ses - npm Package Compare versions

Comparing version 0.15.23 to 0.16.0

CHANGELOG.md

@@ -6,2 +6,29 @@ # Change Log
 
+## [0.16.0](https://github.com/endojs/endo/compare/ses@0.15.23...ses@0.16.0) (2022-10-19)
+
+
+### Features
+
+* Add links to resources and community portals ([b0fef82](https://github.com/endojs/endo/commit/b0fef82192d476c43e9e10d5ad696cdad5bcb0b5))
+
+
+### Bug Fixes
+
+* **ses:** Fail safe when getOwnPropertyDescriptor reports absence of a known property ([5fa3b50](https://github.com/endojs/endo/commit/5fa3b506dc3d8826d0d213a9514e554986823a1d))
+* **ses:** Harden all non-integer typed array properties, even if canonical ([88cab0b](https://github.com/endojs/endo/commit/88cab0be4cf816dc578f2ff441fd9bcda0aa5cf5))
+* **ses:** Lock down all typed array expando properties ([dc82f5d](https://github.com/endojs/endo/commit/dc82f5d2908b3507965562c7c1b3bf12d852af8f))
+* minor improvements to some override comments ([#1327](https://github.com/endojs/endo/issues/1327)) ([678285a](https://github.com/endojs/endo/commit/678285a3345adec894f265ba56c2fa6636f846b8))
+* **marshal:** Return a special error message from passStyleOf(typedArray) ([dbd498e](https://github.com/endojs/endo/commit/dbd498e30a5c3b0d2713d863bc7479ceef39cd79)), closes [#1326](https://github.com/endojs/endo/issues/1326)
+* delete broken objectFromEntries ([#1306](https://github.com/endojs/endo/issues/1306)) ([d83be67](https://github.com/endojs/endo/commit/d83be675d23a928f287d6d9118f7258f0abd855a))
+* **ses:** expand the scope this-value test ([3d50c1a](https://github.com/endojs/endo/commit/3d50c1ac073250406a8b38735610ca6d86fdd680))
+* **ses:** Fix incompatible spelling ([c32fdf1](https://github.com/endojs/endo/commit/c32fdf10bdc1a21096ba190c384fa9f08f85f1f3))
+* **ses:** scope tests - expand Symbol.unscopables fidelity test ([bb542f7](https://github.com/endojs/endo/commit/bb542f78a1520a8e54e981d224dee28b171518d6))
+* **ses:** scope tests - expand Symbolunscopables fidelity test ([c603c5a](https://github.com/endojs/endo/commit/c603c5aa4a1ba271cf17d754df789a52aa7debfb))
+* **ses:** scope tests - move teardown into ava teardown call ([e59f682](https://github.com/endojs/endo/commit/e59f6829e3061adcd8fbf78cde84cf3f9abc5bf8))
+* **ses:** scope tests - rename variables to match purpose ([18d64c3](https://github.com/endojs/endo/commit/18d64c31315e47c798443f78a3bcfb77f4698366))
+* **ses:** this-value scope test includes optimizable props ([9c3fea3](https://github.com/endojs/endo/commit/9c3fea3dfd2d72f0fc13455bc1e54de455ead83e))
+* **ses:** this-value scope test includes unscopables fidelity test ([0be95ac](https://github.com/endojs/endo/commit/0be95acdb9a5251d1c37061bb5ae59180e298f65))
+
+
+
 ### [0.15.23](https://github.com/endojs/endo/compare/ses@0.15.22...ses@0.15.23) (2022-09-27)
@@ -8,0 +35,0 @@

NEWS.md

 User-visible changes in SES:
 
-# v0.15.23 (2022-09-26)
+# v0.16.0 (2022-10-19)
 
+- When hardening a typed array, detects and locks down properties named as
+  number-coercible strings that are not index properties.
+
+# v0.15.23 (2022-09-27)
+
 - Fixes the unhandled promise rejection logic to report unhandled rejections
@@ -6,0 +11,0 @@ when the promise is collected. Because of a bug it previously only reported

package.json

 {
   "name": "ses",
-  "version": "0.15.23",
+  "version": "0.16.0",
   "description": "Hardened JavaScript for Fearless Cooperation",
@@ -59,8 +59,8 @@ "keywords": [
     "test": "tsd && ava",
-    "test:platform-compatability": "node test/package/test.cjs"
+    "test:platform-compatibility": "node test/package/test.cjs"
   },
   "devDependencies": {
-    "@endo/compartment-mapper": "^0.7.13",
+    "@endo/compartment-mapper": "^0.7.14",
     "@endo/eslint-config": "^0.5.1",
-    "@endo/static-module-record": "^0.7.12",
+    "@endo/static-module-record": "^0.7.13",
     "@endo/test262-runner": "^0.1.28",
@@ -183,3 +183,3 @@ "ava": "^3.12.1",
   },
-  "gitHead": "2d3f1a5c472aaef102e8919cbf8d0c53238d155f"
+  "gitHead": "8da6dc1002417c0f18cd43b351f8f62d7010260c"
 }

README.md

@@ -35,2 +35,15 @@ # SES
 
+Please join the conversation on our [Mailing List][SES Strategy Group] and
+[Matrix][Endo Matrix].
+We record a [weekly conference call][SES Strategy Recordings] with the Hardened
+JavaScript engineering community.
+
+_Hardened JavaScript_, Kris Kowal:
+
+[![Primer on Hardened JavaScript](https://img.youtube.com/vi/RoodZSIL-DE/0.jpg)](https://www.youtube.com/watch?v=RoodZSIL-DE)
+
+_Don't add Security, Remove Insecurity_, Mark Miller:
+
+[![Don't add Security, Remove Insecurity](https://img.youtube.com/vi/u-XETUbxNUU/0.jpg)](https://www.youtube.com/watch?v=u-XETUbxNUU)
+
 ## Install
@@ -693,3 +706,7 @@
 discussion, and issues are tagged
-[audit-SEStival](https://github.com/endojs/endo/labels/audit-sestival). 
+[audit-SEStival](https://github.com/endojs/endo/issues?q=label%3Aaudit-sestival).
+The [video recordings of the MetaMask and Agoric collaborative
+review](https://www.youtube.com/playlist?list=PLzDw4TTug5O2d1XOdB7VNCZbIxRZu3gov).
+provide useful background for future audits, reviews, and for learning more
+about how the `ses` shim constructs a Hardened JavaScript environment.
 
@@ -716,1 +733,5 @@ In addition to vulnerability assessments, active efforts to [formally verify
 [SES Issues]: https://github.com/endojs/endo/issues
+[SES Strategy Group]: https://groups.google.com/g/ses-strategy
+[SES Strategy Recordings]: https://www.youtube.com/playlist?list=PLzDw4TTug5O1jzKodRDp3qec8zl88oxGd
+[Endo Matrix]: https://matrix.to/#/#endojs:matrix.org
+

src/commons.js

@@ -69,2 +69,3 @@ /* global globalThis */
   values,
+  fromEntries,
 } = Object;
@@ -85,18 +86,2 @@
 
-// At time of this writing, we still support Node 10 which doesn't have
-// `Object.fromEntries`. If it is absent, this should be an adequate
-// replacement.
-// By the terminology of https://ponyfoo.com/articles/polyfills-or-ponyfills
-// it is a ponyfill rather than a polyfill or shim because we do not
-// install it on `Object`.
-const objectFromEntries = entryPairs => {
-  const result = {};
-  for (const [prop, val] of entryPairs) {
-    result[prop] = val;
-  }
-  return result;
-};
-
-export const fromEntries = Object.fromEntries || objectFromEntries;
-
 // Needed only for the Safari bug workaround below
@@ -103,0 +88,0 @@ const { defineProperty: originalDefineProperty } = Object;

src/enablements.js

@@ -168,10 +168,11 @@ /**
   /**
-   * Rollup(as used at least by vega) and webpack
+   * Rollup (as used at least by vega) and webpack
    * (as used at least by regenerator) both turn exports into assignments
    * to a big `exports` object that inherits directly from
-   * `Object.prototype`.Some of the exported names we've seen include
+   * `Object.prototype`. Some of the exported names we've seen include
    * `hasOwnProperty`, `constructor`, and `toString`. But the strategy used
-   * by rollup and webpack means potentionally turns any exported name
-   * into an assignment rejected by the override mistake.That's why
-   * we take the extreme step of enabling everything on`Object.prototype`.
+   * by rollup and webpack potentionally turns any exported name
+   * into an assignment rejected by the override mistake. That's why
+   * the `severe` enablements takes the extreme step of enabling
+   * everything on `Object.prototype`.
    *
@@ -183,5 +184,9 @@ * In addition, code doing inheritance manually will often override
    * The cost of enabling all these is that they create a miserable debugging
-   * experience. https://github.com/Agoric/agoric-sdk/issues/2324 explains
-   * how it confused the Node console.
+   * experience specifically on Node.
+   * https://github.com/Agoric/agoric-sdk/issues/2324
+   * explains how it confused the Node console.
    *
+   * (TODO Reexamine the vscode situation. I think it may have improved
+   * since the following paragraph was written.)
+   *
    * The vscode debugger's object inspector shows the own data properties of
@@ -202,6 +207,6 @@ * an object, which is typically what you want, but also shows both getter
    * `TypedArray`, which it then initializes by assignment. These assignments
-   * include enough of the `TypeArray` methods that here, we just enable
-   * them all.
+   * include enough of the `TypeArray` methods that here, the `severe`
+   * enablements just enable them all.
    */
   '%TypedArrayPrototype%': '*',
 };

src/make-hardener.js

@@ -69,3 +69,7 @@ // Adapted from SES/Caja - Copyright (C) 2011 Google Inc.
 // Exported for tests.
-/** @param {unknown} object */
+/**
+ * Duplicates packages/marshal/src/helpers/passStyle-helpers.js to avoid a dependency.
+ *
+ * @param {unknown} object
+ */
 export const isTypedArray = object => {
@@ -78,2 +82,13 @@ // The object must pass a brand check or toStringTag will return undefined.
 /**
+ * Tests if a property key is an integer-valued canonical numeric index.
+ * https://tc39.es/ecma262/#sec-canonicalnumericindexstring
+ *
+ * @param {string | symbol} propertyKey
+ */
+const isCanonicalIntegerIndexString = propertyKey => {
+  const n = +String(propertyKey);
+  return isInteger(n) && String(n) === propertyKey;
+};
+
+/**
  * @template T
@@ -83,24 +98,21 @@ * @param {ArrayLike<T>} array
 const freezeTypedArray = array => {
-  const descs = getOwnPropertyDescriptors(array);
-
   preventExtensions(array);
 
   // Downgrade writable expandos to readonly, even if non-configurable.
-  arrayForEach(ownKeys(descs), (/** @type {string | symbol} */ name) => {
-    const desc = descs[/** @type {string} */ (name)];
-    // The numbered properties are writable and non-configurable,
-    // and cannot be made non-writable by defineProperty.
-    // This is a strange behavior intrinsic to TypedArrays, but no more harmful
-    // than the mutability of properties of a hardened Map or Set,
-    // so we carve out this exceptional behavior.
+  // We get each descriptor individually rather than using
+  // getOwnPropertyDescriptors in order to fail safe when encountering
+  // an obscure GraalJS issue where getOwnPropertyDescriptor returns
+  // undefined for a property that does exist.
+  arrayForEach(ownKeys(array), (/** @type {string | symbol} */ name) => {
+    const desc = getOwnPropertyDescriptor(array, name);
+    assert(desc);
+    // TypedArrays are integer-indexed exotic objects, which define special
+    // treatment for property names in canonical numeric form:
+    // integers in range are permanently writable and non-configurable.
+    // https://tc39.es/ecma262/#sec-integer-indexed-exotic-objects
     //
-    // TypedArrays are integer-indexed exotic objects, so indexed properties
-    // outside the range of 0 to the typed array's length are disallowed.
-    // Assignment to these indexes silently fails and defining an indexed
-    // property throws an error.
-    // So, we only need to make non-index properties non-writable and
-    // non-configurable.
-    // https://tc39.es/ecma262/#sec-integer-indexed-exotic-objects
-    const number = +String(name);
-    if (!isInteger(number)) {
+    // This is analogous to the data of a hardened Map or Set,
+    // so we carve out this exceptional behavior but make all other
+    // properties non-configurable.
+    if (!isCanonicalIntegerIndexString(name)) {
       defineProperty(array, name, {
@@ -107,0 +119,0 @@ ...desc,

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

2845748

increased by0.13%

Lines of code

59783

increased by0.05%

Number of lines in readme file

735

increased by2.94%

No dependency changes