From 6d01c46d50f98d69df55d6d507e00a42b812bebb Mon Sep 17 00:00:00 2001
From: Anoop M D <anoop.md1421@gmail.com>
Date: Sun, 11 Aug 2024 18:02:05 +0530
Subject: [PATCH] feat: safe mode updates

---
 .../RequestTabs/CollectionToolBar/index.js    | 12 +---------
 .../components/Sidebar/Collections/index.js   |  2 +-
 .../src/runner/run-single-request.js          |  7 +++++-
 packages/bruno-electron/package.json          |  3 +--
 packages/bruno-js/package.json                | 24 +++++++++----------
 .../scripts/prebuild-isolated-vm-for-dev.js   |  2 +-
 .../bruno-js/src/runtime/assert-runtime.js    |  6 ++---
 .../bruno-js/src/runtime/script-runtime.js    | 16 -------------
 packages/bruno-js/src/runtime/test-runtime.js |  8 -------
 packages/bruno-js/src/runtime/vars-runtime.js |  6 ++---
 .../bruno-js/src/sandbox/isolatedvm/index.js  |  8 +------
 .../collection/environments/Prod.bru          |  5 ++++
 12 files changed, 34 insertions(+), 65 deletions(-)

diff --git a/packages/bruno-app/src/components/RequestTabs/CollectionToolBar/index.js b/packages/bruno-app/src/components/RequestTabs/CollectionToolBar/index.js
index defc0b400..5f6257bc4 100644
--- a/packages/bruno-app/src/components/RequestTabs/CollectionToolBar/index.js
+++ b/packages/bruno-app/src/components/RequestTabs/CollectionToolBar/index.js
@@ -1,6 +1,6 @@
 import React from 'react';
 import { uuid } from 'utils/common';
-import { IconFiles, IconRun, IconEye, IconSettings, IconShieldLock } from '@tabler/icons';
+import { IconFiles, IconRun, IconEye, IconSettings } from '@tabler/icons';
 import EnvironmentSelector from 'components/Environments/EnvironmentSelector';
 import { addTab } from 'providers/ReduxStore/slices/tabs';
 import { useDispatch } from 'react-redux';
@@ -40,16 +40,6 @@ const CollectionToolBar = ({ collection }) => {
     );
   };
 
-  const viewSecuritySettings = () => {
-    dispatch(
-      addTab({
-        uid: uuid(),
-        collectionUid: collection.uid,
-        type: 'security-settings'
-      })
-    );
-  };
-
   return (
     <StyledWrapper>
       <div className="flex items-center p-2">
diff --git a/packages/bruno-app/src/components/Sidebar/Collections/index.js b/packages/bruno-app/src/components/Sidebar/Collections/index.js
index 6553be58f..91018594f 100644
--- a/packages/bruno-app/src/components/Sidebar/Collections/index.js
+++ b/packages/bruno-app/src/components/Sidebar/Collections/index.js
@@ -115,7 +115,7 @@ const Collections = () => {
         )}
       </div>
 
-      <div className="mt-4 flex flex-col overflow-y-auto absolute top-32 bottom-10 left-0 right-0">
+      <div className="mt-4 flex flex-col overflow-hidden hover:overflow-y-auto absolute top-32 bottom-10 left-0 right-0">
         {collections && collections.length
           ? collections.map((c) => {
               return (
diff --git a/packages/bruno-cli/src/runner/run-single-request.js b/packages/bruno-cli/src/runner/run-single-request.js
index 78daa8d6a..23db67a0a 100644
--- a/packages/bruno-cli/src/runner/run-single-request.js
+++ b/packages/bruno-cli/src/runner/run-single-request.js
@@ -37,7 +37,12 @@ const runSingleRequest = async function (
 
     request = prepareRequest(bruJson.request, collectionRoot);
 
-    const scriptingConfig = { ...get(brunoConfig, 'scripts', {}), ...get(brunoConfig, 'security', {}) };
+    const scriptingConfig = get(brunoConfig, 'scripts', {});
+
+    // todo: allow to override from cli args
+    // we will default to vm2 (developer-mode) for 1.x version for backward compatibility
+    // 2.x will default to isolated-vm (safe mode)
+    scriptingConfig.runtime = 'vm2';
 
     // make axios work in node using form data
     // reference: https://github.com/axios/axios/issues/1006#issuecomment-320165427
diff --git a/packages/bruno-electron/package.json b/packages/bruno-electron/package.json
index 466702d6a..5f62cbc7d 100644
--- a/packages/bruno-electron/package.json
+++ b/packages/bruno-electron/package.json
@@ -31,7 +31,6 @@
     "about-window": "^1.15.2",
     "aws4-axios": "^3.3.0",
     "axios": "^1.5.1",
-    "browserify": "^17.0.0",
     "chai": "^4.3.7",
     "chokidar": "^3.5.3",
     "content-disposition": "^0.5.4",
@@ -65,7 +64,7 @@
     "dmg-license": "^1.0.11"
   },
   "devDependencies": {
-    "electron": "21.1.1",
+    "electron": "23.3.3",
     "electron-builder": "23.0.2",
     "electron-icon-maker": "^0.0.5"
   }
diff --git a/packages/bruno-js/package.json b/packages/bruno-js/package.json
index 345f9da5c..b9c519b00 100644
--- a/packages/bruno-js/package.json
+++ b/packages/bruno-js/package.json
@@ -13,24 +13,19 @@
   "scripts": {
     "test": "jest --testPathIgnorePatterns test.js",
     "rebuild:electron": "cd ./node_modules/isolated-vm && npx electron-rebuild",
-    "postinstall": "npm run install:isolated-vm && npm run prebuild:isolated-vm:dev && npm run build:isolated-vm:inbuilt-modules",
-    "install:isolated-vm": "cd ./node_modules/isolated-vm && npm install",
-    "prebuild:isolated-vm:dev": "node ./scripts/prebuild-isolated-vm-for-dev.js",
-    "prebuild:isolated-vm:prod": "node ./scripts/prebuild-isolated-vm-for-prod-builds.js",
-    "build:isolated-vm:inbuilt-modules": "node ./src/sandbox/isolatedvm/utils/bundle-libraries.js"
+    "postinstall": "npm run isolated-vm:install && npm run isolated-vm:prebuild:dev && npm run isolated-vm:bundle-libraries",
+    "isolated-vm:install": "cd ./node_modules/isolated-vm && npm install",
+    "isolated-vm:prebuild:dev": "node ./scripts/prebuild-isolated-vm-for-dev.js",
+    "isolated-vm:prebuild:prod": "node ./scripts/prebuild-isolated-vm-for-prod-builds.js",
+    "isolated-vm:bundle-libraries": "node ./src/sandbox/isolatedvm/utils/bundle-libraries.js"
   },
   "dependencies": {
-    "@faker-js/faker": "^8.4.1",
-    "@rollup/plugin-commonjs": "^23.0.2",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.0.1",
     "@usebruno/common": "0.1.0",
     "@usebruno/query": "0.1.0",
     "ajv": "^8.12.0",
     "ajv-formats": "^2.1.1",
     "atob": "^2.1.2",
     "axios": "^1.5.1",
-    "browserify": "^17.0.0",
     "btoa": "^1.2.1",
     "chai": "^4.3.7",
     "chai-string": "^1.5.0",
@@ -42,6 +37,12 @@
     "nanoid": "3.3.4",
     "node-fetch": "2.*",
     "node-vault": "^0.10.2",
+    "uuid": "^9.0.0"
+  },
+  "devDependencies": {
+    "@rollup/plugin-commonjs": "^23.0.2",
+    "@rollup/plugin-json": "^6.1.0",
+    "@rollup/plugin-node-resolve": "^15.0.1",
     "rollup": "3.2.5",
     "rollup-plugin-node-builtins": "^2.1.2",
     "rollup-plugin-node-globals": "^1.4.0",
@@ -50,7 +51,6 @@
     "stream": "^0.0.2",
     "terser": "^5.31.1",
     "uglify-js": "^3.18.0",
-    "util": "^0.12.5",
-    "uuid": "^9.0.0"
+    "util": "^0.12.5"
   }
 }
diff --git a/packages/bruno-js/scripts/prebuild-isolated-vm-for-dev.js b/packages/bruno-js/scripts/prebuild-isolated-vm-for-dev.js
index b9b3aaf07..f11833422 100644
--- a/packages/bruno-js/scripts/prebuild-isolated-vm-for-dev.js
+++ b/packages/bruno-js/scripts/prebuild-isolated-vm-for-dev.js
@@ -3,7 +3,7 @@ const os = require('os');
 
 const platform = os.platform();
 const arch = os.arch();
-const target = '21.1.1';
+const target = '23.3.3';
 
 const command = `cd ./node_modules/isolated-vm && rm -rf prebuilds && mkdir prebuilds && npm run prebuild -- --platform=${platform} --arch=${arch} --target=${target} --runtime=electron`;
 
diff --git a/packages/bruno-js/src/runtime/assert-runtime.js b/packages/bruno-js/src/runtime/assert-runtime.js
index adc67ff61..bd902d34c 100644
--- a/packages/bruno-js/src/runtime/assert-runtime.js
+++ b/packages/bruno-js/src/runtime/assert-runtime.js
@@ -5,7 +5,7 @@ const Bru = require('../bru');
 const BrunoRequest = require('../bruno-request');
 const { evaluateJsTemplateLiteral, evaluateJsExpression, createResponseParser } = require('../utils');
 const { interpolateString } = require('../interpolate-string');
-const { isolatedVMStrictInstance } = require('../sandbox/isolatedvm');
+const { executeInIsolatedVMStrict } = require('../sandbox/isolatedvm');
 
 const { expect } = chai;
 chai.use(require('chai-string'));
@@ -164,7 +164,7 @@ const isUnaryOperator = (operator) => {
 
 const evaluateJsTemplateLiteralBasedOnRuntime = (literal, context, runtime) => {
   if(runtime === 'isolated-vm') {
-    return isolatedVMStrictInstance.execute({
+    return executeInIsolatedVMStrict({
       script: literal,
       context,
       scriptType: 'template-literal'
@@ -176,7 +176,7 @@ const evaluateJsTemplateLiteralBasedOnRuntime = (literal, context, runtime) => {
 
 const evaluateJsExpressionBasedOnRuntime = (expr, context, runtime) => {
   if(runtime === 'isolated-vm') {
-    return isolatedVMStrictInstance.execute({
+    return executeInIsolatedVMStrict({
       script: expr,
       context,
       scriptType: 'expression'
diff --git a/packages/bruno-js/src/runtime/script-runtime.js b/packages/bruno-js/src/runtime/script-runtime.js
index 68c64784f..4f370e408 100644
--- a/packages/bruno-js/src/runtime/script-runtime.js
+++ b/packages/bruno-js/src/runtime/script-runtime.js
@@ -90,14 +90,6 @@ class ScriptRuntime {
     }
 
     if (this.runtime === 'isolated-vm') {
-      // Reuses the same instance of IsolatedVMAsync
-      // TODO: Test for performance
-      // await isolatedVMAsyncInstance.execute({
-      //   script,
-      //   context,
-      //   modules: {}, // todo: module support?
-      //   scriptType: 'jsScript'
-      // });
       await executeInIsolatedVMAsync({
         script: script,
         context: context,
@@ -211,14 +203,6 @@ class ScriptRuntime {
     }
 
     if (this.runtime === 'isolated-vm') {
-      // Reuses the same instance of IsolatedVMAsync
-      // TODO: Test for performance
-      // await isolatedVMAsyncInstance.execute({
-      //   script,
-      //   context,
-      //   modules: {}, // todo: module support?
-      //   scriptType: 'jsScript'
-      // });
       await executeInIsolatedVMAsync({
         script: script,
         context: context,
diff --git a/packages/bruno-js/src/runtime/test-runtime.js b/packages/bruno-js/src/runtime/test-runtime.js
index 72565d2e2..c13890e0a 100644
--- a/packages/bruno-js/src/runtime/test-runtime.js
+++ b/packages/bruno-js/src/runtime/test-runtime.js
@@ -109,14 +109,6 @@ class TestRuntime {
     }
 
     if (this.mode == 'safe') {
-      // Reuses the same instance of IsolatedVMAsync
-      // TODO: Test for performance
-      // await isolatedVMAsyncInstance.execute({
-      //   script: testsFile,
-      //   context: context,
-      //   modules: {},
-      //   scriptType: 'jsScript'
-      // });
       await executeInIsolatedVMAsync({
         script: testsFile,
         context: context,
diff --git a/packages/bruno-js/src/runtime/vars-runtime.js b/packages/bruno-js/src/runtime/vars-runtime.js
index ef04511a5..6b1865620 100644
--- a/packages/bruno-js/src/runtime/vars-runtime.js
+++ b/packages/bruno-js/src/runtime/vars-runtime.js
@@ -3,11 +3,11 @@ const Bru = require('../bru');
 const BrunoRequest = require('../bruno-request');
 const { evaluateJsTemplateLiteral, evaluateJsExpression, createResponseParser } = require('../utils');
 
-const { isolatedVMStrictInstance } = require('../sandbox/isolatedvm');
+const { executeInIsolatedVMStrict } = require('../sandbox/isolatedvm');
 
 const evaluateJsTemplateLiteralBasedOnRuntime = (literal, context, runtime) => {
   if(runtime === 'isolated-vm') {
-    return isolatedVMStrictInstance.execute({
+    return executeInIsolatedVMStrict({
       script: literal,
       context,
       scriptType: 'template-literal'
@@ -19,7 +19,7 @@ const evaluateJsTemplateLiteralBasedOnRuntime = (literal, context, runtime) => {
 
 const evaluateJsExpressionBasedOnRuntime = (expr, context, runtime, mode) => {
   if(runtime === 'isolated-vm') {
-    return isolatedVMStrictInstance.execute({
+    return executeInIsolatedVMStrict({
       script: expr,
       context,
       scriptType: 'expression'
diff --git a/packages/bruno-js/src/sandbox/isolatedvm/index.js b/packages/bruno-js/src/sandbox/isolatedvm/index.js
index c98e38e3e..9290b112c 100644
--- a/packages/bruno-js/src/sandbox/isolatedvm/index.js
+++ b/packages/bruno-js/src/sandbox/isolatedvm/index.js
@@ -80,8 +80,6 @@ class IsolatedVMStrict {
   }
 }
 
-const isolatedVMStrictInstance = new IsolatedVMStrict();
-
 const executeInIsolatedVMStrict = ({ script: externalScript, context: externalContext, scriptType = 'script' }) => {
   if (!isNaN(Number(externalScript))) {
     return Number(externalScript);
@@ -229,8 +227,6 @@ class IsolatedVMAsync {
   }
 }
 
-const isolatedVMAsyncInstance = new IsolatedVMAsync();
-
 const executeInIsolatedVMAsync = async ({
   script: externalScript,
   context: externalContext,
@@ -327,7 +323,5 @@ const executeInIsolatedVMAsync = async ({
 
 module.exports = {
   executeInIsolatedVMStrict,
-  isolatedVMStrictInstance,
-  executeInIsolatedVMAsync,
-  isolatedVMAsyncInstance
+  executeInIsolatedVMAsync
 };
diff --git a/packages/bruno-tests/collection/environments/Prod.bru b/packages/bruno-tests/collection/environments/Prod.bru
index e6286f3b6..7f4bf5d5f 100644
--- a/packages/bruno-tests/collection/environments/Prod.bru
+++ b/packages/bruno-tests/collection/environments/Prod.bru
@@ -5,4 +5,9 @@ vars {
   env.var1: envVar1
   env-var2: envVar2
   bark: {{process.env.PROC_ENV_VAR}}
+  foo: bar
+  testSetEnvVar: bruno-29653
 }
+vars:secret [
+  bruno
+]