Refactor/Update code execution sandbox implementation across components (#4904)

refactor: Update code execution sandbox implementation across components - Replaced NodeVM usage with a new createCodeExecutionSandbox function for improved sandbox management. - Enhanced JavaScript code execution with executeJavaScriptCode function, allowing for better handling of libraries and output streaming. - Updated multiple components to utilize the new sandboxing approach, ensuring consistent execution environment. - Added validation for UUIDs and URLs in various tools to enhance input safety. - Refactored input handling in CustomFunction and IfElseFunction to streamline variable management.
2026-06-29 15:01:11 +03:00 · 2025-07-21 00:09:01 +01:00
parent 9a06a85a8d
commit dca91b979b
24 changed files with 550 additions and 488 deletions
@@ -1,7 +1,6 @@
 import { ICommonObject, IDatabaseEntity, INode, INodeData, INodeParams } from '../../../src/Interface'
-import { getBaseClasses, transformBracesWithColon } from '../../../src/utils'
+import { getBaseClasses, transformBracesWithColon, getVars, executeJavaScriptCode, createCodeExecutionSandbox } from '../../../src/utils'
 import { ChatPromptTemplate, SystemMessagePromptTemplate, HumanMessagePromptTemplate } from '@langchain/core/prompts'
-import { getVM } from '../../sequentialagents/commonUtils'
 import { DataSource } from 'typeorm'
 const defaultFunc = `const { AIMessage, HumanMessage, ToolMessage } = require('@langchain/core/messages');

@@ -120,13 +119,29 @@ class ChatPromptTemplate_Prompts implements INode {
        ) {
            const appDataSource = options.appDataSource as DataSource
            const databaseEntities = options.databaseEntities as IDatabaseEntity
-            const vm = await getVM(appDataSource, databaseEntities, nodeData, options, {})
+            const variables = await getVars(appDataSource, databaseEntities, nodeData, options)
+            const flow = {
+                chatflowId: options.chatflowid,
+                sessionId: options.sessionId,
+                chatId: options.chatId
+            }
+
+            const sandbox = createCodeExecutionSandbox('', variables, flow)
+
            try {
-                const response = await vm.run(`module.exports = async function() {${messageHistoryCode}}()`, __dirname)
-                if (!Array.isArray(response)) throw new Error('Returned message history must be an array')
+                const response = await executeJavaScriptCode(messageHistoryCode, sandbox, {
+                    libraries: ['axios', '@langchain/core'],
+                    timeout: 10000
+                })
+
+                const parsedResponse = JSON.parse(response)
+
+                if (!Array.isArray(parsedResponse)) {
+                    throw new Error('Returned message history must be an array')
+                }
                prompt = ChatPromptTemplate.fromMessages([
                    SystemMessagePromptTemplate.fromTemplate(systemMessagePrompt),
-                    ...response,
+                    ...parsedResponse,
                    HumanMessagePromptTemplate.fromTemplate(humanMessagePrompt)
                ])
            } catch (e) {