fix: resolve PPTX file security issues

Bug 1: Extract workspaceId from file key using parseWorkspaceFileKey
- handleLocalFile and handleCloudProxy now properly pass workspaceId
- Previously passed undefined, causing getFileBase64 to fail with empty string

Bug 2: Replace unsandboxed new Function with vm.createContext
- User-provided code now runs in isolated VM context
- Only pptx and getFileBase64 are exposed, blocking process/require access

Author: cursoragent

apps/sim/app/api/files/serve/[...path]/route.ts

@@ -6,6 +6,7 @@ import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
 import { generatePptxFromCode } from '@/lib/copilot/tools/server/files/workspace-file'
 import { CopilotFiles, isUsingCloudStorage } from '@/lib/uploads'
 import type { StorageContext } from '@/lib/uploads/config'
+import { parseWorkspaceFileKey } from '@/lib/uploads/contexts/workspace/workspace-file-manager'
 import { downloadFile } from '@/lib/uploads/core/storage-service'
 import { inferContextFromKey } from '@/lib/uploads/utils/file-utils'
 import { verifyFileAccess } from '@/app/api/files/authorization'
@@ -138,10 +139,11 @@ async function handleLocalFile(
     const rawBuffer = await readFile(filePath)
     const segment = filename.split('/').pop() || filename
     const displayName = stripStorageKeyPrefix(segment)
+    const workspaceId = parseWorkspaceFileKey(filename)
     const { buffer: fileBuffer, contentType } = await compilePptxIfNeeded(
       rawBuffer,
       displayName,
-      undefined,
+      workspaceId || undefined,
       raw
     )
 
@@ -202,10 +204,11 @@ async function handleCloudProxy(
 
     const segment = cloudKey.split('/').pop() || 'download'
     const displayName = stripStorageKeyPrefix(segment)
+    const workspaceId = parseWorkspaceFileKey(cloudKey)
     const { buffer: fileBuffer, contentType } = await compilePptxIfNeeded(
       rawBuffer,
       displayName,
-      undefined,
+      workspaceId || undefined,
       raw
     )
 

apps/sim/lib/copilot/tools/server/files/workspace-file.ts

@@ -1,3 +1,4 @@
+import vm from 'node:vm'
 import { createLogger } from '@sim/logger'
 import PptxGenJS from 'pptxgenjs'
 import type { BaseServerTool, ServerToolContext } from '@/lib/copilot/tools/server/base-tool'
@@ -36,8 +37,19 @@ export async function generatePptxFromCode(code: string, workspaceId: string): P
     return `data:${mime};base64,${buffer.toString('base64')}`
   }
 
-  const fn = new Function('pptx', 'getFileBase64', `return (async () => { ${code} })()`)
-  await fn(pptx, getFileBase64)
+  const sandbox = {
+    pptx,
+    getFileBase64,
+    __result: null as unknown,
+  }
+
+  vm.createContext(sandbox)
+
+  const wrappedCode = `(async () => { ${code} })()`
+  const script = new vm.Script(`__result = ${wrappedCode}`, { filename: 'pptx-code.js' })
+  script.runInContext(sandbox)
+  await sandbox.__result
+
   const output = await pptx.write({ outputType: 'nodebuffer' })
   return output as Buffer
 }