Comparing version 0.15.17 to 0.15.18
@@ -6,2 +6,14 @@ # Change Log | ||
### [0.15.18](https://github.com/endojs/endo/compare/ses@0.15.17...ses@0.15.18) (2022-08-23) | ||
### Bug Fixes | ||
* more hardens ([#1241](https://github.com/endojs/endo/issues/1241)) ([b6ff811](https://github.com/endojs/endo/commit/b6ff8118a92fd72c5309b2bb285fac08d0531d92)) | ||
* remove __allowUnsafeMonkeyPatching__ ([fe9c784](https://github.com/endojs/endo/commit/fe9c78414eab5d1bce73cdb16e1455c1c4307e98)) | ||
* remove dead environment-options module ([#1243](https://github.com/endojs/endo/issues/1243)) ([c43c939](https://github.com/endojs/endo/commit/c43c9396976ad6b0af5d99caed033b1abf448165)) | ||
* **ses:** avoid leaks through CallSite structures ([69f69fa](https://github.com/endojs/endo/commit/69f69fac84154401a5bea72a533ba07f1ff2c191)) | ||
### [0.15.17](https://github.com/endojs/endo/compare/ses@0.15.16...ses@0.15.17) (2022-06-28) | ||
@@ -8,0 +20,0 @@ |
@@ -36,3 +36,2 @@ /** | ||
domainTaming?: 'safe' | 'unsafe'; | ||
__allowUnsafeMonkeyPatching__?: 'safe' | 'unsafe'; | ||
} | ||
@@ -39,0 +38,0 @@ |
10
NEWS.md
User-visible changes in SES: | ||
# v0.15.18 (2022-08-23) | ||
- Removes the `__allowUnsafeMonkeyPatching__` option to lockdown. As the name | ||
should indicate, this was always an unsafe temporary kludge. Its only known | ||
use was in agoric-sdk, now gone at | ||
https://github.com/Agoric/agoric-sdk/pull/5922 . Without this option, a | ||
successful `lockdown` will now always harden the primordials. | ||
# v0.15.8 (2022-02-18) | ||
@@ -69,3 +77,3 @@ | ||
# 0.14.3 (2021-09-18) | ||
# 0.14.3 (2021-09-18) | ||
@@ -72,0 +80,0 @@ - Due to a peculiar bit of error handling code in Node 14, as explained at |
{ | ||
"name": "ses", | ||
"version": "0.15.17", | ||
"version": "0.15.18", | ||
"description": "Hardened JavaScript for Fearless Cooperation", | ||
@@ -62,5 +62,5 @@ "keywords": [ | ||
"devDependencies": { | ||
"@endo/compartment-mapper": "^0.7.7", | ||
"@endo/compartment-mapper": "^0.7.8", | ||
"@endo/eslint-config": "^0.5.1", | ||
"@endo/static-module-record": "^0.7.6", | ||
"@endo/static-module-record": "^0.7.7", | ||
"@endo/test262-runner": "^0.1.28", | ||
@@ -183,3 +183,3 @@ "ava": "^3.12.1", | ||
}, | ||
"gitHead": "a311acb02115271fbda6953734d0b4f52aa85892" | ||
"gitHead": "7dc29059b201826295cbf2deb28bb2ed70f5ec1f" | ||
} |
@@ -5,3 +5,3 @@ // @ts-check | ||
// avoid importing from anything but commons.js and assert.js | ||
import { arrayPush, arraySlice, freeze } from './commons.js'; | ||
import { arrayPush, freeze } from './commons.js'; | ||
import { assert } from './error/assert.js'; | ||
@@ -120,8 +120,8 @@ | ||
const getCapturedEnvironmentOptionNames = () => { | ||
return freeze(arraySlice(capturedEnvironmentOptionNames)); | ||
return freeze([...capturedEnvironmentOptionNames]); | ||
}; | ||
freeze(getCapturedEnvironmentOptionNames); | ||
return { getEnvironmentOption, getCapturedEnvironmentOptionNames }; | ||
return freeze({ getEnvironmentOption, getCapturedEnvironmentOptionNames }); | ||
}; | ||
freeze(makeEnvironmentCaptor); |
@@ -16,3 +16,2 @@ import { | ||
weakmapGet, | ||
weakmapHas, | ||
weakmapSet, | ||
@@ -169,2 +168,5 @@ weaksetAdd, | ||
) => { | ||
// TODO: Proper CallSite types | ||
/** @typedef {{}} CallSite */ | ||
const originalCaptureStackTrace = OriginalError.captureStackTrace; | ||
@@ -195,6 +197,20 @@ | ||
// Mapping from error instance to the structured stack trace capturing the | ||
// stack for that instance. | ||
const ssts = new WeakMap(); | ||
/** | ||
* @typedef {object} StructuredStackInfo | ||
* @property {CallSite[]} callSites | ||
* @property {undefined} [stackString] | ||
*/ | ||
/** | ||
* @typedef {object} ParsedStackInfo | ||
* @property {undefined} [callSites] | ||
* @property {string} stackString | ||
*/ | ||
// Mapping from error instance to the stack for that instance. | ||
// The stack info is either the structured stack trace | ||
// or the generated tamed stack string | ||
/** @type {WeakMap<Error, ParsedStackInfo | StructuredStackInfo} */ | ||
const stackInfos = new WeakMap(); | ||
// Use concise methods to obtain named functions without constructors. | ||
@@ -220,19 +236,37 @@ const tamedMethods = { | ||
getStackString(error) { | ||
if (!weakmapHas(ssts, error)) { | ||
let stackInfo = weakmapGet(stackInfos, error); | ||
if (stackInfo === undefined) { | ||
// The following will call `prepareStackTrace()` synchronously | ||
// which will populate stackInfos | ||
// eslint-disable-next-line no-void | ||
void error.stack; | ||
stackInfo = weakmapGet(stackInfos, error); | ||
if (!stackInfo) { | ||
stackInfo = { stackString: '' }; | ||
weakmapSet(stackInfos, error, stackInfo); | ||
} | ||
} | ||
const sst = weakmapGet(ssts, error); | ||
if (!sst) { | ||
return ''; | ||
// prepareStackTrace() may generate the stackString | ||
// if errorTaming === 'unsafe' | ||
if (stackInfo.stackString !== undefined) { | ||
return stackInfo.stackString; | ||
} | ||
return stackStringFromSST(error, sst); | ||
const stackString = stackStringFromSST(error, stackInfo.callSites); | ||
weakmapSet(stackInfos, error, { stackString }); | ||
return stackString; | ||
}, | ||
prepareStackTrace(error, sst) { | ||
weakmapSet(ssts, error, sst); | ||
if (errorTaming === 'unsafe') { | ||
const stackString = stackStringFromSST(error, sst); | ||
weakmapSet(stackInfos, error, { stackString }); | ||
return `${error}${stackString}`; | ||
} else { | ||
weakmapSet(stackInfos, error, { callSites: sst }); | ||
return ''; | ||
} | ||
return ''; | ||
}, | ||
@@ -272,3 +306,3 @@ }; | ||
prepareStackTrace(error, sst) { | ||
weakmapSet(ssts, error, sst); | ||
weakmapSet(stackInfos, error, { callSites: sst }); | ||
return inputPrepareFn(error, safeV8SST(sst)); | ||
@@ -275,0 +309,0 @@ }, |
@@ -179,6 +179,2 @@ // Copyright (C) 2018 Agoric | ||
), | ||
__allowUnsafeMonkeyPatching__ = getenv( | ||
'__LOCKDOWN_ALLOW_UNSAFE_MONKEY_PATCHING__', | ||
'safe', | ||
), | ||
dateTaming = 'safe', // deprecated | ||
@@ -390,7 +386,5 @@ mathTaming = 'safe', // deprecated | ||
if (__allowUnsafeMonkeyPatching__ !== 'unsafe') { | ||
// Finally register and optionally freeze all the intrinsics. This | ||
// must be the operation that modifies the intrinsics. | ||
harden(intrinsics); | ||
} | ||
// Finally register and optionally freeze all the intrinsics. This | ||
// must be the operation that modifies the intrinsics. | ||
harden(intrinsics); | ||
@@ -397,0 +391,0 @@ // Reveal harden after lockdown. |
@@ -52,3 +52,3 @@ import { | ||
// Throws, no need to patch. | ||
return {}; | ||
return harden({}); | ||
} | ||
@@ -55,0 +55,0 @@ |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is too big to display
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
2823164
59464