fix: available dependencies in sandbox

Author: 0xi4o

docker/.env.example

@@ -41,7 +41,7 @@ PORT=3000
 # LOG_SANITIZE_BODY_FIELDS=password,pwd,pass,secret,token,apikey,api_key,accesstoken,access_token,refreshtoken,refresh_token,clientsecret,client_secret,privatekey,private_key,secretkey,secret_key,auth,authorization,credential,credentials
 # LOG_SANITIZE_HEADER_FIELDS=authorization,x-api-key,x-auth-token,cookie
 # TOOL_FUNCTION_BUILTIN_DEP=crypto,fs
-# TOOL_FUNCTION_EXTERNAL_DEP=moment,lodash
+# TOOL_FUNCTION_EXTERNAL_DEP=moment,lodash,pg,mysql2,mongodb,ioredis,redis,typeorm,puppeteer,playwright,@zilliz/milvus2-sdk-node
 # ALLOW_BUILTIN_DEP=false
 
 

docker/worker/.env.example

@@ -41,7 +41,7 @@ WORKER_PORT=5566
 # LOG_SANITIZE_BODY_FIELDS=password,pwd,pass,secret,token,apikey,api_key,accesstoken,access_token,refreshtoken,refresh_token,clientsecret,client_secret,privatekey,private_key,secretkey,secret_key,auth,authorization,credential,credentials
 # LOG_SANITIZE_HEADER_FIELDS=authorization,x-api-key,x-auth-token,cookie
 # TOOL_FUNCTION_BUILTIN_DEP=crypto,fs
-# TOOL_FUNCTION_EXTERNAL_DEP=moment,lodash
+# TOOL_FUNCTION_EXTERNAL_DEP=moment,lodash,pg,mysql2,mongodb,ioredis,redis,typeorm,puppeteer,playwright,@zilliz/milvus2-sdk-node
 # ALLOW_BUILTIN_DEP=false
 
 

packages/components/src/utils.test.ts

@@ -1,4 +1,10 @@
-import { removeInvalidImageMarkdown, convertRequireToImport, COMMONJS_REQUIRE_REGEX, IMPORT_EXTRACTION_REGEX } from './utils'
+import {
+    removeInvalidImageMarkdown,
+    convertRequireToImport,
+    COMMONJS_REQUIRE_REGEX,
+    IMPORT_EXTRACTION_REGEX,
+    executeJavaScriptCode
+} from './utils'
 
 describe('removeInvalidImageMarkdown', () => {
     describe('strips non-http/https image markdown', () => {
@@ -229,3 +235,55 @@ describe('Import extraction regex (utils.ts line 1596 pattern)', () => {
         expect(extractModules('console.log("hello")')).toEqual([])
     })
 })
+
+// ---------------------------------------------------------------------------
+// NodeVM sandbox — availableDependencies allowlist
+// ---------------------------------------------------------------------------
+
+describe('NodeVM sandbox — availableDependencies allowlist', () => {
+    afterEach(() => {
+        delete process.env.ALLOW_BUILTIN_DEP
+        delete process.env.TOOL_FUNCTION_EXTERNAL_DEP
+    })
+
+    describe('high-risk packages are blocked even when ALLOW_BUILTIN_DEP=true', () => {
+        beforeEach(() => {
+            process.env.ALLOW_BUILTIN_DEP = 'true'
+        })
+
+        const removedPackages = [
+            'pg',
+            'mysql2',
+            'mongodb',
+            'ioredis',
+            'redis',
+            'typeorm',
+            'puppeteer',
+            'playwright',
+            '@zilliz/milvus2-sdk-node'
+        ]
+
+        test.each(removedPackages)(
+            "require('%s') is denied",
+            async (pkg) => {
+                await expect(
+                    executeJavaScriptCode(`const m = require('${pkg}'); return 'loaded'`, {}, { timeout: 10000 })
+                ).rejects.toThrow()
+            },
+            15000
+        )
+    })
+
+    it('packages remaining in availableDependencies are still accessible with ALLOW_BUILTIN_DEP=true', async () => {
+        process.env.ALLOW_BUILTIN_DEP = 'true'
+        const result = await executeJavaScriptCode(`const cheerio = require('cheerio'); return typeof cheerio.load`, {}, { timeout: 10000 })
+        expect(result).toBe('function')
+    }, 15000)
+
+    it('a removed package becomes accessible via TOOL_FUNCTION_EXTERNAL_DEP', async () => {
+        process.env.ALLOW_BUILTIN_DEP = 'true'
+        process.env.TOOL_FUNCTION_EXTERNAL_DEP = 'pg'
+        const result = await executeJavaScriptCode(`const { Client } = require('pg'); return typeof Client`, {}, { timeout: 10000 })
+        expect(result).toBe('function')
+    }, 15000)
+})

packages/components/src/utils.ts

@@ -86,7 +86,6 @@ export const availableDependencies = [
     '@qdrant/js-client-rest',
     '@supabase/supabase-js',
     '@upstash/redis',
-    '@zilliz/milvus2-sdk-node',
     'apify-client',
     'cheerio',
     'chromadb',
@@ -97,32 +96,24 @@ export const availableDependencies = [
     'google-auth-library',
     'graphql',
     'html-to-text',
-    'ioredis',
     'langchain',
     'langfuse',
     'langsmith',
     'langwatch',
     'linkifyjs',
     'lunary',
     'mammoth',
-    'mongodb',
-    'mysql2',
     'node-html-markdown',
     'notion-to-md',
     'openai',
     'pdf-parse',
     'pdfjs-dist',
-    'pg',
-    'playwright',
-    'puppeteer',
-    'redis',
     'replicate',
     'srt-parser-2',
-    'typeorm',
     'weaviate-client'
 ]
 
-const defaultAllowExternalDependencies = ['axios', 'moment', 'node-fetch']
+const defaultAllowExternalDependencies = ['axios', 'node-fetch']
 
 export const defaultAllowBuiltInDep = ['assert', 'buffer', 'crypto', 'events', 'path', 'querystring', 'timers', 'url', 'zlib']
 

packages/server/.env.example

@@ -41,7 +41,7 @@ PORT=3000
 # LOG_SANITIZE_BODY_FIELDS=password,pwd,pass,secret,token,apikey,api_key,accesstoken,access_token,refreshtoken,refresh_token,clientsecret,client_secret,privatekey,private_key,secretkey,secret_key,auth,authorization,credential,credentials
 # LOG_SANITIZE_HEADER_FIELDS=authorization,x-api-key,x-auth-token,cookie
 # TOOL_FUNCTION_BUILTIN_DEP=crypto,fs
-# TOOL_FUNCTION_EXTERNAL_DEP=moment,lodash
+# TOOL_FUNCTION_EXTERNAL_DEP=moment,lodash,pg,mysql2,mongodb,ioredis,redis,typeorm,puppeteer,playwright,@zilliz/milvus2-sdk-node
 # ALLOW_BUILTIN_DEP=false