wasm-sandbox 0.1.0

A secure WebAssembly sandbox for running untrusted code with flexible host-guest communication
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383

//! Cargo build system integration for compiling Rust to WebAssembly

use std::path::{Path, PathBuf};
use std::process::Command;
use std::collections::HashMap;

use crate::error::{Error, Result};
use super::{Compiler, CompilerOptions, BuildProfile};

/// Enhanced Cargo compiler implementation with additional features
pub struct EnhancedCargoCompiler {
    /// Environment variables to set during compilation
    env_vars: HashMap<String, String>,
    
    /// Additional cargo flags
    cargo_flags: Vec<String>,
    
    /// Target directory override
    target_dir: Option<PathBuf>,
    
    /// Rustup toolchain overrides by target
    toolchain_overrides: HashMap<String, String>,
    
    /// Cache directory for build artifacts
    cache_dir: Option<PathBuf>,
}

impl Default for EnhancedCargoCompiler {
    fn default() -> Self {
        Self {
            env_vars: HashMap::new(),
            cargo_flags: Vec::new(),
            target_dir: None,
            toolchain_overrides: HashMap::new(),
            cache_dir: None,
        }
    }
}

impl EnhancedCargoCompiler {
    /// Create a new enhanced cargo compiler
    pub fn new() -> Self {
        Self::default()
    }
    
    /// Add an environment variable for the compilation process
    pub fn with_env_var(mut self, key: impl Into<String>, value: impl Into<String>) -> Self {
        self.env_vars.insert(key.into(), value.into());
        self
    }
    
    /// Add a cargo flag
    pub fn with_cargo_flag(mut self, flag: impl Into<String>) -> Self {
        self.cargo_flags.push(flag.into());
        self
    }
    
    /// Set the target directory
    pub fn with_target_dir(mut self, dir: impl Into<PathBuf>) -> Self {
        self.target_dir = Some(dir.into());
        self
    }
    
    /// Set a toolchain override for a specific target
    pub fn with_toolchain_override(
        mut self,
        target: impl Into<String>,
        toolchain: impl Into<String>,
    ) -> Self {
        self.toolchain_overrides.insert(target.into(), toolchain.into());
        self
    }
    
    /// Set the cache directory
    pub fn with_cache_dir(mut self, dir: impl Into<PathBuf>) -> Self {
        self.cache_dir = Some(dir.into());
        self
    }
    
    /// Generate a full RUSTFLAGS string based on compiler options
    fn generate_rustflags(&self, options: &CompilerOptions) -> String {
        let mut flags = Vec::<String>::new();
        
        // Add optimization level
        let opt_flag = match options.opt_level {
            super::OptimizationLevel::None => "-C opt-level=0".to_string(),
            super::OptimizationLevel::Basic => "-C opt-level=1".to_string(),
            super::OptimizationLevel::Default => "-C opt-level=2".to_string(),
            super::OptimizationLevel::Size => "-C opt-level=s".to_string(),
            super::OptimizationLevel::Speed => "-C opt-level=3".to_string(),
        };
        flags.push(opt_flag);
        
        // Add debug level
        let debug_flag = match options.debug_level {
            super::DebugLevel::None => "-C debuginfo=0".to_string(),
            super::DebugLevel::Basic => "-C debuginfo=1".to_string(),
            super::DebugLevel::Full => "-C debuginfo=2".to_string(),
        };
        flags.push(debug_flag);
        
        // Add target CPU if specified
        if let Some(ref cpu) = options.target_cpu {
            flags.push(format!("-C target-cpu={}", cpu));
        }
        
        // Add any additional RUSTFLAGS from options
        if let Some(ref rustflags) = options.rustflags {
            flags.push(rustflags.clone());
        }
        
        flags.join(" ")
    }
}

impl Compiler for EnhancedCargoCompiler {
    fn compile(
        &self,
        project_path: &Path,
        output_path: &Path,
        options: &CompilerOptions,
    ) -> Result<PathBuf> {
        // Check if cargo is available
        if !self.check_available() {
            return Err(Error::Compilation("Cargo is not available".to_string()));
        }
        
        // Create output directory if it doesn't exist
        std::fs::create_dir_all(output_path)
            .map_err(|e| Error::FileSystem(format!("Failed to create output directory: {}", e)))?;
        
        // Build the cargo command
        let mut cmd = Command::new("cargo");
        
        // Determine the toolchain to use
        let toolchain = self.toolchain_overrides
            .get(&options.target)
            .unwrap_or(&options.toolchain);
        
        // Add the toolchain if not stable
        if toolchain != "stable" {
            cmd.arg(format!("+{}", toolchain));
        }
        
        // Basic build command
        cmd.current_dir(project_path)
            .arg("build")
            .arg("--target").arg(&options.target);
        
        // Add profile
        match options.profile {
            BuildProfile::Debug => {
                // Debug is the default, no need to add flags
            },
            BuildProfile::Release => {
                cmd.arg("--release");
            },
        }
        
        // Set RUSTFLAGS environment variable
        cmd.env("RUSTFLAGS", self.generate_rustflags(options));
        
        // Add custom target directory if specified
        if let Some(ref target_dir) = self.target_dir {
            cmd.arg("--target-dir").arg(target_dir);
        }
        
        // Add features
        if !options.features.is_empty() {
            cmd.arg("--features").arg(options.features.join(","));
        }
        
        // No default features
        if options.no_default_features {
            cmd.arg("--no-default-features");
        }
        
        // Add cargo flags
        for flag in &self.cargo_flags {
            cmd.arg(flag);
        }
        
        // Add extra args from options
        for arg in &options.extra_args {
            cmd.arg(arg);
        }
        
        // Add environment variables
        for (key, value) in &self.env_vars {
            cmd.env(key, value);
        }
        
        // Run the build
        let output = cmd.output()
            .map_err(|e| Error::Compilation(format!("Failed to execute cargo: {}", e)))?;
        
        // Check for errors
        if !output.status.success() {
            let stderr = String::from_utf8_lossy(&output.stderr);
            return Err(Error::Compilation(format!("Build failed: {}", stderr)));
        }
        
        // Determine the output file path
        let profile_dir = match options.profile {
            BuildProfile::Debug => "debug",
            BuildProfile::Release => "release",
        };
        
        // Get the project name from Cargo.toml
        let package_name = self.get_package_name(project_path)?;
        
        // Construct the path to the wasm file
        let default_target_dir = project_path.join("target");
        let target_dir = self.target_dir
            .as_ref()
            .unwrap_or(&default_target_dir);
            
        let wasm_file = format!("{}.wasm", package_name);
        let wasm_path = target_dir
            .join(&options.target)
            .join(profile_dir)
            .join(wasm_file);
        
        // Copy to the output path
        let output_wasm_path = output_path.join(format!("{}.wasm", package_name));
        std::fs::copy(&wasm_path, &output_wasm_path)
            .map_err(|e| Error::FileSystem(format!("Failed to copy WASM file: {}", e)))?;
        
        // Copy .d.ts file if available (useful for WASM-bindgen projects)
        let dts_path = wasm_path.with_extension("d.ts");
        if dts_path.exists() {
            let output_dts_path = output_wasm_path.with_extension("d.ts");
            std::fs::copy(&dts_path, &output_dts_path)
                .map_err(|e| Error::FileSystem(format!("Failed to copy .d.ts file: {}", e)))?;
        }
        
        Ok(output_wasm_path)
    }
    
    fn check_available(&self) -> bool {
        Command::new("cargo")
            .arg("--version")
            .output()
            .is_ok()
    }
    
    fn version(&self) -> Result<String> {
        let output = Command::new("cargo")
            .arg("--version")
            .output()
            .map_err(|e| Error::Compilation(format!("Failed to get cargo version: {}", e)))?;
        
        if output.status.success() {
            let version = String::from_utf8_lossy(&output.stdout).trim().to_string();
            Ok(version)
        } else {
            let stderr = String::from_utf8_lossy(&output.stderr);
            Err(Error::Compilation(format!("Failed to get cargo version: {}", stderr)))
        }
    }
}

impl EnhancedCargoCompiler {
    /// Get the package name from Cargo.toml
    fn get_package_name(&self, project_path: &Path) -> Result<String> {
        let cargo_toml_path = project_path.join("Cargo.toml");
        let cargo_toml = std::fs::read_to_string(cargo_toml_path)
            .map_err(|e| Error::FileSystem(format!("Failed to read Cargo.toml: {}", e)))?;
        
        // Simple parser to extract the package name
        cargo_toml
            .lines()
            .find_map(|line| {
                if line.trim().starts_with("name") {
                    line.split('=')
                        .nth(1)
                        .map(|s| s.trim().trim_matches('"').to_string())
                } else {
                    None
                }
            })
            .ok_or_else(|| Error::Compilation("Failed to determine package name".to_string()))
    }
}

/// Caching cargo compiler which stores build results to avoid recompilation
pub struct CachingCargoCompiler {
    /// Inner compiler
    inner: EnhancedCargoCompiler,
    
    /// Cache directory
    cache_dir: PathBuf,
}

impl CachingCargoCompiler {
    /// Create a new caching cargo compiler
    pub fn new(cache_dir: impl Into<PathBuf>) -> Self {
        let cache_dir = cache_dir.into();
        
        // Ensure cache directory exists
        std::fs::create_dir_all(&cache_dir).ok();
        
        Self {
            inner: EnhancedCargoCompiler::default().with_cache_dir(&cache_dir),
            cache_dir,
        }
    }
    
    /// Calculate a hash for the project and options to use as cache key
    fn cache_key(&self, project_path: &Path, options: &CompilerOptions) -> Result<String> {
        // Read Cargo.toml and Cargo.lock for hashing
        let cargo_toml = std::fs::read_to_string(project_path.join("Cargo.toml"))
            .map_err(|e| Error::FileSystem(format!("Failed to read Cargo.toml: {}", e)))?;
            
        let cargo_lock = std::fs::read_to_string(project_path.join("Cargo.lock"))
            .unwrap_or_default();
            
        // Create a string with all the inputs that affect the build
        let inputs = format!(
            "{}:{}:{}:{}:{}:{}",
            cargo_toml,
            cargo_lock,
            options.target,
            format!("{:?}", options.opt_level),
            format!("{:?}", options.profile),
            options.features.join(",")
        );
        
        // Hash the inputs
        use std::collections::hash_map::DefaultHasher;
        use std::hash::{Hash, Hasher};
        
        let mut hasher = DefaultHasher::new();
        inputs.hash(&mut hasher);
        let hash = hasher.finish();
        
        Ok(format!("{:016x}", hash))
    }
}

impl Compiler for CachingCargoCompiler {
    fn compile(
        &self,
        project_path: &Path,
        output_path: &Path,
        options: &CompilerOptions,
    ) -> Result<PathBuf> {
        // Calculate cache key
        let key = self.cache_key(project_path, options)?;
        
        // Get the project name
        let package_name = self.inner.get_package_name(project_path)?;
        
        // Check if we have a cached version
        let cached_path = self.cache_dir.join(format!("{}-{}.wasm", package_name, key));
        
        if cached_path.exists() {
            // Copy from cache to output path
            let output_wasm_path = output_path.join(format!("{}.wasm", package_name));
            std::fs::copy(&cached_path, &output_wasm_path)
                .map_err(|e| Error::FileSystem(format!("Failed to copy cached WASM file: {}", e)))?;
                
            return Ok(output_wasm_path);
        }
        
        // Not in cache, compile
        let result = self.inner.compile(project_path, output_path, options)?;
        
        // Store in cache
        std::fs::copy(&result, &cached_path)
            .map_err(|e| Error::FileSystem(format!("Failed to cache WASM file: {}", e)))?;
            
        Ok(result)
    }
    
    fn check_available(&self) -> bool {
        self.inner.check_available()
    }
    
    fn version(&self) -> Result<String> {
        self.inner.version()
    }
}