feat: safe mode updates

packages/bruno-app/src/components/RequestTabs/CollectionToolBar/index.js

@@ -1,6 +1,6 @@
 import React from 'react';
 import { uuid } from 'utils/common';
-import { IconFiles, IconRun, IconEye, IconSettings, IconShieldLock } from '@tabler/icons';
+import { IconFiles, IconRun, IconEye, IconSettings } from '@tabler/icons';
 import EnvironmentSelector from 'components/Environments/EnvironmentSelector';
 import { addTab } from 'providers/ReduxStore/slices/tabs';
 import { useDispatch } from 'react-redux';
@@ -40,16 +40,6 @@ const CollectionToolBar = ({ collection }) => {
     );
   };
 
-  const viewSecuritySettings = () => {
-    dispatch(
-      addTab({
-        uid: uuid(),
-        collectionUid: collection.uid,
-        type: 'security-settings'
-      })
-    );
-  };
-
   return (
     <StyledWrapper>
       <div className="flex items-center p-2">

packages/bruno-app/src/components/Sidebar/Collections/index.js

@@ -115,7 +115,7 @@ const Collections = () => {
         )}
       </div>
 
-      <div className="mt-4 flex flex-col overflow-y-auto absolute top-32 bottom-10 left-0 right-0">
+      <div className="mt-4 flex flex-col overflow-hidden hover:overflow-y-auto absolute top-32 bottom-10 left-0 right-0">
         {collections && collections.length
           ? collections.map((c) => {
               return (

packages/bruno-cli/src/runner/run-single-request.js

@@ -37,7 +37,12 @@ const runSingleRequest = async function (
 
     request = prepareRequest(bruJson.request, collectionRoot);
 
-    const scriptingConfig = { ...get(brunoConfig, 'scripts', {}), ...get(brunoConfig, 'security', {}) };
+    const scriptingConfig = get(brunoConfig, 'scripts', {});
+
+    // todo: allow to override from cli args
+    // we will default to vm2 (developer-mode) for 1.x version for backward compatibility
+    // 2.x will default to isolated-vm (safe mode)
+    scriptingConfig.runtime = 'vm2';
 
     // make axios work in node using form data
     // reference: https://github.com/axios/axios/issues/1006#issuecomment-320165427

packages/bruno-electron/package.json

@@ -31,7 +31,6 @@
     "about-window": "^1.15.2",
     "aws4-axios": "^3.3.0",
     "axios": "^1.5.1",
-    "browserify": "^17.0.0",
     "chai": "^4.3.7",
     "chokidar": "^3.5.3",
     "content-disposition": "^0.5.4",
@@ -65,7 +64,7 @@
     "dmg-license": "^1.0.11"
   },
   "devDependencies": {
-    "electron": "21.1.1",
+    "electron": "23.3.3",
     "electron-builder": "23.0.2",
     "electron-icon-maker": "^0.0.5"
   }

packages/bruno-js/package.json

@@ -13,24 +13,19 @@
   "scripts": {
     "test": "jest --testPathIgnorePatterns test.js",
     "rebuild:electron": "cd ./node_modules/isolated-vm && npx electron-rebuild",
-    "postinstall": "npm run install:isolated-vm && npm run prebuild:isolated-vm:dev && npm run build:isolated-vm:inbuilt-modules",
+    "postinstall": "npm run isolated-vm:install && npm run isolated-vm:prebuild:dev && npm run isolated-vm:bundle-libraries",
-    "install:isolated-vm": "cd ./node_modules/isolated-vm && npm install",
+    "isolated-vm:install": "cd ./node_modules/isolated-vm && npm install",
-    "prebuild:isolated-vm:dev": "node ./scripts/prebuild-isolated-vm-for-dev.js",
+    "isolated-vm:prebuild:dev": "node ./scripts/prebuild-isolated-vm-for-dev.js",
-    "prebuild:isolated-vm:prod": "node ./scripts/prebuild-isolated-vm-for-prod-builds.js",
+    "isolated-vm:prebuild:prod": "node ./scripts/prebuild-isolated-vm-for-prod-builds.js",
-    "build:isolated-vm:inbuilt-modules": "node ./src/sandbox/isolatedvm/utils/bundle-libraries.js"
+    "isolated-vm:bundle-libraries": "node ./src/sandbox/isolatedvm/utils/bundle-libraries.js"
   },
   "dependencies": {
-    "@faker-js/faker": "^8.4.1",
-    "@rollup/plugin-commonjs": "^23.0.2",
-    "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.0.1",
     "@usebruno/common": "0.1.0",
     "@usebruno/query": "0.1.0",
     "ajv": "^8.12.0",
     "ajv-formats": "^2.1.1",
     "atob": "^2.1.2",
     "axios": "^1.5.1",
-    "browserify": "^17.0.0",
     "btoa": "^1.2.1",
     "chai": "^4.3.7",
     "chai-string": "^1.5.0",
@@ -42,6 +37,12 @@
     "nanoid": "3.3.4",
     "node-fetch": "2.*",
     "node-vault": "^0.10.2",
+    "uuid": "^9.0.0"
+  },
+  "devDependencies": {
+    "@rollup/plugin-commonjs": "^23.0.2",
+    "@rollup/plugin-json": "^6.1.0",
+    "@rollup/plugin-node-resolve": "^15.0.1",
     "rollup": "3.2.5",
     "rollup-plugin-node-builtins": "^2.1.2",
     "rollup-plugin-node-globals": "^1.4.0",
@@ -50,7 +51,6 @@
     "stream": "^0.0.2",
     "terser": "^5.31.1",
     "uglify-js": "^3.18.0",
-    "util": "^0.12.5",
+    "util": "^0.12.5"
-    "uuid": "^9.0.0"
   }
 }

packages/bruno-js/scripts/prebuild-isolated-vm-for-dev.js

@@ -3,7 +3,7 @@ const os = require('os');
 
 const platform = os.platform();
 const arch = os.arch();
-const target = '21.1.1';
+const target = '23.3.3';
 
 const command = `cd ./node_modules/isolated-vm && rm -rf prebuilds && mkdir prebuilds && npm run prebuild -- --platform=${platform} --arch=${arch} --target=${target} --runtime=electron`;
 

packages/bruno-js/src/runtime/assert-runtime.js

@@ -5,7 +5,7 @@ const Bru = require('../bru');
 const BrunoRequest = require('../bruno-request');
 const { evaluateJsTemplateLiteral, evaluateJsExpression, createResponseParser } = require('../utils');
 const { interpolateString } = require('../interpolate-string');
-const { isolatedVMStrictInstance } = require('../sandbox/isolatedvm');
+const { executeInIsolatedVMStrict } = require('../sandbox/isolatedvm');
 
 const { expect } = chai;
 chai.use(require('chai-string'));
@@ -164,7 +164,7 @@ const isUnaryOperator = (operator) => {
 
 const evaluateJsTemplateLiteralBasedOnRuntime = (literal, context, runtime) => {
   if(runtime === 'isolated-vm') {
-    return isolatedVMStrictInstance.execute({
+    return executeInIsolatedVMStrict({
       script: literal,
       context,
       scriptType: 'template-literal'
@@ -176,7 +176,7 @@ const evaluateJsTemplateLiteralBasedOnRuntime = (literal, context, runtime) => {
 
 const evaluateJsExpressionBasedOnRuntime = (expr, context, runtime) => {
   if(runtime === 'isolated-vm') {
-    return isolatedVMStrictInstance.execute({
+    return executeInIsolatedVMStrict({
       script: expr,
       context,
       scriptType: 'expression'

packages/bruno-js/src/runtime/script-runtime.js

@@ -90,14 +90,6 @@ class ScriptRuntime {
     }
 
     if (this.runtime === 'isolated-vm') {
-      // Reuses the same instance of IsolatedVMAsync
-      // TODO: Test for performance
-      // await isolatedVMAsyncInstance.execute({
-      //   script,
-      //   context,
-      //   modules: {}, // todo: module support?
-      //   scriptType: 'jsScript'
-      // });
       await executeInIsolatedVMAsync({
         script: script,
         context: context,
@@ -211,14 +203,6 @@ class ScriptRuntime {
     }
 
     if (this.runtime === 'isolated-vm') {
-      // Reuses the same instance of IsolatedVMAsync
-      // TODO: Test for performance
-      // await isolatedVMAsyncInstance.execute({
-      //   script,
-      //   context,
-      //   modules: {}, // todo: module support?
-      //   scriptType: 'jsScript'
-      // });
       await executeInIsolatedVMAsync({
         script: script,
         context: context,

packages/bruno-js/src/runtime/test-runtime.js

@@ -109,14 +109,6 @@ class TestRuntime {
     }
 
     if (this.mode == 'safe') {
-      // Reuses the same instance of IsolatedVMAsync
-      // TODO: Test for performance
-      // await isolatedVMAsyncInstance.execute({
-      //   script: testsFile,
-      //   context: context,
-      //   modules: {},
-      //   scriptType: 'jsScript'
-      // });
       await executeInIsolatedVMAsync({
         script: testsFile,
         context: context,

packages/bruno-js/src/runtime/vars-runtime.js

@@ -3,11 +3,11 @@ const Bru = require('../bru');
 const BrunoRequest = require('../bruno-request');
 const { evaluateJsTemplateLiteral, evaluateJsExpression, createResponseParser } = require('../utils');
 
-const { isolatedVMStrictInstance } = require('../sandbox/isolatedvm');
+const { executeInIsolatedVMStrict } = require('../sandbox/isolatedvm');
 
 const evaluateJsTemplateLiteralBasedOnRuntime = (literal, context, runtime) => {
   if(runtime === 'isolated-vm') {
-    return isolatedVMStrictInstance.execute({
+    return executeInIsolatedVMStrict({
       script: literal,
       context,
       scriptType: 'template-literal'
@@ -19,7 +19,7 @@ const evaluateJsTemplateLiteralBasedOnRuntime = (literal, context, runtime) => {
 
 const evaluateJsExpressionBasedOnRuntime = (expr, context, runtime, mode) => {
   if(runtime === 'isolated-vm') {
-    return isolatedVMStrictInstance.execute({
+    return executeInIsolatedVMStrict({
       script: expr,
       context,
       scriptType: 'expression'

packages/bruno-js/src/sandbox/isolatedvm/index.js

@@ -80,8 +80,6 @@ class IsolatedVMStrict {
   }
 }
 
-const isolatedVMStrictInstance = new IsolatedVMStrict();
-
 const executeInIsolatedVMStrict = ({ script: externalScript, context: externalContext, scriptType = 'script' }) => {
   if (!isNaN(Number(externalScript))) {
     return Number(externalScript);
@@ -229,8 +227,6 @@ class IsolatedVMAsync {
   }
 }
 
-const isolatedVMAsyncInstance = new IsolatedVMAsync();
-
 const executeInIsolatedVMAsync = async ({
   script: externalScript,
   context: externalContext,
@@ -327,7 +323,5 @@ const executeInIsolatedVMAsync = async ({
 
 module.exports = {
   executeInIsolatedVMStrict,
-  isolatedVMStrictInstance,
+  executeInIsolatedVMAsync
-  executeInIsolatedVMAsync,
-  isolatedVMAsyncInstance
 };

packages/bruno-tests/collection/environments/Prod.bru

@@ -5,4 +5,9 @@ vars {
   env.var1: envVar1
   env-var2: envVar2
   bark: {{process.env.PROC_ENV_VAR}}
+  foo: bar
+  testSetEnvVar: bruno-29653
 }
+vars:secret [
+  bruno
+]