Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

support project from js files #384

Closed
wants to merge 1 commit into from
Closed

support project from js files #384

wants to merge 1 commit into from

Conversation

amphineko
Copy link

Resolves #383

@ianhe8x
Copy link
Collaborator

ianhe8x commented Jul 10, 2021

Code of user's project are considered high risky and untrusted, therefore we restrict their execution in sandbox only, your pr expose vulnerability in the system. So not going to be accepted sadly.

@ianhe8x
Copy link
Collaborator

ianhe8x commented Jul 12, 2021

After a second thought, since my concerns are mostly security concern for require(filePath). If you can wrap it in the sandbox, most of them will be solved.

@jamesbayly
Copy link
Contributor

@amphineko are you happy work on this further?

@amphineko
Copy link
Author

@jamesbayly We have solved this problem using a different approach. project.yaml will be re-configured automatically by gulp via npm prepublish or during container startup.


re-configuring project.yaml from templates:
https://github.com/Phala-Network/chainbridge-subquery/blob/0ca431d83e5eb4bc4f4d62c25a4668b69d8e75d5/gulpfile.ts

on container startup:
https://github.com/Phala-Network/chainbridge-subquery/blob/0ca431d83e5eb4bc4f4d62c25a4668b69d8e75d5/docker/docker-entrypoint.sh

@ianhe8x
Copy link
Collaborator

ianhe8x commented Oct 1, 2021

close it. And a reminder that we are working on #495, though will keep it backward compatible for a while

@ianhe8x ianhe8x closed this Oct 1, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

support to configure with project.js
3 participants