Unable to import from quickjs libraries std & os

PetterS / quickjs

Thin Python wrapper of https://bellard.org/quickjs/

https://github.com/bellard/QuickJS

MIT License

181 stars 19 forks source link

Unable to import from quickjs libraries std & os #13

Closed shawnsarwar closed 4 years ago

shawnsarwar commented 4 years ago

I'm trying to assess this for sandboxing small bits of JS code execution in a python environment. I don't see you performing imports of os or std in the tests and when I try with either Function or Context I get: _quickjs.JSException: SyntaxError: expecting '(' Is this the intended behavior? I want to make sure that I can restrict or regulate access to things like os.open and std.getUrl from within a Function or Context evaluation.

PetterS commented 4 years ago

What exactly are you trying?

shawnsarwar commented 4 years ago

Here's a self contained example of trying to call a function from the standard library:

from quickjs import Context

js_str = '''
import * as std from "std";
std.open("f.txt")
'''

context = Context()
context.eval(js_str)

Which yields

Traceback (most recent call last):
  File "./t.py", line 9, in <module>
    context.eval(js_str)
_quickjs.JSException: SyntaxError: expecting '('

My goal is to use quickjs as a sandboxed JS environment to execute user defined js functions for the purpose of Map / Reduce. I'd rather not be able to access the standard library, I just want to make sure I'm not doing something dumb (which is my current assumption).

PetterS commented 4 years ago

The standard library used in the quickjs executable is not available. Also, the context does not evaluate the code as a module, that's why you are getting the syntax error.