver, }); export class JavaScriptSandbox extends Sandbox { diff --git a/packages/nodes-base/nodes/Function/Function.node.ts b/packages/nodes-base/nodes/Function/Function.node.ts index f681676fe7900..e823ba1763b94 100644 --- a/packages/nodes-base/nodes/Function/Function.node.ts +++ b/packages/nodes-base/nodes/Function/Function.node.ts @@ -9,6 +9,7 @@ import type { INodeTypeDescription, } from 'n8n-workflow'; import { deepCopy, NodeOperationError } from 'n8n-workflow'; +import { vmResolver } from '../Code/JavaScriptSandbox'; export class Function implements INodeType { description: INodeTypeDescription = { @@ -150,23 +151,9 @@ return items;`, const options: NodeVMOptions = { console: mode === 'manual' ? 'redirect' : 'inherit', sandbox, - require: { - external: false as boolean | { modules: string[]; transitive: boolean }, - builtin: [] as string[], - }, + require: vmResolver, }; - if (process.env.NODE_FUNCTION_ALLOW_BUILTIN && typeof options.require === 'object') { - options.require.builtin = process.env.NODE_FUNCTION_ALLOW_BUILTIN.split(','); - } - - if (process.env.NODE_FUNCTION_ALLOW_EXTERNAL && typeof options.require === 'object') { - options.require.external = { - modules: process.env.NODE_FUNCTION_ALLOW_EXTERNAL.split(','), - transitive: false, - }; - } - const vm = new NodeVM(options); if (mode === 'manual') { diff --git a/packages/nodes-base/nodes/FunctionItem/FunctionItem.node.ts b/packages/nodes-base/nodes/FunctionItem/FunctionItem.node.ts index e0971f339ed20..eee5035456dcb 100644 --- a/packages/nodes-base/nodes/FunctionItem/FunctionItem.node.ts +++ b/packages/nodes-base/nodes/FunctionItem/FunctionItem.node.ts @@ -1,5 +1,5 @@ /* eslint-disable @typescript-eslint/no-loop-func */ -import type { NodeVMOptions, VMRequire } from 'vm2'; +import type { NodeVMOptions } from 'vm2'; import { NodeVM } from 'vm2'; import type { IExecuteFunctions, @@ -10,6 +10,7 @@ import type { INodeTypeDescription, } from 'n8n-workflow'; import { deepCopy, NodeOperationError } from 'n8n-workflow'; +import { vmResolver } from '../Code/JavaScriptSandbox'; export class FunctionItem implements INodeType { description: INodeTypeDescription = { @@ -158,24 +159,9 @@ return item;`, const options: NodeVMOptions = { console: mode === 'manual' ? 'redirect' : 'inherit', sandbox, - require: { - external: false, - builtin: [], - }, + require: vmResolver, }; - const vmRequire = options.require as VMRequire; - if (process.env.NODE_FUNCTION_ALLOW_BUILTIN) { - vmRequire.builtin = process.env.NODE_FUNCTION_ALLOW_BUILTIN.split(','); - } - - if (process.env.NODE_FUNCTION_ALLOW_EXTERNAL) { - vmRequire.external = { - modules: process.env.NODE_FUNCTION_ALLOW_EXTERNAL.split(','), - transitive: false, - }; - } - const vm = new NodeVM(options as unknown as NodeVMOptions); if (mode === 'manual') { diff --git a/packages/nodes-base/package.json b/packages/nodes-base/package.json index db480a588bbc7..2ff7ad5c8dd74 100644 --- a/packages/nodes-base/package.json +++ b/packages/nodes-base/package.json @@ -911,7 +911,7 @@ "ssh2-sftp-client": "^7.0.0", "tmp-promise": "^3.0.2", "uuid": "^8.3.2", - "vm2": "~3.9.18", + "vm2": "^3.9.19", "xlsx": "https://cdn.sheetjs.com/xlsx-0.19.3/xlsx-0.19.3.tgz", "xml2js": "^0.5.0" } diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index b6fbe78c3a7bd..6878682808e82 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -1366,8 +1366,8 @@ importers: specifier: ^8.3.2 version: 8.3.2 vm2: - specifier: ~3.9.18 - version: 3.9.18 + specifier: ^3.9.19 + version: 3.9.19 xlsx: specifier: https://cdn.sheetjs.com/xlsx-0.19.3/xlsx-0.19.3.tgz version: '@cdn.sheetjs.com/xlsx-0.19.3/xlsx-0.19.3.tgz' @@ -11765,7 +11765,7 @@ packages: ast-types: 0.13.4 escodegen: 1.14.3 esprima: 4.0.1 - vm2: 3.9.18 + vm2: 3.9.19 dev: false /del@6.1.1: @@ -22539,8 +22539,8 @@ packages: - terser dev: true - /vm2@3.9.18: - resolution: {integrity: sha512-iM7PchOElv6Uv6Q+0Hq7dcgDtWWT6SizYqVcvol+1WQc+E9HlgTCnPozbQNSP3yDV9oXHQOEQu530w2q/BCVZg==} + /vm2@3.9.19: + resolution: {integrity: sha512-J637XF0DHDMV57R6JyVsTak7nIL8gy5KH4r1HiwWLf/4GBbb5MKL5y7LpmF4A8E2nR6XmzpmMFQ7V7ppPTmUQg==} engines: {node: '>=6.0'} hasBin: true dependencies: