forked from apache/superset
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Introduce Javascript controls (apache#4076)
* Introduce Javascript controls This allows power-users to perform intricate transformations on data and objects using javascript code. The operations allowed are "sanboxed" or limited using node's vm `runInNewContext` https://nodejs.org/api/vm.html#vm_vm_runinnewcontext_code_sandbox_options For now I'm only enabling in the line chart visualization, but the plan would be to go towards offering more power to people who can write some JS moving forward. * Not applied
- Loading branch information
1 parent
b4909f2
commit 69195f8
Showing
6 changed files
with
87 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
// A safe alternative to JS's eval | ||
import vm from 'vm'; | ||
import _ from 'underscore'; | ||
|
||
// Objects exposed here should be treated like a public API | ||
// if `underscore` had backwards incompatible changes in a future release, we'd | ||
// have to be careful about bumping the library as those changes could break user charts | ||
const GLOBAL_CONTEXT = { | ||
console, | ||
_, | ||
}; | ||
|
||
// Copied/modified from https://github.com/hacksparrow/safe-eval/blob/master/index.js | ||
export default function sandboxedEval(code, context, opts) { | ||
const sandbox = {}; | ||
const resultKey = 'SAFE_EVAL_' + Math.floor(Math.random() * 1000000); | ||
sandbox[resultKey] = {}; | ||
const codeToEval = resultKey + '=' + code; | ||
const sandboxContext = { ...GLOBAL_CONTEXT, ...context }; | ||
Object.keys(sandboxContext).forEach(function (key) { | ||
sandbox[key] = sandboxContext[key]; | ||
}); | ||
vm.runInNewContext(codeToEval, sandbox, opts); | ||
return sandbox[resultKey]; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
import { it, describe } from 'mocha'; | ||
import { expect } from 'chai'; | ||
|
||
import sandboxedEval from '../../../javascripts/modules/sandbox'; | ||
|
||
describe('sandboxedEval', () => { | ||
it('works like a basic eval', () => { | ||
expect(sandboxedEval('100')).to.equal(100); | ||
expect(sandboxedEval('v => v * 2')(5)).to.equal(10); | ||
}); | ||
it('d3 is in context and works', () => { | ||
expect(sandboxedEval("l => _.find(l, s => s === 'bar')")(['foo', 'bar'])).to.equal('bar'); | ||
}); | ||
it('passes context as expected', () => { | ||
expect(sandboxedEval('foo', { foo: 'bar' })).to.equal('bar'); | ||
}); | ||
}); |