tailcall icon indicating copy to clipboard operation
tailcall copied to clipboard
verified publisher icon tailcallhq

bug(bug): Sandbox loaded files in execution spec

Open tusharmath opened this issue 1 year ago • 14 comments

Currently when we use the @file:abc.js annotation in a file like foo.md, and try to access it in bar.md we succeed. The expected behaviour is that all files defined in foo.md should be local to that file and sandboxed for that tests defined in foo.md. Those file should never be accessible from bar.md or any other file.

tusharmath avatar Mar 27 '24 08:03 tusharmath

/bounty 50$

tusharmath avatar Mar 27 '24 08:03 tusharmath

~~## 💎 $50 bounty • Tailcall Inc.~~

~~### Steps to solve:~~ ~~1. Start working: Comment /attempt #1570 with your implementation plan~~ ~~2. Submit work: Create a pull request including /claim #1570 in the PR body to claim the bounty~~ ~~3. Receive payment: 100% of the bounty is received 2-5 days post-reward. Make sure you are eligible for payouts~~

~~🙏 Thank you for contributing to tailcallhq/tailcall!~~ ~~🧐 Checkout our guidelines before you get started.~~

Attempt Started (GMT+0) Solution
🔴 @ssddOnTop Mar 27, 2024, 9:09:04 AM WIP
🔴 @webbdays Mar 27, 2024, 1:09:03 PM WIP

algora-pbc[bot] avatar Mar 27 '24 08:03 algora-pbc[bot]

~~/attempt~~

Cancelling my attempt

ssddOnTop avatar Mar 27 '24 09:03 ssddOnTop

Implement access control system , you could enforce a rule that files included via [@file ] annotations can only be accessed from the same directory. Ensure that the runtime environment enforces these access restrictions.

Ameer-officials avatar Mar 27 '24 12:03 Ameer-officials

Currently when we use the @file:abc.js annotation in a file like foo.md, and try to access it in bar.md we succeed. The expected behaviour is that all files defined in foo.md should be local to that file and sandboxed for that tests defined in foo.md. Those file should never be accessible from bar.md or any other file.

In b/w which files Where we can see this behaviour? in current tests.

webbdays avatar Mar 27 '24 13:03 webbdays

we can access in any other files?

webbdays avatar Mar 27 '24 13:03 webbdays

/attempt #1570

Options

webbdays avatar Mar 27 '24 13:03 webbdays

got it.

webbdays avatar Mar 27 '24 14:03 webbdays 

thread_local! {
    // Practically only one JS runtime is created because CHANNEL_RUNTIME is single threaded.
    // TODO: that is causing issues in `execution_spec` tests because the runtime
    // is initialized only once and that implementation will be reused by all the tests
  static LOCAL_RUNTIME: RefCell<OnceCell<LocalRuntime>> = const { RefCell::new(OnceCell::new()) };
}

webbdays avatar Mar 27 '24 20:03 webbdays

There are two options:

  1. define separate new scope other than global every time for each script.
  2. clear global scope everytime.

webbdays avatar Mar 28 '24 17:03 webbdays

dropping.

webbdays avatar Mar 30 '24 05:03 webbdays

it needs knowledge on v8

webbdays avatar Mar 30 '24 06:03 webbdays

Anyone working on this?

tusharmath avatar Apr 17 '24 13:04 tusharmath

Feel free to create a thread on discord to discuss or get clarifications.

tusharmath avatar Apr 17 '24 13:04 tusharmath

Action required: Issue inactive for 30 days. Status update or closure in 7 days.

github-actions[bot] avatar Jun 05 '24 20:06 github-actions[bot]

Issue closed after 7 days of inactivity.

github-actions[bot] avatar Jun 12 '24 21:06 github-actions[bot]