diff --git a/go.mod b/go.mod index 8c60ccb..2ac2a20 100644 --- a/go.mod +++ b/go.mod @@ -1,27 +1,27 @@ module apigo.cc/gojs/runtime -go 1.23.0 +go 1.24.0 require ( - apigo.cc/gojs v0.0.13 - apigo.cc/gojs/console v0.0.2 - apigo.cc/gojs/file v0.0.3 - github.com/ssgo/u v1.7.18 + apigo.cc/gojs v0.0.28 + apigo.cc/gojs/console v0.0.3 + apigo.cc/gojs/file v0.0.6 + github.com/ssgo/u v1.7.23 ) require ( - github.com/dlclark/regexp2 v1.11.4 // indirect - github.com/fsnotify/fsnotify v1.8.0 // indirect + github.com/dlclark/regexp2 v1.11.5 // indirect + github.com/fsnotify/fsnotify v1.9.0 // indirect github.com/go-sourcemap/sourcemap v2.1.4+incompatible // indirect - github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e // indirect + github.com/google/pprof v0.0.0-20250903194437-c28834ac2320 // indirect github.com/kr/pretty v0.3.1 // indirect github.com/rogpeppe/go-internal v1.13.1 // indirect - github.com/ssgo/config v1.7.9 // indirect - github.com/ssgo/log v1.7.7 // indirect + github.com/ssgo/config v1.7.10 // indirect + github.com/ssgo/log v1.7.9 // indirect github.com/ssgo/standard v1.7.7 // indirect - github.com/ssgo/tool v0.4.28 // indirect - golang.org/x/sys v0.33.0 // indirect - golang.org/x/text v0.23.0 // indirect + github.com/ssgo/tool v0.4.29 // indirect + golang.org/x/sys v0.38.0 // indirect + golang.org/x/text v0.31.0 // indirect gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/plugin.go b/plugin.go index 05e09be..65ae768 100644 --- a/plugin.go +++ b/plugin.go @@ -42,7 +42,7 @@ func (obj *PluginObject) Arch() string { return runtime.GOARCH } -func (obj *PluginObject) Sleep(timeValue any) error { +func (obj *PluginObject) Sleep(timeValue any, vm *goja.Runtime) error { var timeV time.Duration if ms := u.Int64(timeValue); ms > 0 { timeV = time.Duration(ms) * time.Millisecond @@ -51,8 +51,11 @@ func (obj *PluginObject) Sleep(timeValue any) error { timeV = v } } - if timeV > time.Hour { - return errors.New("sleep time too long, max 1h") + if timeV > time.Minute { + return errors.New("sleep time too long, max 60s") + } + if timeV > time.Second*5 && u.String(vm.GetData("userPath")) != "" { + return errors.New("sleep time too long, max 5s in sandbox") } if timeV > 0 { time.Sleep(timeV) @@ -60,7 +63,10 @@ func (obj *PluginObject) Sleep(timeValue any) error { return nil } -func (obj *PluginObject) Shell(cmd string, args ...string) ([]string, error) { +func (obj *PluginObject) Shell(vm *goja.Runtime, cmd string, args ...string) ([]string, error) { + if u.String(vm.GetData("userPath")) != "" { + return nil, gojs.Err("shell is not allowed in sandbox") + } if len(args) == 0 && strings.ContainsRune(cmd, ' ') { args = u.SplitArgs(cmd) cmd = args[0]