Experiment with how VM2 proxies functions and objects

[stuartc]

While dealing with OpenFn/language-http#15, we found that VM2's Contextify/Decontextify functions were breaking the object structure of the Agent object.

Internally Node's _http_client.js checks the Agent looks correct by checking for the existance of the addRequest function. In certain situations this function ceases to exist (or is placed somewhere else in the object) when the check fails. See: https://github.com/nodejs/node/blob/master/lib/_http_client.js#L149

This issue can be recreated like this:

const { VM } = require('vm2');
const https = require('https');

console.log(typeof new require('https').Agent().addRequest);

function myFunc(args) {

  return {...args};
}

new VM({ sandbox: { https, myFunc,console } }).run(`
try {
  function threeFunc(args) {
      debugger;
      return {...args};
  }

  const three = threeFunc(new https.Agent());
  console.log(typeof three.addRequest);

  console.log(typeof (https.Agent()).addRequest);
  const one = myFunc(new https.Agent());
  console.log(typeof one.addRequest);

  const two = myFunc.apply(undefined, new https.Agent());
  console.log(typeof two.addRequest);


} catch (err) {
  console.error(err)
}
`);

NOTE this may very well not be solvable, or at least in a way that benefits us - i.e. we need proxied and sandboxed functions in order to protect against malicious code.

Can we somehow work with VM2 in a way that doesn't expose this problem, and if so - what does that look like?