From 73afd8acb79de99ce724ac697a0f5537dbb3d503 Mon Sep 17 00:00:00 2001 From: Maki Nishifuji Date: Sat, 28 Jan 2017 02:33:40 +0900 Subject: [PATCH 1/5] Prevent freezing Even if a crazy scripts in webhooks. e.g. `while(true) { ... }` --- .../rocketchat-integrations/server/api/api.coffee | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/packages/rocketchat-integrations/server/api/api.coffee b/packages/rocketchat-integrations/server/api/api.coffee index 49774f5c270..eaa95023d94 100644 --- a/packages/rocketchat-integrations/server/api/api.coffee +++ b/packages/rocketchat-integrations/server/api/api.coffee @@ -167,7 +167,18 @@ executeIntegrationRest = -> username: @user.username try - result = script.process_incoming_request({ request: request }) + sandbox = + _: _ + s: s + console: console + Store: + set: (key, val) -> + return store[key] = val + get: (key) -> + return store[key] + script: script + request: request + result = vm.runInNewContext('script.process_incoming_webhook({ request: request })', sandbox, { timeout: 3000 }) if result?.error? return RocketChat.API.v1.failure result.error From 64876bd29018cd2d7aea0702df68cd1b500349c8 Mon Sep 17 00:00:00 2001 From: Maki Nishifuji Date: Sat, 28 Jan 2017 02:53:27 +0900 Subject: [PATCH 2/5] Prevent freezing outgoing --- .../server/triggers.coffee | 21 ++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/packages/rocketchat-integrations/server/triggers.coffee b/packages/rocketchat-integrations/server/triggers.coffee index 3835d5de61f..93ac143babb 100644 --- a/packages/rocketchat-integrations/server/triggers.coffee +++ b/packages/rocketchat-integrations/server/triggers.coffee @@ -79,7 +79,26 @@ executeScript = (integration, method, params) -> return try - result = script[method](params) + sandbox = + _: _ + s: s + console: console + Store: + set: (key, val) -> + return store[key] = val + get: (key) -> + return store[key] + HTTP: (method, url, options) -> + try + return {} = + result: HTTP.call method, url, options + catch e + return {} = + error: e + script: script + method: method + params: params + result = vm.runInNewContext('script[method](params)', sandbox, { timeout: 3000 }) logger.outgoing.debug '[Script method [', method, '] result of Trigger', integration.name, ':]' logger.outgoing.debug result From b739befb4245223a351923e6562700eaaf3b2939 Mon Sep 17 00:00:00 2001 From: Maki Nishifuji Date: Sat, 28 Jan 2017 02:54:09 +0900 Subject: [PATCH 3/5] fix outgoing log --- packages/rocketchat-integrations/server/triggers.coffee | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/rocketchat-integrations/server/triggers.coffee b/packages/rocketchat-integrations/server/triggers.coffee index 93ac143babb..753fb1a5e27 100644 --- a/packages/rocketchat-integrations/server/triggers.coffee +++ b/packages/rocketchat-integrations/server/triggers.coffee @@ -105,10 +105,10 @@ executeScript = (integration, method, params) -> return result catch e - logger.incoming.error '[Error running Script in Trigger', integration.name, ':]' - logger.incoming.error integration.scriptCompiled.replace(/^/gm, ' ') - logger.incoming.error "[Stack:]" - logger.incoming.error e.stack.replace(/^/gm, ' ') + logger.outgoing.error '[Error running Script in Trigger', integration.name, ':]' + logger.outgoing.error integration.scriptCompiled.replace(/^/gm, ' ') + logger.outgoing.error "[Stack:]" + logger.outgoing.error e.stack.replace(/^/gm, ' ') return From 1a0d0845b51d1a31429f339fbd04b8f26389e4fe Mon Sep 17 00:00:00 2001 From: Maki Nishifuji Date: Sat, 28 Jan 2017 02:57:09 +0900 Subject: [PATCH 4/5] fix indentation --- packages/rocketchat-integrations/server/triggers.coffee | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/rocketchat-integrations/server/triggers.coffee b/packages/rocketchat-integrations/server/triggers.coffee index 753fb1a5e27..dbf7fcbc7f6 100644 --- a/packages/rocketchat-integrations/server/triggers.coffee +++ b/packages/rocketchat-integrations/server/triggers.coffee @@ -91,10 +91,10 @@ executeScript = (integration, method, params) -> HTTP: (method, url, options) -> try return {} = - result: HTTP.call method, url, options + result: HTTP.call method, url, options catch e return {} = - error: e + error: e script: script method: method params: params From 940229b3ef392879a69a4d0d377e04a720543a82 Mon Sep 17 00:00:00 2001 From: Maki Nishifuji Date: Mon, 30 Jan 2017 22:42:33 +0900 Subject: [PATCH 5/5] process_incoming_webhook to process_incoming_request --- packages/rocketchat-integrations/server/api/api.coffee | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/rocketchat-integrations/server/api/api.coffee b/packages/rocketchat-integrations/server/api/api.coffee index eaa95023d94..432a4c43547 100644 --- a/packages/rocketchat-integrations/server/api/api.coffee +++ b/packages/rocketchat-integrations/server/api/api.coffee @@ -178,7 +178,7 @@ executeIntegrationRest = -> return store[key] script: script request: request - result = vm.runInNewContext('script.process_incoming_webhook({ request: request })', sandbox, { timeout: 3000 }) + result = vm.runInNewContext('script.process_incoming_request({ request: request })', sandbox, { timeout: 3000 }) if result?.error? return RocketChat.API.v1.failure result.error