From dd182824a23a5c8deb5fe3c5d4118ac30c0f69c5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 29 Jun 2023 11:11:01 +0000 Subject: [PATCH 1/3] build(deps): bump semver from 7.3.5 to 7.5.2 in /api Bumps [semver](https://github.com/npm/node-semver) from 7.3.5 to 7.5.2. - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/node-semver/compare/v7.3.5...v7.5.2) --- updated-dependencies: - dependency-name: semver dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- api/package-lock.json | 18 +++++++++--------- api/package.json | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/api/package-lock.json b/api/package-lock.json index 549e28f..1ef3cc4 100644 --- a/api/package-lock.json +++ b/api/package-lock.json @@ -1,12 +1,12 @@ { "name": "piston-api", - "version": "3.1.0", + "version": "3.1.1", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "piston-api", - "version": "3.1.0", + "version": "3.1.1", "license": "MIT", "dependencies": { "body-parser": "^1.19.0", @@ -17,7 +17,7 @@ "logplease": "^1.2.15", "nocamel": "HexF/nocamel#patch-1", "node-fetch": "^2.6.1", - "semver": "^7.3.4", + "semver": "^7.5.2", "uuid": "^8.3.2", "waitpid": "git+https://github.com/HexF/node-waitpid.git" } @@ -476,9 +476,9 @@ "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==" }, "node_modules/semver": { - "version": "7.3.5", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.5.tgz", - "integrity": "sha512-PoeGJYh8HK4BTO/a9Tf6ZG3veo/A7ZVsYrSA6J8ny9nb3B1VrpkuN+z9OE5wfE5p6H4LchYZsegiQgbJD94ZFQ==", + "version": "7.5.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.2.tgz", + "integrity": "sha512-SoftuTROv/cRjCze/scjGyiDtcUyxw1rgYQSZY7XTmtR5hX+dm76iDbTH8TkLPHCQmlbQVSSbNZCPM2hb0knnQ==", "dependencies": { "lru-cache": "^6.0.0" }, @@ -957,9 +957,9 @@ "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==" }, "semver": { - "version": "7.3.5", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.5.tgz", - "integrity": "sha512-PoeGJYh8HK4BTO/a9Tf6ZG3veo/A7ZVsYrSA6J8ny9nb3B1VrpkuN+z9OE5wfE5p6H4LchYZsegiQgbJD94ZFQ==", + "version": "7.5.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.2.tgz", + "integrity": "sha512-SoftuTROv/cRjCze/scjGyiDtcUyxw1rgYQSZY7XTmtR5hX+dm76iDbTH8TkLPHCQmlbQVSSbNZCPM2hb0knnQ==", "requires": { "lru-cache": "^6.0.0" } diff --git a/api/package.json b/api/package.json index 0b91c01..77716a4 100644 --- a/api/package.json +++ b/api/package.json @@ -12,7 +12,7 @@ "logplease": "^1.2.15", "nocamel": "HexF/nocamel#patch-1", "node-fetch": "^2.6.1", - "semver": "^7.3.4", + "semver": "^7.5.2", "uuid": "^8.3.2", "waitpid": "git+https://github.com/HexF/node-waitpid.git" }, From 6ef0cdf7b4c96e71d49ae267dc905c177ede1d51 Mon Sep 17 00:00:00 2001 From: Omar Brikaa Date: Sat, 8 Feb 2025 15:10:50 +0200 Subject: [PATCH 2/3] Provide HOME in sandbox (#702) --- api/src/job.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/api/src/job.js b/api/src/job.js index d46120b..31f688d 100644 --- a/api/src/job.js +++ b/api/src/job.js @@ -156,6 +156,8 @@ class Job { '-s', '-c', '/box/submission', + '-E', + 'HOME=/tmp', '-e', `--dir=${this.runtime.pkgdir}`, `--dir=/etc:noexec`, From 1d55a41a2d563318388596b46d7da772027339ba Mon Sep 17 00:00:00 2001 From: Omar Brikaa Date: Sat, 8 Feb 2025 20:46:46 +0200 Subject: [PATCH 3/3] Explicitly provide env vars instead of inheriting them from parent (#703) --- api/src/job.js | 8 +++----- api/src/runtime.js | 10 +--------- 2 files changed, 4 insertions(+), 14 deletions(-) diff --git a/api/src/job.js b/api/src/job.js index 31f688d..8c3fa79 100644 --- a/api/src/job.js +++ b/api/src/job.js @@ -158,7 +158,9 @@ class Job { '/box/submission', '-E', 'HOME=/tmp', - '-e', + ...this.runtime.env_vars.flat_map(v => ['-E', v]), + '-E', + `PISTON_LANGUAGE=${this.runtime.language}`, `--dir=${this.runtime.pkgdir}`, `--dir=/etc:noexec`, `--processes=${this.runtime.max_process_count}`, @@ -177,10 +179,6 @@ class Job { ...args, ], { - env: { - ...this.runtime.env_vars, - PISTON_LANGUAGE: this.runtime.language, - }, stdio: 'pipe', } ); diff --git a/api/src/runtime.js b/api/src/runtime.js index 9a2adf4..90a2225 100644 --- a/api/src/runtime.js +++ b/api/src/runtime.js @@ -178,15 +178,7 @@ class Runtime { const env_file = path.join(this.pkgdir, '.env'); const env_content = fss.read_file_sync(env_file).toString(); - this._env_vars = {}; - - env_content - .trim() - .split('\n') - .map(line => line.split('=', 2)) - .forEach(([key, val]) => { - this._env_vars[key.trim()] = val.trim(); - }); + this._env_vars = env_content.trim().split('\n'); } return this._env_vars;