diff --git a/packages/bruno-app/src/components/SecuritySettings/JsSandboxModeModal/index.js b/packages/bruno-app/src/components/SecuritySettings/JsSandboxModeModal/index.js
index 2f010f71f..52a988ea7 100644
--- a/packages/bruno-app/src/components/SecuritySettings/JsSandboxModeModal/index.js
+++ b/packages/bruno-app/src/components/SecuritySettings/JsSandboxModeModal/index.js
@@ -64,7 +64,7 @@ const JsSandboxModeModal = ({ collection }) => {
BETA
- JavaScript code is executed in a secure sandbox and cannot excess your filesystem or execute system commands.
+ JavaScript code is executed in a secure sandbox and cannot access your filesystem or execute system commands.
diff --git a/packages/bruno-app/src/components/SecuritySettings/index.js b/packages/bruno-app/src/components/SecuritySettings/index.js
index 7fd0ab88b..7761760f6 100644
--- a/packages/bruno-app/src/components/SecuritySettings/index.js
+++ b/packages/bruno-app/src/components/SecuritySettings/index.js
@@ -50,7 +50,7 @@ const SecuritySettings = ({ collection }) => {
BETA
- JavaScript code is executed in a secure sandbox and cannot excess your filesystem or execute system commands.
+ JavaScript code is executed in a secure sandbox and cannot access your filesystem or execute system commands.
diff --git a/packages/bruno-js/src/sandbox/quickjs/index.js b/packages/bruno-js/src/sandbox/quickjs/index.js
index 288373bc8..d5fe5e8f3 100644
--- a/packages/bruno-js/src/sandbox/quickjs/index.js
+++ b/packages/bruno-js/src/sandbox/quickjs/index.js
@@ -10,6 +10,7 @@ const { newQuickJSWASMModule, memoizePromiseFactory } = require('quickjs-emscrip
// execute `npm run sandbox:bundle-libraries` if the below file doesn't exist
const getBundledCode = require('../bundle-browser-rollup');
const addPathShimToContext = require('./shims/lib/path');
+const { marshallToVm } = require('./utils');
let QuickJSSyncContext;
const loader = memoizePromiseFactory(() => newQuickJSWASMModule());
@@ -48,14 +49,18 @@ const executeQuickJsVm = ({ script: externalScript, context: externalContext, sc
const vm = QuickJSSyncContext;
try {
- const { bru, req, res } = externalContext;
+ const { bru, req, res, ...variables } = externalContext;
bru && addBruShimToContext(vm, bru);
req && addBrunoRequestShimToContext(vm, req);
res && addBrunoResponseShimToContext(vm, res);
- const templateLiteralText = `\`${externalScript}\`;`;
- const jsExpressionText = `${externalScript};`;
+ Object.entries(variables)?.forEach(([key, value]) => {
+ vm.setProp(vm.global, key, marshallToVm(value, vm));
+ });
+
+ const templateLiteralText = `\`${externalScript}\``;
+ const jsExpressionText = `${externalScript}`;
let scriptText = scriptType === 'template-literal' ? templateLiteralText : jsExpressionText;
@@ -66,7 +71,6 @@ const executeQuickJsVm = ({ script: externalScript, context: externalContext, sc
return e;
} else {
let v = vm.dump(result.value);
- let vString = v.toString();
result.value.dispose();
return v;
}
@@ -124,6 +128,9 @@ const executeQuickJsVmAsync = async ({ script: externalScript, context: external
// resolve module
return globalThis.requireObject[mod];
}
+ else {
+ throw new Error("Cannot find module " + mod);
+ }
}
`;
};
diff --git a/packages/bruno-js/src/sandbox/quickjs/shims/local-module.js b/packages/bruno-js/src/sandbox/quickjs/shims/local-module.js
index 8e3cc673f..ca2b85730 100644
--- a/packages/bruno-js/src/sandbox/quickjs/shims/local-module.js
+++ b/packages/bruno-js/src/sandbox/quickjs/shims/local-module.js
@@ -19,6 +19,10 @@ const addLocalModuleLoaderShimToContext = (vm, collectionPath) => {
throw new Error('Access to files outside of the collectionPath is not allowed.');
}
+ if (!fs.existsSync(filePath)) {
+ throw new Error(`Cannot find module ${filename}`);
+ }
+
let code = fs.readFileSync(filePath).toString();
return marshallToVm(code, vm);
diff --git a/packages/bruno-tests/collection/scripting/js/data types - request vars.bru b/packages/bruno-tests/collection/scripting/js/data types - request vars.bru
index 3692c46cb..d8a8af9f2 100644
--- a/packages/bruno-tests/collection/scripting/js/data types - request vars.bru
+++ b/packages/bruno-tests/collection/scripting/js/data types - request vars.bru
@@ -13,7 +13,9 @@ post {
body:json {
{
"boolean": false,
- "number": 1,
+ "number_1": 1,
+ "number_2": 0,
+ "number_3": -1,
"string": "bruno",
"array": [1, 2, 3, 4, 5],
"object": {
@@ -24,25 +26,38 @@ body:json {
}
vars:pre-request {
- number: 1
boolean: false
undefined: undefined
null: null
string: foo
+ number_1: 1
+ number_2: 0
+ number_3: -1
}
assert {
req.body.boolean: isBoolean false
- req.body.number: isNumber 1
+ req.body.number_1: isNumber 1
req.body.undefined: isUndefined undefined
req.body.string: isString bruno
req.body.null: isNull null
req.body.array: isArray
req.body.boolean: eq false
- req.body.number: eq 1
+ req.body.number_1: eq 1
req.body.undefined: eq undefined
req.body.string: eq bruno
req.body.null: eq null
+ req.body.number_2: eq 0
+ req.body.number_3: eq -1
+ req.body.number_2: isNumber
+ req.body.number_3: isNumber
+ boolean: eq false
+ undefined: eq undefined
+ null: eq null
+ string: eq foo
+ number_1: eq 1
+ number_2: eq 0
+ number_3: eq -1
}
tests {
@@ -51,7 +66,9 @@ tests {
});
test("number pre var", function() {
- expect(bru.getRequestVar('number')).to.eql(1);
+ expect(bru.getRequestVar('number_1')).to.eql(1);
+ expect(bru.getRequestVar('number_2')).to.eql(0);
+ expect(bru.getRequestVar('number_3')).to.eql(-1);
});
test("null pre var", function() {
diff --git a/packages/bruno-tests/collection/scripting/js/vars asserts.bru b/packages/bruno-tests/collection/scripting/js/vars asserts.bru
new file mode 100644
index 000000000..e4bf9e97b
--- /dev/null
+++ b/packages/bruno-tests/collection/scripting/js/vars asserts.bru
@@ -0,0 +1,39 @@
+meta {
+ name: vars asserts
+ type: http
+ seq: 5
+}
+
+post {
+ url: {{host}}/api/echo/json
+ body: json
+ auth: none
+}
+
+body:json {
+ {
+ "boolean": false,
+ "number": 1,
+ "string": "bruno",
+ "array": [1, 2, 3, 4, 5],
+ "object": {
+ "hello": "bruno"
+ },
+ "null": null
+ }
+}
+
+vars:pre-request {
+ vars_asserts__request_var: vars_asserts__request_var__value
+}
+
+assert {
+ vars_asserts__request_var: eq vars_asserts__request_var__value
+ vars_asserts__runtime_var: eq vars_asserts__runtime_var__value
+ vars_asserts__env_var: eq vars_asserts__env_var__value
+}
+
+script:pre-request {
+ bru.setVar('vars_asserts__runtime_var', 'vars_asserts__runtime_var__value');
+ bru.setEnvVar('vars_asserts__env_var', 'vars_asserts__env_var__value');
+}
diff --git a/packages/bruno-tests/collection/scripting/local modules/invalid and valid module imports.bru b/packages/bruno-tests/collection/scripting/local modules/invalid and valid module imports.bru
new file mode 100644
index 000000000..89c3ad23d
--- /dev/null
+++ b/packages/bruno-tests/collection/scripting/local modules/invalid and valid module imports.bru
@@ -0,0 +1,37 @@
+meta {
+ name: invalid and valid module imports
+ type: http
+ seq: 3
+}
+
+get {
+ url: {{host}}/ping
+ body: none
+ auth: none
+}
+
+assert {
+ invalid_module_error_thrown: eq true
+ valid_module_no_error: eq true
+}
+
+script:pre-request {
+ try {
+ bru.setVar('invalid_module_error_thrown', false);
+ // should throw an error
+ const invalid = require("./lib/invalid");
+ }
+ catch(error) {
+ bru.setVar('invalid_module_error_thrown', true);
+ }
+
+
+ try {
+ bru.setVar('valid_module_no_error', true);
+ // should not throw an error
+ const math = require("./lib/math");
+ }
+ catch(error) {
+ bru.setVar('valid_module_no_error', false);
+ }
+}