ses - npm Package Compare versions
Comparing version 0.2.0 to 0.3.0
| { | ||
| "name": "ses", | ||
| "version": "0.2.0", | ||
| "version": "0.3.0", | ||
| "description": "Secure ECMAScript", | ||
| "main": "src/index.js", | ||
| "main": "src/commonjs-index.js", | ||
| "module": "src/index.js", | ||
| "scripts": { | ||
@@ -13,3 +14,2 @@ "test": "node scripts/build-intermediate.js && tape -r esm test/**/*.js", | ||
| "devDependencies": { | ||
| "esm": "^3.1.0", | ||
| "rollup": "^1.1.0", | ||
@@ -19,3 +19,5 @@ "rollup-plugin-node-resolve": "^4.0.0", | ||
| }, | ||
| "dependencies": {}, | ||
| "dependencies": { | ||
| "esm": "^3.2.4" | ||
| }, | ||
| "repository": { | ||
@@ -22,0 +24,0 @@ "type": "git", |
@@ -42,4 +42,4 @@ { | ||
| "devDependencies": { | ||
| "babel-eslint": "^8.2.6", | ||
| "babel-minify": "^0.4.3", | ||
| "babel-eslint": "^10.0.1", | ||
| "babel-minify": "^0.5.0", | ||
| "babel-preset-env": "^1.7.0", | ||
@@ -49,17 +49,17 @@ "coveralls": "^3.0.2", | ||
| "ecmarkup": "^3.16.0", | ||
| "eslint": "^5.1.0", | ||
| "eslint-config-airbnb-base": "^13.0.0", | ||
| "eslint-config-prettier": "^2.9.0", | ||
| "eslint-plugin-import": "^2.13.0", | ||
| "eslint-plugin-prettier": "^2.6.2", | ||
| "esm": "^3.0.71", | ||
| "nyc": "^12.0.2", | ||
| "prettier": "^1.13.7", | ||
| "rollup": "^0.63.2", | ||
| "rollup-plugin-babel-minify": "^5.0.0", | ||
| "eslint": "^5.6.1", | ||
| "eslint-config-airbnb-base": "^13.1.0", | ||
| "eslint-config-prettier": "^3.1.0", | ||
| "eslint-plugin-import": "^2.14.0", | ||
| "eslint-plugin-prettier": "^3.0.0", | ||
| "esm": "^3.2.0", | ||
| "nyc": "^13.0.1", | ||
| "prettier": "^1.14.3", | ||
| "rollup": "^0.66.4", | ||
| "rollup-plugin-babel-minify": "^6.1.0", | ||
| "rollup-plugin-strip-code": "^0.2.6", | ||
| "rollup-watch": "^4.3.1", | ||
| "sinon": "^6.1.3", | ||
| "sinon": "^6.3.5", | ||
| "tape": "^4.9.1" | ||
| } | ||
| } |
@@ -53,3 +53,3 @@ (function (global, factory) { | ||
| // objects. | ||
| const { create, defineProperty } = Object; | ||
| const { create, defineProperties } = Object; | ||
@@ -154,14 +154,18 @@ const errorConstructors = new Map([ | ||
| defineProperty(Realm, 'toString', { | ||
| value: () => 'function Realm() { [shim code] }', | ||
| writable: false, | ||
| enumerable: false, | ||
| configurable: true | ||
| defineProperties(Realm, { | ||
| toString: { | ||
| value: () => 'function Realm() { [shim code] }', | ||
| writable: false, | ||
| enumerable: false, | ||
| configurable: true | ||
| } | ||
| }); | ||
| defineProperty(Realm.prototype, 'toString', { | ||
| value: () => '[object Realm]', | ||
| writable: false, | ||
| enumerable: false, | ||
| configurable: true | ||
| defineProperties(Realm.prototype, { | ||
| toString: { | ||
| value: () => '[object Realm]', | ||
| writable: false, | ||
| enumerable: false, | ||
| configurable: true | ||
| } | ||
| }); | ||
@@ -208,5 +212,4 @@ | ||
| create, | ||
| defineProperties, | ||
| defineProperty, | ||
| freeze, | ||
| defineProperties, // Object.defineProperty is allowed to fail silentlty, use Object.defineProperties instead. | ||
| getOwnPropertyDescriptor, | ||
@@ -478,3 +481,3 @@ getOwnPropertyDescriptors, | ||
| function repairFunctions() { | ||
| const { defineProperty, getPrototypeOf, setPrototypeOf } = Object; | ||
| const { defineProperties, getPrototypeOf, setPrototypeOf } = Object; | ||
@@ -508,3 +511,3 @@ /** | ||
| const TamedFunction = Function('throw new TypeError("Not available");'); | ||
| defineProperty(TamedFunction, 'name', { value: name }); | ||
| defineProperties(TamedFunction, { name: { value: name } }); | ||
@@ -523,7 +526,7 @@ // (new Error()).constructors does not inherit from Function, because Error | ||
| // with the tamed one. No copy of the original is peserved. | ||
| defineProperty(FunctionPrototype, 'constructor', { value: TamedFunction }); | ||
| defineProperties(FunctionPrototype, { constructor: { value: TamedFunction } }); | ||
| // This line sets the tamed constructor's prototype data property to | ||
| // the original one. | ||
| defineProperty(TamedFunction, 'prototype', { value: FunctionPrototype }); | ||
| defineProperties(TamedFunction, { prototype: { value: FunctionPrototype } }); | ||
@@ -1031,7 +1034,9 @@ if (TamedFunction !== Function.prototype.constructor) { | ||
| // this to a plain arrow function. Now that we have safeEval, use it. | ||
| defineProperty(safeEval, 'toString', { | ||
| value: safeEval("() => 'function eval() { [shim code] }'"), | ||
| writable: false, | ||
| enumerable: false, | ||
| configurable: true | ||
| defineProperties(safeEval, { | ||
| toString: { | ||
| value: safeEval("() => 'function eval() { [shim code] }'"), | ||
| writable: false, | ||
| enumerable: false, | ||
| configurable: true | ||
| } | ||
| }); | ||
@@ -1063,2 +1068,22 @@ | ||
| let functionParams = `${arrayJoin(params, ',')}`; | ||
| if (!regexpTest(/^[\w\s,]*$/, functionParams)) { | ||
| throw new unsafeGlobal.SyntaxError( | ||
| 'shim limitation: Function arg must be simple ASCII identifiers, possibly separated by commas: no default values, pattern matches, or non-ASCII parameter names' | ||
| ); | ||
| // this protects against Matt Austin's clever attack: | ||
| // Function("arg=`", "/*body`){});({x: this/**/") | ||
| // which would turn into | ||
| // (function(arg=` | ||
| // /*``*/){ | ||
| // /*body`){});({x: this/**/ | ||
| // }) | ||
| // which parses as a default argument of `\n/*``*/){\n/*body` , which | ||
| // is a pair of template literals back-to-back (so the first one | ||
| // nominally evaluates to the parser to use on the second one), which | ||
| // can't actually execute (because the first literal evals to a string, | ||
| // which can't be a parser function), but that doesn't matter because | ||
| // the function is bypassed entirely. When that gets evaluated, it | ||
| // defines (but does not invoke) a function, then evaluates a simple | ||
| // {x: this} expression, giving access to the safe global. | ||
| } | ||
@@ -1106,13 +1131,15 @@ // Is this a real functionBody, or is someone attempting an injection | ||
| // Ensure that any function created in any compartment in a root realm is an | ||
| // instance of Function in any compartment of the same root ralm. | ||
| defineProperty(safeFunction, 'prototype', { value: unsafeFunction.prototype }); | ||
| defineProperties(safeFunction, { | ||
| // Ensure that any function created in any compartment in a root realm is an | ||
| // instance of Function in any compartment of the same root ralm. | ||
| prototype: { value: unsafeFunction.prototype }, | ||
| // Provide a custom output without overwriting the Function.prototype.toString | ||
| // which is called by some third-party libraries. | ||
| defineProperty(safeFunction, 'toString', { | ||
| value: safeEval("() => 'function Function() { [shim code] }'"), | ||
| writable: false, | ||
| enumerable: false, | ||
| configurable: true | ||
| // Provide a custom output without overwriting the Function.prototype.toString | ||
| // which is called by some third-party libraries. | ||
| toString: { | ||
| value: safeEval("() => 'function Function() { [shim code] }'"), | ||
| writable: false, | ||
| enumerable: false, | ||
| configurable: true | ||
| } | ||
| }); | ||
@@ -1119,0 +1146,0 @@ |
@@ -1,2 +0,2 @@ | ||
| (function(a,b){'object'==typeof exports&&'undefined'!=typeof module?module.exports=b():'function'==typeof define&&define.amd?define(b):a.Realm=b()})(this,function(){'use strict';function a(a,b=void 0){const c=`please report internal shim error: ${a}`;console.error(c),b&&(console.error(`${b}`),console.error(`${b.stack}`));debugger;throw c}function b(b,c){b||a(c)}function c(a){return a}function d(a,b){function c(a,...b){try{return a(...b)}catch(a){if(Object(a)!==a)throw a;let b,c,d;try{b=`${a.name}`,c=`${a.message}`,d=`${a.stack}`}catch(a){throw new Error('unknown error')}const e=j.get(b)||Error;try{throw new e(c)}catch(a){throw a.stack=d,a}}}const{initRootRealm:d,initCompartment:e,getRealmGlobal:f,realmEvaluate:g}=b,{create:h,defineProperty:i}=Object,j=new Map([['EvalError',EvalError],['RangeError',RangeError],['ReferenceError',ReferenceError],['SyntaxError',SyntaxError],['TypeError',TypeError],['URIError',URIError]]);class k{constructor(){throw new TypeError('Realm is not a constructor')}static makeRootRealm(b){b=Object(b);const e=h(k.prototype);return c(d,a,e,b),e}static makeCompartment(){const b=h(k.prototype);return c(e,a,b),b}get global(){return c(f,this)}evaluate(a,b){return c(g,this,a,b)}}return i(k,'toString',{value:()=>'function Realm() { [shim code] }',writable:!1,enumerable:!1,configurable:!0}),i(k.prototype,'toString',{value:()=>'[object Realm]',writable:!1,enumerable:!1,configurable:!0}),k}function e(a,b){const{unsafeEval:c}=a;return c(x)(a,b)}function f(a){const c={Infinity:{value:1/0},NaN:{value:NaN},undefined:{value:void 0}};for(const d of S){const e=D(a,d);e&&(b('value'in e,`unexpected accessor on global property: ${d}`),c[d]={value:e.value,writable:!0,configurable:!0})}return c}function g(){function a(a){if(a===void 0||null===a)throw new TypeError(`can't convert undefined or null to object`);return Object(a)}function b(a){return'symbol'==typeof a?a:`${a}`}function c(a,b){if('function'!=typeof a)throw TypeError(`invalid ${b} usage`);return a}const{defineProperty:d,defineProperties:e,getOwnPropertyDescriptor:f,getPrototypeOf:g,prototype:h}=Object;try{(0,h.__lookupGetter__)('x')}catch(a){return}e(h,{__defineGetter__:{value:function(b,e){const f=a(this);d(f,b,{get:c(e,'getter'),enumerable:!0,configurable:!0})}},__defineSetter__:{value:function(b,e){const f=a(this);d(f,b,{set:c(e,'setter'),enumerable:!0,configurable:!0})}},__lookupGetter__:{value:function(c){let d=a(this);c=b(c);let e;for(;d&&!(e=f(d,c));)d=g(d);return e&&e.get}},__lookupSetter__:{value:function(c){let d=a(this);c=b(c);let e;for(;d&&!(e=f(d,c));)d=g(d);return e&&e.set}}})}function h(){function a(a,e){let f;try{f=(0,eval)(e)}catch(a){if(a instanceof SyntaxError)return;throw a}const g=c(f),h=Function('throw new TypeError("Not available");');b(h,'name',{value:a}),b(g,'constructor',{value:h}),b(h,'prototype',{value:g}),h!==Function.prototype.constructor&&d(h,Function.prototype.constructor)}const{defineProperty:b,getPrototypeOf:c,setPrototypeOf:d}=Object;a('Function','(function(){})'),a('GeneratorFunction','(function*(){})'),a('AsyncFunction','(async function(){})'),a('AsyncGeneratorFunction','(async function*(){})')}function i(a,b=[]){const c=f(a);return C({unsafeGlobal:a,sharedGlobalDescs:c,unsafeEval:a.eval,unsafeFunction:a.Function,allShims:b})}function j(a){const b=Y();return b.eval(Z),b.eval($),i(b,a)}function k(a){const b=E(a),c=M(F(b),a=>{if('eval'===a||aa.has(a)||!Q(_,a))return!1;const c=b[a];return!1===c.configurable&&!1===c.writable&&L(c,'value')});return c}function l(a){const{unsafeGlobal:b,unsafeEval:c}=a;let d=!1;return{__proto__:ba,allowUnsafeEvaluatorOnce(){d=!0},unsafeEvaluatorAllowed(){return d},get(a,b){return'eval'===b?!0==d?(d=!1,c):a.eval:b===Symbol.unscopables?void 0:b in a?a[b]:void 0},set(a,b,c){if(L(a,b))throw new TypeError(`do not modify endowments like ${b+''}`);return G(a)[b]=c,!0},has(a,c){return!!('eval'===c||c in a||c in b)}}}function m(a){const b=ca.exec(a);if(b){const a=b[1].split('\n').length;throw new SyntaxError(`possible import expression rejected around line ${a}`)}}function n(a){return 0===a.length?'':`const {${O(a,',')}} = this;`}function o(a,b){const{unsafeFunction:c}=a,d=n(b);return c(` | ||
| (function(a,b){'object'==typeof exports&&'undefined'!=typeof module?module.exports=b():'function'==typeof define&&define.amd?define(b):a.Realm=b()})(this,function(){'use strict';function a(a,b=void 0){const c=`please report internal shim error: ${a}`;console.error(c),b&&(console.error(`${b}`),console.error(`${b.stack}`));debugger;throw c}function b(b,c){b||a(c)}function c(a){return a}function d(a,b){function c(a,...b){try{return a(...b)}catch(a){if(Object(a)!==a)throw a;let b,c,d;try{b=`${a.name}`,c=`${a.message}`,d=`${a.stack}`}catch(a){throw new Error('unknown error')}const e=j.get(b)||Error;try{throw new e(c)}catch(a){throw a.stack=d,a}}}const{initRootRealm:d,initCompartment:e,getRealmGlobal:f,realmEvaluate:g}=b,{create:h,defineProperties:i}=Object,j=new Map([['EvalError',EvalError],['RangeError',RangeError],['ReferenceError',ReferenceError],['SyntaxError',SyntaxError],['TypeError',TypeError],['URIError',URIError]]);class k{constructor(){throw new TypeError('Realm is not a constructor')}static makeRootRealm(b){b=Object(b);const e=h(k.prototype);return c(d,a,e,b),e}static makeCompartment(){const b=h(k.prototype);return c(e,a,b),b}get global(){return c(f,this)}evaluate(a,b){return c(g,this,a,b)}}return i(k,{toString:{value:()=>'function Realm() { [shim code] }',writable:!1,enumerable:!1,configurable:!0}}),i(k.prototype,{toString:{value:()=>'[object Realm]',writable:!1,enumerable:!1,configurable:!0}}),k}function e(a,b){const{unsafeEval:c}=a;return c(x)(a,b)}function f(a){const c={Infinity:{value:1/0},NaN:{value:NaN},undefined:{value:void 0}};for(const d of R){const e=C(a,d);e&&(b('value'in e,`unexpected accessor on global property: ${d}`),c[d]={value:e.value,writable:!0,configurable:!0})}return c}function g(){function a(a){if(a===void 0||null===a)throw new TypeError(`can't convert undefined or null to object`);return Object(a)}function b(a){return'symbol'==typeof a?a:`${a}`}function c(a,b){if('function'!=typeof a)throw TypeError(`invalid ${b} usage`);return a}const{defineProperty:d,defineProperties:e,getOwnPropertyDescriptor:f,getPrototypeOf:g,prototype:h}=Object;try{(0,h.__lookupGetter__)('x')}catch(a){return}e(h,{__defineGetter__:{value:function(b,e){const f=a(this);d(f,b,{get:c(e,'getter'),enumerable:!0,configurable:!0})}},__defineSetter__:{value:function(b,e){const f=a(this);d(f,b,{set:c(e,'setter'),enumerable:!0,configurable:!0})}},__lookupGetter__:{value:function(c){let d=a(this);c=b(c);let e;for(;d&&!(e=f(d,c));)d=g(d);return e&&e.get}},__lookupSetter__:{value:function(c){let d=a(this);c=b(c);let e;for(;d&&!(e=f(d,c));)d=g(d);return e&&e.set}}})}function h(){function a(a,e){let f;try{f=(0,eval)(e)}catch(a){if(a instanceof SyntaxError)return;throw a}const g=c(f),h=Function('throw new TypeError("Not available");');b(h,{name:{value:a}}),b(g,{constructor:{value:h}}),b(h,{prototype:{value:g}}),h!==Function.prototype.constructor&&d(h,Function.prototype.constructor)}const{defineProperties:b,getPrototypeOf:c,setPrototypeOf:d}=Object;a('Function','(function(){})'),a('GeneratorFunction','(function*(){})'),a('AsyncFunction','(async function(){})'),a('AsyncGeneratorFunction','(async function*(){})')}function i(a,b=[]){const c=f(a);return A({unsafeGlobal:a,sharedGlobalDescs:c,unsafeEval:a.eval,unsafeFunction:a.Function,allShims:b})}function j(a){const b=X();return b.eval(Y),b.eval(Z),i(b,a)}function k(a){const b=D(a),c=L(E(b),a=>{if('eval'===a||_.has(a)||!P($,a))return!1;const c=b[a];return!1===c.configurable&&!1===c.writable&&K(c,'value')});return c}function l(a){const{unsafeGlobal:b,unsafeEval:c}=a;let d=!1;return{__proto__:aa,allowUnsafeEvaluatorOnce(){d=!0},unsafeEvaluatorAllowed(){return d},get(a,b){return'eval'===b?!0==d?(d=!1,c):a.eval:b===Symbol.unscopables?void 0:b in a?a[b]:void 0},set(a,b,c){if(K(a,b))throw new TypeError(`do not modify endowments like ${b+''}`);return F(a)[b]=c,!0},has(a,c){return!!('eval'===c||c in a||c in b)}}}function m(a){const b=ba.exec(a);if(b){const a=b[1].split('\n').length;throw new SyntaxError(`possible import expression rejected around line ${a}`)}}function n(a){return 0===a.length?'':`const {${N(a,',')}} = this;`}function o(a,b){const{unsafeFunction:c}=a,d=n(b);return c(` | ||
| with (arguments[0]) { | ||
@@ -9,3 +9,3 @@ ${d} | ||
| } | ||
| `)}function p(c,d){const{unsafeFunction:e}=c,f=l(c),g=k(d),h=o(c,g);return function(c={}){const g=z(d,E(c)),i=new Proxy(g,f),j=I(h,d,[i]),k={eval(b){b=`${b}`,m(b),f.allowUnsafeEvaluatorOnce();let c;try{return I(j,d,[b])}catch(a){throw c=a,a}finally{f.unsafeEvaluatorAllowed()&&a('handler did not revoke useUnsafeEvaluator',c)}}}.eval;return H(k,e.prototype),b(G(k).constructor!==Function,'hide Function'),b(G(k).constructor!==e,'hide unsafeFunction'),B(k,'toString',{value:k('() => \'function eval() { [shim code] }\''),writable:!1,enumerable:!1,configurable:!0}),k}}function q(a){return a()}function r(a){return(b,c)=>a(c)(b)}function s(a,c){const{unsafeFunction:d,unsafeGlobal:e}=a,f=function(...a){const b=`${N(a)||''}`;let f=`${O(a,',')}`;if(new d(b),R(f,')'))throw new e.SyntaxError('shim limitation: Function arg string contains parenthesis');0<f.length&&(f+='\n/*``*/');const g=`(function(${f}){\n${b}\n})`;return c(g)};return H(f,d.prototype),b(G(f).constructor!==Function,'hide Function'),b(G(f).constructor!==d,'hide unsafeFunction'),B(f,'prototype',{value:d.prototype}),B(f,'toString',{value:c('() => \'function Function() { [shim code] }\''),writable:!1,enumerable:!1,configurable:!0}),f}function t(a){return b(Object(a)===a,'bad object, not a Realm instance'),b(da.has(a),'Realm instance has no record'),da.get(a)}function u(a,c){b(Object(a)===a,'bad object, not a Realm instance'),b(!da.has(a),'Realm instance already has a record'),da.set(a,c)}function v(a,b,c,d){A(b,a),A(b,{eval:{value:c,writable:!0,configurable:!0},Function:{value:d,writable:!0,configurable:!0}})}function w(a){const{sharedGlobalDescs:b,unsafeGlobal:c}=a,d=z(c.Object.prototype),e=p(a,d),f=q(e),g=r(e),h=s(a,f);v(b,d,f,h);const i=C({safeGlobal:d,safeEval:f,safeEvalWhichTakesEndowments:g,safeFunction:h});return i}const x=c(`'use strict'; (${d})`),{assign:y,create:z,defineProperties:A,defineProperty:B,freeze:C,getOwnPropertyDescriptor:D,getOwnPropertyDescriptors:E,getOwnPropertyNames:F,getPrototypeOf:G,setPrototypeOf:H}=Object,{apply:I,ownKeys:J}=Reflect,K=a=>(b,...c)=>I(a,b,c),L=K(Object.prototype.hasOwnProperty),M=K(Array.prototype.filter),N=K(Array.prototype.pop),O=K(Array.prototype.join),P=K(Array.prototype.concat),Q=K(RegExp.prototype.test),R=K(String.prototype.includes),S=['isFinite','isNaN','parseFloat','parseInt','decodeURI','decodeURIComponent','encodeURI','encodeURIComponent','Array','ArrayBuffer','Boolean','DataView','Date','Error','EvalError','Float32Array','Float64Array','Int8Array','Int16Array','Int32Array','Map','Number','Object','Promise','Proxy','RangeError','ReferenceError','RegExp','Set','String','Symbol','SyntaxError','TypeError','Uint8Array','Uint8ClampedArray','Uint16Array','Uint32Array','URIError','WeakMap','WeakSet','JSON','Math','Reflect','escape','unescape','Intl'],T='object'==typeof exports&&'undefined'!=typeof module,U='object'==typeof document;if(!T&&!U||T&&U)throw new Error('unexpected platform, unable to create Realm');const V=T?require('vm'):void 0,W='\'use strict\'; this',X=`(0, eval)("'use strict'; this")`,Y=T?function(){const a=V.runInNewContext(X);return a}:function(){const a=document.createElement('iframe');a.style.display='none',document.body.appendChild(a);const b=a.contentWindow.eval(W);return b},Z=c(`"use strict"; (${g})();`),$=c(`"use strict"; (${h})();`),_=/^[a-zA-Z_$][\w$]*$/,aa=new Set(['await','break','case','catch','class','const','continue','debugger','default','delete','do','else','export','extends','finally','for','function','if','import','in','instanceof','new','return','super','switch','this','throw','try','typeof','var','void','while','with','yield','let','static','enum','implements','package','protected','interface','private','public','await','null','true','false','this','arguments']),ba=new Proxy(C({}),{get(b,c){a(`unexpected scope handler trap called: ${c}`)}}),ca=/^(.*)\bimport\s*(\(|\/\/|\/\*)/m,da=new WeakMap,ea={initRootRealm:function(a,b,c){const{shims:d}=c,f=P(a.allShims,d),g=j(f),h=e(g,ea);g.sharedGlobalDescs.Realm={value:h,writable:!0,configurable:!0};const i=w(g),{safeEvalWhichTakesEndowments:k}=i;for(const d of f)k(d);u(b,i)},initCompartment:function(a,b){const c=w(a);u(b,c)},getRealmGlobal:function(a){const{safeGlobal:b}=t(a);return b},realmEvaluate:function(a,b,c={}){const{safeEvalWhichTakesEndowments:d}=t(a);return d(b,c)}},fa=function(){const a=(0,eval)(W);return g(),h(),i(a)}(),ga=d(fa,ea);return ga}); | ||
| `)}function p(c,d){const{unsafeFunction:e}=c,f=l(c),g=k(d),h=o(c,g);return function(c={}){const g=z(d,D(c)),i=new Proxy(g,f),j=H(h,d,[i]),k={eval(b){b=`${b}`,m(b),f.allowUnsafeEvaluatorOnce();let c;try{return H(j,d,[b])}catch(a){throw c=a,a}finally{f.unsafeEvaluatorAllowed()&&a('handler did not revoke useUnsafeEvaluator',c)}}}.eval;return G(k,e.prototype),b(F(k).constructor!==Function,'hide Function'),b(F(k).constructor!==e,'hide unsafeFunction'),B(k,{toString:{value:k('() => \'function eval() { [shim code] }\''),writable:!1,enumerable:!1,configurable:!0}}),k}}function q(a){return a()}function r(a){return(b,c)=>a(c)(b)}function s(a,c){const{unsafeFunction:d,unsafeGlobal:e}=a,f=function(...a){const b=`${M(a)||''}`;let f=`${N(a,',')}`;if(!P(/^[\w\s,]*$/,f))throw new e.SyntaxError('shim limitation: Function arg must be simple ASCII identifiers, possibly separated by commas: no default values, pattern matches, or non-ASCII parameter names');if(new d(b),Q(f,')'))throw new e.SyntaxError('shim limitation: Function arg string contains parenthesis');0<f.length&&(f+='\n/*``*/');const g=`(function(${f}){\n${b}\n})`;return c(g)};return G(f,d.prototype),b(F(f).constructor!==Function,'hide Function'),b(F(f).constructor!==d,'hide unsafeFunction'),B(f,{prototype:{value:d.prototype},toString:{value:c('() => \'function Function() { [shim code] }\''),writable:!1,enumerable:!1,configurable:!0}}),f}function t(a){return b(Object(a)===a,'bad object, not a Realm instance'),b(ca.has(a),'Realm instance has no record'),ca.get(a)}function u(a,c){b(Object(a)===a,'bad object, not a Realm instance'),b(!ca.has(a),'Realm instance already has a record'),ca.set(a,c)}function v(a,b,c,d){B(b,a),B(b,{eval:{value:c,writable:!0,configurable:!0},Function:{value:d,writable:!0,configurable:!0}})}function w(a){const{sharedGlobalDescs:b,unsafeGlobal:c}=a,d=z(c.Object.prototype),e=p(a,d),f=q(e),g=r(e),h=s(a,f);v(b,d,f,h);const i=A({safeGlobal:d,safeEval:f,safeEvalWhichTakesEndowments:g,safeFunction:h});return i}const x=c(`'use strict'; (${d})`),{assign:y,create:z,freeze:A,defineProperties:B,getOwnPropertyDescriptor:C,getOwnPropertyDescriptors:D,getOwnPropertyNames:E,getPrototypeOf:F,setPrototypeOf:G}=Object,{apply:H,ownKeys:I}=Reflect,J=a=>(b,...c)=>H(a,b,c),K=J(Object.prototype.hasOwnProperty),L=J(Array.prototype.filter),M=J(Array.prototype.pop),N=J(Array.prototype.join),O=J(Array.prototype.concat),P=J(RegExp.prototype.test),Q=J(String.prototype.includes),R=['isFinite','isNaN','parseFloat','parseInt','decodeURI','decodeURIComponent','encodeURI','encodeURIComponent','Array','ArrayBuffer','Boolean','DataView','Date','Error','EvalError','Float32Array','Float64Array','Int8Array','Int16Array','Int32Array','Map','Number','Object','Promise','Proxy','RangeError','ReferenceError','RegExp','Set','String','Symbol','SyntaxError','TypeError','Uint8Array','Uint8ClampedArray','Uint16Array','Uint32Array','URIError','WeakMap','WeakSet','JSON','Math','Reflect','escape','unescape','Intl'],S='object'==typeof exports&&'undefined'!=typeof module,T='object'==typeof document;if(!S&&!T||S&&T)throw new Error('unexpected platform, unable to create Realm');const U=S?require('vm'):void 0,V='\'use strict\'; this',W=`(0, eval)("'use strict'; this")`,X=S?function(){const a=U.runInNewContext(W);return a}:function(){const a=document.createElement('iframe');a.style.display='none',document.body.appendChild(a);const b=a.contentWindow.eval(V);return b},Y=c(`"use strict"; (${g})();`),Z=c(`"use strict"; (${h})();`),$=/^[a-zA-Z_$][\w$]*$/,_=new Set(['await','break','case','catch','class','const','continue','debugger','default','delete','do','else','export','extends','finally','for','function','if','import','in','instanceof','new','return','super','switch','this','throw','try','typeof','var','void','while','with','yield','let','static','enum','implements','package','protected','interface','private','public','await','null','true','false','this','arguments']),aa=new Proxy(A({}),{get(b,c){a(`unexpected scope handler trap called: ${c}`)}}),ba=/^(.*)\bimport\s*(\(|\/\/|\/\*)/m,ca=new WeakMap,da={initRootRealm:function(a,b,c){const{shims:d}=c,f=O(a.allShims,d),g=j(f),h=e(g,da);g.sharedGlobalDescs.Realm={value:h,writable:!0,configurable:!0};const i=w(g),{safeEvalWhichTakesEndowments:k}=i;for(const d of f)k(d);u(b,i)},initCompartment:function(a,b){const c=w(a);u(b,c)},getRealmGlobal:function(a){const{safeGlobal:b}=t(a);return b},realmEvaluate:function(a,b,c={}){const{safeEvalWhichTakesEndowments:d}=t(a);return d(b,c)}},ea=function(){const a=(0,eval)(V);return g(),h(),i(a)}(),fa=d(ea,da);return fa}); | ||
| //# sourceMappingURL=realm-shim.min.js.map |
@@ -12,5 +12,4 @@ // Declare shorthand functions. Sharing these declarations across modules | ||
| create, | ||
| defineProperties, | ||
| defineProperty, | ||
| freeze, | ||
| defineProperties, // Object.defineProperty is allowed to fail silentlty, use Object.defineProperties instead. | ||
| getOwnPropertyDescriptor, | ||
@@ -17,0 +16,0 @@ getOwnPropertyDescriptors, |
@@ -9,5 +9,6 @@ // Portions adapted from V8 - Copyright 2016 the V8 project authors. | ||
| create, | ||
| defineProperty, | ||
| defineProperties, | ||
| getOwnPropertyDescriptors, | ||
| getPrototypeOf, | ||
| regexpTest, | ||
| setPrototypeOf, | ||
@@ -131,7 +132,9 @@ stringIncludes | ||
| // this to a plain arrow function. Now that we have safeEval, use it. | ||
| defineProperty(safeEval, 'toString', { | ||
| value: safeEval("() => 'function eval() { [shim code] }'"), | ||
| writable: false, | ||
| enumerable: false, | ||
| configurable: true | ||
| defineProperties(safeEval, { | ||
| toString: { | ||
| value: safeEval("() => 'function eval() { [shim code] }'"), | ||
| writable: false, | ||
| enumerable: false, | ||
| configurable: true | ||
| } | ||
| }); | ||
@@ -163,2 +166,22 @@ | ||
| let functionParams = `${arrayJoin(params, ',')}`; | ||
| if (!regexpTest(/^[\w\s,]*$/, functionParams)) { | ||
| throw new unsafeGlobal.SyntaxError( | ||
| 'shim limitation: Function arg must be simple ASCII identifiers, possibly separated by commas: no default values, pattern matches, or non-ASCII parameter names' | ||
| ); | ||
| // this protects against Matt Austin's clever attack: | ||
| // Function("arg=`", "/*body`){});({x: this/**/") | ||
| // which would turn into | ||
| // (function(arg=` | ||
| // /*``*/){ | ||
| // /*body`){});({x: this/**/ | ||
| // }) | ||
| // which parses as a default argument of `\n/*``*/){\n/*body` , which | ||
| // is a pair of template literals back-to-back (so the first one | ||
| // nominally evaluates to the parser to use on the second one), which | ||
| // can't actually execute (because the first literal evals to a string, | ||
| // which can't be a parser function), but that doesn't matter because | ||
| // the function is bypassed entirely. When that gets evaluated, it | ||
| // defines (but does not invoke) a function, then evaluates a simple | ||
| // {x: this} expression, giving access to the safe global. | ||
| } | ||
@@ -206,13 +229,15 @@ // Is this a real functionBody, or is someone attempting an injection | ||
| // Ensure that any function created in any compartment in a root realm is an | ||
| // instance of Function in any compartment of the same root ralm. | ||
| defineProperty(safeFunction, 'prototype', { value: unsafeFunction.prototype }); | ||
| defineProperties(safeFunction, { | ||
| // Ensure that any function created in any compartment in a root realm is an | ||
| // instance of Function in any compartment of the same root ralm. | ||
| prototype: { value: unsafeFunction.prototype }, | ||
| // Provide a custom output without overwriting the Function.prototype.toString | ||
| // which is called by some third-party libraries. | ||
| defineProperty(safeFunction, 'toString', { | ||
| value: safeEval("() => 'function Function() { [shim code] }'"), | ||
| writable: false, | ||
| enumerable: false, | ||
| configurable: true | ||
| // Provide a custom output without overwriting the Function.prototype.toString | ||
| // which is called by some third-party libraries. | ||
| toString: { | ||
| value: safeEval("() => 'function Function() { [shim code] }'"), | ||
| writable: false, | ||
| enumerable: false, | ||
| configurable: true | ||
| } | ||
| }); | ||
@@ -219,0 +244,0 @@ |
@@ -15,3 +15,3 @@ import { cleanupSource } from './utilities'; | ||
| // objects. | ||
| const { create, defineProperty } = Object; | ||
| const { create, defineProperties } = Object; | ||
@@ -116,14 +116,18 @@ const errorConstructors = new Map([ | ||
| defineProperty(Realm, 'toString', { | ||
| value: () => 'function Realm() { [shim code] }', | ||
| writable: false, | ||
| enumerable: false, | ||
| configurable: true | ||
| defineProperties(Realm, { | ||
| toString: { | ||
| value: () => 'function Realm() { [shim code] }', | ||
| writable: false, | ||
| enumerable: false, | ||
| configurable: true | ||
| } | ||
| }); | ||
| defineProperty(Realm.prototype, 'toString', { | ||
| value: () => '[object Realm]', | ||
| writable: false, | ||
| enumerable: false, | ||
| configurable: true | ||
| defineProperties(Realm.prototype, { | ||
| toString: { | ||
| value: () => '[object Realm]', | ||
| writable: false, | ||
| enumerable: false, | ||
| configurable: true | ||
| } | ||
| }); | ||
@@ -130,0 +134,0 @@ |
| // this module must never be importable outside the Realm shim itself | ||
| import { getSharedGlobalDescs } from './stdlib'; | ||
| import { repairAccessors } from './accessors'; | ||
| import { repairFunctions } from './functions'; | ||
| import { repairAccessors } from './repair/accessors'; | ||
| import { repairFunctions } from './repair/functions'; | ||
| import { cleanupSource } from './utilities'; | ||
@@ -6,0 +6,0 @@ import { freeze } from './commons'; |
@@ -71,4 +71,6 @@ // Copyright (C) 2011 Google Inc. | ||
| */ | ||
| export function getAnonIntrinsics(global) { | ||
| export default function getAnonIntrinsics(global) { | ||
| "use strict"; | ||
| const gopd = Object.getOwnPropertyDescriptor; | ||
| const getProto = Object.getPrototypeOf; | ||
@@ -78,40 +80,2 @@ //////////////// Undeniables and Intrinsics ////////////// | ||
| /** | ||
| * A known strict function which returns its arguments object. | ||
| */ | ||
| function strictArguments() { return arguments; } | ||
| /** | ||
| * A known sloppy function which returns its arguments object. | ||
| * | ||
| * Defined using Function so it'll be sloppy (not strict and not | ||
| * builtin). | ||
| */ | ||
| var sloppyArguments = Function('return arguments;'); | ||
| /** | ||
| * If present, a known strict generator function which yields its | ||
| * arguments object. | ||
| * | ||
| * <p>TODO: once all supported browsers implement ES6 generators, we | ||
| * can drop the "try"s below, drop the check for old Mozilla | ||
| * generator syntax, and treat strictArgumentsGenerator as | ||
| * unconditional in the test of the code. | ||
| */ | ||
| var strictArgumentsGenerator = void 0; | ||
| try { | ||
| // ES6 syntax | ||
| strictArgumentsGenerator = | ||
| eval('(function*() { "use strict"; yield arguments; })'); | ||
| } catch (ex) { | ||
| if (!(ex instanceof SyntaxError)) { throw ex; } | ||
| try { | ||
| // Old Firefox syntax | ||
| strictArgumentsGenerator = | ||
| eval('(function() { "use strict"; yield arguments; })'); | ||
| } catch (ex2) { | ||
| if (!(ex2 instanceof SyntaxError)) { throw ex2; } | ||
| } | ||
| } | ||
| /** | ||
| * The undeniables are the primordial objects which are ambiently | ||
@@ -126,79 +90,64 @@ * reachable via compositions of strict syntax, primitive wrapping | ||
| */ | ||
| function getUndeniables() { | ||
| var gopd = Object.getOwnPropertyDescriptor; | ||
| var getProto = Object.getPrototypeOf; | ||
| // The first element of each undeniableTuple is a string used to | ||
| // name the undeniable object for reporting purposes. It has no | ||
| // other programmatic use. | ||
| // | ||
| // The second element of each undeniableTuple should be the | ||
| // undeniable itself. | ||
| // | ||
| // The optional third element of the undeniableTuple, if present, | ||
| // should be an example of syntax, rather than use of a monkey | ||
| // patchable API, evaluating to a value from which the undeniable | ||
| // object in the second element can be reached by only the | ||
| // following steps: | ||
| // If the value is primitve, convert to an Object wrapper. | ||
| // Is the resulting object either the undeniable object, or does | ||
| // it inherit directly from the undeniable object? | ||
| // The first element of each undeniableTuple is a string used to | ||
| // name the undeniable object for reporting purposes. It has no | ||
| // other programmatic use. | ||
| // | ||
| // The second element of each undeniableTuple should be the | ||
| // undeniable itself. | ||
| // | ||
| // The optional third element of the undeniableTuple, if present, | ||
| // should be an example of syntax, rather than use of a monkey | ||
| // patchable API, evaluating to a value from which the undeniable | ||
| // object in the second element can be reached by only the | ||
| // following steps: | ||
| // If the value is primitve, convert to an Object wrapper. | ||
| // Is the resulting object either the undeniable object, or does | ||
| // it inherit directly from the undeniable object? | ||
| var undeniableTuples = [ | ||
| ['Object.prototype', Object.prototype, {}], | ||
| ['Function.prototype', Function.prototype, function(){}], | ||
| ['Array.prototype', Array.prototype, []], | ||
| ['RegExp.prototype', RegExp.prototype, /x/], | ||
| ['Boolean.prototype', Boolean.prototype, true], | ||
| ['Number.prototype', Number.prototype, 1], | ||
| ['String.prototype', String.prototype, 'x'], | ||
| ]; | ||
| var result = {}; | ||
| function* aStrictGenerator() {}; | ||
| const Generator = getProto(aStrictGenerator); | ||
| async function* aStrictAsyncGenerator() {}; | ||
| const AsyncGenerator = getProto(aStrictAsyncGenerator); | ||
| async function aStrictAsyncFunction() {}; | ||
| const AsyncFunctionPrototype = getProto(aStrictAsyncFunction); | ||
| // Get the ES6 %Generator% intrinsic, if present. | ||
| // It is undeniable because individual generator functions inherit | ||
| // from it. | ||
| (function() { | ||
| // See http://people.mozilla.org/~jorendorff/figure-2.png | ||
| // i.e., Figure 2 of section 25.2 "Generator Functions" of the | ||
| // ES6 spec. | ||
| // https://people.mozilla.org/~jorendorff/es6-draft.html#sec-generatorfunction-objects | ||
| if (!strictArgumentsGenerator) { return; } | ||
| var Generator = getProto(strictArgumentsGenerator); | ||
| undeniableTuples.push(['%Generator%', Generator, | ||
| strictArgumentsGenerator]); | ||
| strictArgumentsGenerator = strictArgumentsGenerator; | ||
| }()); | ||
| // TODO: this is dead code, but could be useful: make this the | ||
| // 'undeniables' object available via some API. | ||
| undeniableTuples.forEach(function(tuple) { | ||
| var name = tuple[0]; | ||
| var undeniable = tuple[1]; | ||
| var start = tuple[2]; | ||
| result[name] = undeniable; | ||
| if (start === void 0) { return; } | ||
| start = Object(start); | ||
| if (undeniable === start) { return; } | ||
| if (undeniable === getProto(start)) { return; } | ||
| throw new Error('Unexpected undeniable: ' + undeniable); | ||
| }); | ||
| const undeniableTuples = [ | ||
| ['Object.prototype', Object.prototype, {}], | ||
| ['Function.prototype', Function.prototype, function(){}], | ||
| ['Array.prototype', Array.prototype, []], | ||
| ['RegExp.prototype', RegExp.prototype, /x/], | ||
| ['Boolean.prototype', Boolean.prototype, true], | ||
| ['Number.prototype', Number.prototype, 1], | ||
| ['String.prototype', String.prototype, 'x'], | ||
| ['%Generator%', Generator, aStrictGenerator], | ||
| ['%AsyncGenerator%', AsyncGenerator, aStrictAsyncGenerator], | ||
| ['%AsyncFunction%', AsyncFunctionPrototype, aStrictAsyncFunction] | ||
| ]; | ||
| const undeniables = {}; | ||
| return result; | ||
| } | ||
| undeniableTuples.forEach(function(tuple) { | ||
| const name = tuple[0]; | ||
| const undeniable = tuple[1]; | ||
| let start = tuple[2]; | ||
| undeniables[name] = undeniable; | ||
| if (start === void 0) { return; } | ||
| start = Object(start); | ||
| if (undeniable === start) { return; } | ||
| if (undeniable === getProto(start)) { return; } | ||
| throw new Error('Unexpected undeniable: ' + undeniable); | ||
| }); | ||
| // For consistency checking, once we've done all our whitelist | ||
| // processing and monkey patching, we will call getUndeniables again | ||
| // and check that the undeniables are the same. | ||
| const earlyUndeniables = getUndeniables(); | ||
| function registerIteratorProtos(registery, base, name) { | ||
| var iteratorSym = global.Symbol && global.Symbol.iterator || | ||
| const iteratorSym = global.Symbol && global.Symbol.iterator || | ||
| "@@iterator"; // used instead of a symbol on FF35 | ||
| var getProto = Object.getPrototypeOf; | ||
| if (base[iteratorSym]) { | ||
| var anIter = base[iteratorSym](); | ||
| var anIteratorPrototype = getProto(anIter); | ||
| const anIter = base[iteratorSym](); | ||
| const anIteratorPrototype = getProto(anIter); | ||
| registery[name] = anIteratorPrototype; | ||
| var anIterProtoBase = getProto(anIteratorPrototype); | ||
| const anIterProtoBase = getProto(anIteratorPrototype); | ||
| if (anIterProtoBase !== Object.prototype) { | ||
@@ -227,3 +176,3 @@ if (!registery.IteratorPrototype) { | ||
| * | ||
| * <p>Unlike getUndeniables(), the result of getAnonIntrinsics() | ||
| * <p>Unlike getUndeniables(), the result of sampleAnonIntrinsics() | ||
| * does depend on the current state of the primordials, so we must | ||
@@ -233,7 +182,8 @@ * run this again after all other relevant monkey patching is done, | ||
| */ | ||
| function getAnonIntrinsics() { | ||
| var gopd = Object.getOwnPropertyDescriptor; | ||
| var getProto = Object.getPrototypeOf; | ||
| var result = {}; | ||
| // TODO: we can probably unwrap this into the outer function, and stop | ||
| // using a separately named 'sampleAnonIntrinsics' | ||
| function sampleAnonIntrinsics() { | ||
| const result = {}; | ||
| // If there are still other ThrowTypeError objects left after | ||
@@ -262,16 +212,12 @@ // noFuncPoison-ing, this should be caught by | ||
| (function() { | ||
| var Generator = earlyUndeniables['%Generator%']; | ||
| if (!Generator || Generator === Function.prototype) { return; } | ||
| if (getProto(Generator) !== Function.prototype) { | ||
| throw new Error('Generator.__proto__ was not Function.prototype'); | ||
| } | ||
| var GeneratorFunction = Generator.constructor; | ||
| if (GeneratorFunction === Function) { return; } | ||
| if (getProto(GeneratorFunction) !== Function) { | ||
| throw new Error('GeneratorFunction.__proto__ was not Function'); | ||
| const GeneratorFunction = Generator.constructor; | ||
| if (getProto(GeneratorFunction) !== Function.prototype.constructor) { | ||
| throw new Error('GeneratorFunction.__proto__ was not Function.prototype.constructor'); | ||
| } | ||
| result.GeneratorFunction = GeneratorFunction; | ||
| var genProtoBase = getProto(Generator.prototype); | ||
| if (genProtoBase !== result.IteratorPrototype && | ||
| genProtoBase !== Object.prototype) { | ||
| const genProtoBase = getProto(Generator.prototype); | ||
| if (genProtoBase !== result.IteratorPrototype) { | ||
| throw new Error('Unexpected Generator.prototype.__proto__'); | ||
@@ -281,6 +227,38 @@ } | ||
| // Get the ES6 %AsyncGeneratorFunction% intrinsic, if present. | ||
| (function() { | ||
| if (getProto(AsyncGenerator) !== Function.prototype) { | ||
| throw new Error('AsyncGenerator.__proto__ was not Function.prototype'); | ||
| } | ||
| const AsyncGeneratorFunction = AsyncGenerator.constructor; | ||
| if (getProto(AsyncGeneratorFunction) !== Function.prototype.constructor) { | ||
| throw new Error('GeneratorFunction.__proto__ was not Function.prototype.constructor'); | ||
| } | ||
| result.AsyncGeneratorFunction = AsyncGeneratorFunction; | ||
| // it appears that the only way to get an AsyncIteratorPrototype is | ||
| // through this getProto() process, so there's nothing to check it | ||
| // against | ||
| /* | ||
| const agenProtoBase = getProto(AsyncGenerator.prototype); | ||
| if (agenProtoBase !== result.AsyncIteratorPrototype) { | ||
| throw new Error('Unexpected AsyncGenerator.prototype.__proto__'); | ||
| }*/ | ||
| }()); | ||
| // Get the ES6 %AsyncFunction% intrinsic, if present. | ||
| (function() { | ||
| if (getProto(AsyncFunctionPrototype) !== Function.prototype) { | ||
| throw new Error('AsyncFunctionPrototype.__proto__ was not Function.prototype'); | ||
| } | ||
| const AsyncFunction = AsyncFunctionPrototype.constructor; | ||
| if (getProto(AsyncFunction) !== Function.prototype.constructor) { | ||
| throw new Error('AsyncFunction.__proto__ was not Function.prototype.constructor'); | ||
| } | ||
| result.AsyncFunction = AsyncFunction; | ||
| }()); | ||
| // Get the ES6 %TypedArray% intrinsic, if present. | ||
| (function() { | ||
| if (!global.Float32Array) { return; } | ||
| var TypedArray = getProto(global.Float32Array); | ||
| const TypedArray = getProto(global.Float32Array); | ||
| if (TypedArray === Function.prototype) { return; } | ||
@@ -296,3 +274,3 @@ if (getProto(TypedArray) !== Function.prototype) { | ||
| for (var name in result) { | ||
| for (let name in result) { | ||
| if (result[name] === void 0) { | ||
@@ -306,3 +284,3 @@ throw new Error('Malformed intrinsic: ' + name); | ||
| return getAnonIntrinsics(); | ||
| return sampleAnonIntrinsics(); | ||
| } |
@@ -20,2 +20,8 @@ // Copyright (C) 2018 Agoric | ||
| import tameRegExp from './tame-regexp.js'; | ||
| import removeProperties from './removeProperties.js'; | ||
| import getAnonIntrinsics from './anonIntrinsics.js'; | ||
| import { deepFreeze } from './deepFreeze.js'; | ||
| import hardenPrimordials from './hardenPrimordials.js'; | ||
| import whitelist from './whitelist.js'; | ||
| import { makeConsole } from './make-console.js'; | ||
@@ -26,2 +32,3 @@ export function createSESWithRealmConstructor(creatorStrings, Realm) { | ||
| let shims = []; | ||
| let wl = JSON.parse(JSON.stringify(whitelist)); | ||
@@ -39,8 +46,31 @@ // "allow" enables real Date.now(), anything else gets NaN | ||
| // Intl is disabled entirely for now, deleted by removeProperties. If we | ||
| // want to bring it back (under the control of this option), we'll need | ||
| // to add it to the whitelist too, as well as taming it properly. | ||
| if (options.intlMode !== "allow") { | ||
| // this shim also disables Object.prototype.toLocaleString | ||
| shims.push(`(${tameIntl})();`); | ||
| } | ||
| } else { | ||
| /* | ||
| wl.namedIntrinsics.Intl = { | ||
| Collator: true, | ||
| DateTimeFormat: true, | ||
| NumberFormat: true, | ||
| PluralRules: true, | ||
| getCanonicalLocales: true | ||
| } | ||
| */ | ||
| }; | ||
| if (options.errorStackMode !== "allow") { | ||
| shims.push(`(${tameError})();`); | ||
| } else { | ||
| // if removeProperties cleans these things from Error, v8 won't provide | ||
| // stack traces or even toString on exceptions, and then Node.js prints | ||
| // uncaught exceptions as "undefined" instead of a type/message/stack. | ||
| // So if we're allowing stack traces, make sure the whitelist is | ||
| // augmented to include them. | ||
| wl.namedIntrinsics.Error.captureStackTrace = true; | ||
| wl.namedIntrinsics.Error.stackTraceLimit = true; | ||
| wl.namedIntrinsics.Error.prepareStackTrace = true; | ||
| } | ||
@@ -52,3 +82,11 @@ | ||
| const r = Realm.makeRootRealm({shims: shims}); | ||
| // The getAnonIntrinsics function might be renamed by e.g. rollup. The | ||
| // removeProperties() function references it by name, so we need to force | ||
| // it to have a specific name. | ||
| const removeProp = `const getAnonIntrinsics = (${getAnonIntrinsics}); | ||
| (${removeProperties})(this, ${JSON.stringify(wl)})`; | ||
| shims.push(removeProp); | ||
| let r = Realm.makeRootRealm({shims: shims}); | ||
| const b = r.evaluate(creatorStrings); | ||
@@ -60,3 +98,15 @@ b.createSESInThisRealm(r.global, creatorStrings, r); | ||
| b.deepFreezePrimordials(r.global); | ||
| if (options.consoleMode === "allow") { | ||
| const s = `(${makeConsole})`; | ||
| r.global.console = r.evaluate(s)(console); | ||
| } | ||
| // Finally freeze all the primordials, and the global object. This must | ||
| // be the last thing we do. | ||
| const hardenPrimordialsSrc = ` | ||
| const deepFreeze = (${deepFreeze}); | ||
| const getAnonIntrinsics = (${getAnonIntrinsics}); | ||
| (${hardenPrimordials})`; | ||
| r.evaluate(hardenPrimordialsSrc)(r.global); | ||
| return r; | ||
@@ -63,0 +113,0 @@ } |
@@ -16,5 +16,2 @@ // Copyright (C) 2018 Agoric | ||
| import { createSESWithRealmConstructor, createSESInThisRealm } from './createSES.js'; | ||
| import { deepFreezePrimordials } from './deepFreeze.js'; | ||
| import { removeProperties } from './removeProperties.js'; | ||
| import { getAnonIntrinsics } from './anonIntrinsics.js'; | ||
| import { def } from './def.js'; | ||
@@ -24,4 +21,3 @@ import { Nat } from './nat.js'; | ||
| export { createSESWithRealmConstructor, createSESInThisRealm, | ||
| deepFreezePrimordials, removeProperties, getAnonIntrinsics, | ||
| def, Nat | ||
| }; |
@@ -0,1 +1,3 @@ | ||
| /* global getAnonIntrinsics */ | ||
| // Copyright (C) 2011 Google Inc. | ||
@@ -16,10 +18,11 @@ // Copyright (C) 2018 Agoric | ||
| import { buildWhitelist } from './whitelist.js'; | ||
| import { getAnonIntrinsics } from './anonIntrinsics.js'; | ||
| /* This is evaluated in an environment in which getAnonIntrinsics() is | ||
| already defined (by prepending the definition of getAnonIntrinsics to the | ||
| stringified removeProperties()), hence we don't use the following | ||
| import */ | ||
| //import { getAnonIntrinsics } from './anonIntrinsics.js'; | ||
| export function removeProperties(global) { | ||
| export default function removeProperties(global, whitelist) { | ||
| // walk global object, test against whitelist, delete | ||
| const whitelist = buildWhitelist(); | ||
| const uncurryThis = fn => (thisArg, ...args) => Reflect.apply(fn, thisArg, args); | ||
@@ -35,3 +38,3 @@ const gopd = Object.getOwnPropertyDescriptor; | ||
| function addToWhiteTable(global) { | ||
| function addToWhiteTable(global, rootPermit) { | ||
| /** | ||
@@ -69,3 +72,3 @@ * The whiteTable should map from each path-accessible primordial | ||
| } | ||
| register(global, whitelist); | ||
| register(global, rootPermit); | ||
| } | ||
@@ -109,5 +112,9 @@ | ||
| */ | ||
| function clean(value, prefix) { | ||
| if (value !== Object(value)) { return; } | ||
| if (cleaning.get(value)) { return; } | ||
| function clean(value, prefix, num) { | ||
| if (value !== Object(value)) { | ||
| return; | ||
| } | ||
| if (cleaning.get(value)) { | ||
| return; | ||
| } | ||
@@ -130,3 +137,3 @@ const proto = getProto(value); | ||
| const subValue = desc.value; | ||
| clean(subValue, path); | ||
| clean(subValue, path, num+1); | ||
| } else { | ||
@@ -141,4 +148,4 @@ if (p !== 'maybeAccessor') { | ||
| } else { | ||
| clean(desc.get, path + '<getter>'); | ||
| clean(desc.set, path + '<setter>'); | ||
| clean(desc.get, path + '<getter>', num+1); | ||
| clean(desc.set, path + '<setter>', num+1); | ||
| } | ||
@@ -152,6 +159,6 @@ } | ||
| addToWhiteTable(global); | ||
| addToWhiteTable(getAnonIntrinsics()); | ||
| clean(global, ''); | ||
| addToWhiteTable(global, whitelist.namedIntrinsics); | ||
| const intr = getAnonIntrinsics(global); | ||
| addToWhiteTable(intr, whitelist.anonIntrinsics); | ||
| clean(global, '', 0); | ||
| } |
@@ -16,2 +16,22 @@ | ||
| } | ||
| // we might do this in the future | ||
| /* | ||
| const unsafeError = Error; | ||
| const newErrorConstructor = function Error(...args) { | ||
| return Reflect.construct(unsafeError, args, new.target); | ||
| }; | ||
| newErrorConstructor.prototype = unsafeError.prototype; | ||
| newErrorConstructor.prototype.construct = newErrorConstructor; | ||
| Error = newErrorConstructor; | ||
| EvalError.__proto__ = newErrorConstructor; | ||
| RangeError.__proto__ = newErrorConstructor; | ||
| ReferenceError.__proto__ = newErrorConstructor; | ||
| SyntaxError.__proto__ = newErrorConstructor; | ||
| TypeError.__proto__ = newErrorConstructor; | ||
| URIError.__proto__ = newErrorConstructor; | ||
| */ | ||
| } |
@@ -8,5 +8,9 @@ /* global Intl */ | ||
| // an explicit locale name. | ||
| Intl.DateTimeFormat = () => { throw Error("disabled"); }; | ||
| Intl.NumberFormat = () => { throw Error("disabled"); }; | ||
| Intl.getCanonicalLocales = () => { throw Error("disabled"); }; | ||
| // the whitelist may have deleted Intl entirely, so tolerate that | ||
| if (typeof Intl !== 'undefined') { | ||
| Intl.DateTimeFormat = () => { throw Error("disabled"); }; | ||
| Intl.NumberFormat = () => { throw Error("disabled"); }; | ||
| Intl.getCanonicalLocales = () => { throw Error("disabled"); }; | ||
| } | ||
| Object.prototype.toLocaleString = () => { | ||
@@ -13,0 +17,0 @@ throw new Error('toLocaleString suppressed'); |
@@ -105,137 +105,115 @@ // Copyright (C) 2011 Google Inc. | ||
| */ | ||
| export function buildWhitelist() { | ||
| "use strict"; | ||
| var t = true; | ||
| var j = true; // included in the Jessie runtime | ||
| var TypedArrayWhitelist; // defined and used below | ||
| const t = true; | ||
| const j = true; // included in the Jessie runtime | ||
| const whitelist = { | ||
| cajaVM: { // Caja support | ||
| // The accessible intrinsics which are not reachable by own | ||
| // property name traversal are listed here so that they are | ||
| // processed by the whitelist, although this also makes them | ||
| // accessible by this path. See | ||
| // https://people.mozilla.org/~jorendorff/es6-draft.html#sec-well-known-intrinsic-objects | ||
| // Of these, ThrowTypeError is the only one from ES5. All the | ||
| // rest were introduced in ES6. | ||
| anonIntrinsics: { | ||
| ThrowTypeError: {}, | ||
| IteratorPrototype: { // 25.1 | ||
| // Technically, for SES-on-ES5, we should not need to | ||
| // whitelist 'next'. However, browsers are accidentally | ||
| // relying on it | ||
| // https://bugs.chromium.org/p/v8/issues/detail?id=4769# | ||
| // https://bugs.webkit.org/show_bug.cgi?id=154475 | ||
| // and we will be whitelisting it as we transition to ES6 | ||
| // anyway, so we unconditionally whitelist it now. | ||
| next: '*', | ||
| constructor: false | ||
| }, | ||
| ArrayIteratorPrototype: {}, | ||
| StringIteratorPrototype: {}, | ||
| MapIteratorPrototype: {}, | ||
| SetIteratorPrototype: {}, | ||
| let TypedArrayWhitelist; // defined and used below | ||
| // The %GeneratorFunction% intrinsic is the constructor of | ||
| // generator functions, so %GeneratorFunction%.prototype is | ||
| // the %Generator% intrinsic, which all generator functions | ||
| // inherit from. A generator function is effectively the | ||
| // constructor of its generator instances, so, for each | ||
| // generator function (e.g., "g1" on the diagram at | ||
| // http://people.mozilla.org/~jorendorff/figure-2.png ) | ||
| // its .prototype is a prototype that its instances inherit | ||
| // from. Paralleling this structure, %Generator%.prototype, | ||
| // i.e., %GeneratorFunction%.prototype.prototype, is the | ||
| // object that all these generator function prototypes inherit | ||
| // from. The .next, .return and .throw that generator | ||
| // instances respond to are actually the builtin methods they | ||
| // inherit from this object. | ||
| GeneratorFunction: { // 25.2 | ||
| length: '*', // Not sure why this is needed | ||
| prototype: { // 25.3 | ||
| prototype: { | ||
| next: '*', | ||
| return: '*', | ||
| throw: '*', | ||
| constructor: '*' // Not sure why this is needed | ||
| } | ||
| } | ||
| }, | ||
| // TODO: 25.5 AsyncFunction | ||
| export default { | ||
| // The accessible intrinsics which are not reachable by own | ||
| // property name traversal are listed here so that they are | ||
| // processed by the whitelist, although this also makes them | ||
| // accessible by this path. See | ||
| // https://people.mozilla.org/~jorendorff/es6-draft.html#sec-well-known-intrinsic-objects | ||
| // Of these, ThrowTypeError is the only one from ES5. All the | ||
| // rest were introduced in ES6. | ||
| anonIntrinsics: { | ||
| ThrowTypeError: {}, | ||
| IteratorPrototype: { // 25.1 | ||
| // Technically, for SES-on-ES5, we should not need to | ||
| // whitelist 'next'. However, browsers are accidentally | ||
| // relying on it | ||
| // https://bugs.chromium.org/p/v8/issues/detail?id=4769# | ||
| // https://bugs.webkit.org/show_bug.cgi?id=154475 | ||
| // and we will be whitelisting it as we transition to ES6 | ||
| // anyway, so we unconditionally whitelist it now. | ||
| next: '*', | ||
| constructor: false | ||
| }, | ||
| ArrayIteratorPrototype: {}, | ||
| StringIteratorPrototype: {}, | ||
| MapIteratorPrototype: {}, | ||
| SetIteratorPrototype: {}, | ||
| TypedArray: TypedArrayWhitelist = { // 22.2 | ||
| length: '*', // does not inherit from Function.prototype on Chrome | ||
| name: '*', // ditto | ||
| from: t, | ||
| of: t, | ||
| BYTES_PER_ELEMENT: '*', | ||
| prototype: { | ||
| buffer: 'maybeAccessor', | ||
| byteLength: 'maybeAccessor', | ||
| byteOffset: 'maybeAccessor', | ||
| copyWithin: '*', | ||
| entries: '*', | ||
| every: '*', | ||
| fill: '*', | ||
| filter: '*', | ||
| find: '*', | ||
| findIndex: '*', | ||
| forEach: '*', | ||
| includes: '*', | ||
| indexOf: '*', | ||
| join: '*', | ||
| keys: '*', | ||
| lastIndexOf: '*', | ||
| length: 'maybeAccessor', | ||
| map: '*', | ||
| reduce: '*', | ||
| reduceRight: '*', | ||
| reverse: '*', | ||
| set: '*', | ||
| slice: '*', | ||
| some: '*', | ||
| sort: '*', | ||
| subarray: '*', | ||
| values: '*', | ||
| BYTES_PER_ELEMENT: '*' | ||
| } | ||
| // The %GeneratorFunction% intrinsic is the constructor of | ||
| // generator functions, so %GeneratorFunction%.prototype is | ||
| // the %Generator% intrinsic, which all generator functions | ||
| // inherit from. A generator function is effectively the | ||
| // constructor of its generator instances, so, for each | ||
| // generator function (e.g., "g1" on the diagram at | ||
| // http://people.mozilla.org/~jorendorff/figure-2.png ) | ||
| // its .prototype is a prototype that its instances inherit | ||
| // from. Paralleling this structure, %Generator%.prototype, | ||
| // i.e., %GeneratorFunction%.prototype.prototype, is the | ||
| // object that all these generator function prototypes inherit | ||
| // from. The .next, .return and .throw that generator | ||
| // instances respond to are actually the builtin methods they | ||
| // inherit from this object. | ||
| GeneratorFunction: { // 25.2 | ||
| length: '*', // Not sure why this is needed | ||
| prototype: { // 25.4 | ||
| prototype: { | ||
| next: '*', | ||
| return: '*', | ||
| throw: '*', | ||
| constructor: '*' // Not sure why this is needed | ||
| } | ||
| }, | ||
| log: t, | ||
| tamperProof: t, | ||
| constFunc: t, | ||
| Nat: j, | ||
| def: j, | ||
| is: t, | ||
| compileExpr: t, | ||
| confine: j, | ||
| compileModule: t, // experimental | ||
| compileProgram: t, // Cannot be implemented in just ES5.1. | ||
| eval: t, | ||
| Function: t, | ||
| sharedImports: t, | ||
| makeImports: t, | ||
| copyToImports: t, | ||
| GuardT: { | ||
| coerce: t | ||
| }, | ||
| makeTableGuard: t, | ||
| Trademark: { | ||
| stamp: t | ||
| }, | ||
| guard: t, | ||
| passesGuard: t, | ||
| stamp: t, | ||
| makeSealerUnsealerPair: t, | ||
| makeArrayLike: { | ||
| canBeFullyLive: t | ||
| } | ||
| }, | ||
| AsyncGeneratorFunction: { // 25.3 | ||
| length: '*', | ||
| prototype: { // 25.5 | ||
| prototype: { | ||
| next: '*', | ||
| return: '*', | ||
| throw: '*', | ||
| constructor: '*' // Not sure why this is needed | ||
| } | ||
| } | ||
| }, | ||
| AsyncFunction: { // 25.7 | ||
| length: '*', | ||
| prototype: '*', | ||
| }, | ||
| TypedArray: TypedArrayWhitelist = { // 22.2 | ||
| length: '*', // does not inherit from Function.prototype on Chrome | ||
| name: '*', // ditto | ||
| from: t, | ||
| of: t, | ||
| BYTES_PER_ELEMENT: '*', | ||
| prototype: { | ||
| buffer: 'maybeAccessor', | ||
| byteLength: 'maybeAccessor', | ||
| byteOffset: 'maybeAccessor', | ||
| copyWithin: '*', | ||
| entries: '*', | ||
| every: '*', | ||
| fill: '*', | ||
| filter: '*', | ||
| find: '*', | ||
| findIndex: '*', | ||
| forEach: '*', | ||
| includes: '*', | ||
| indexOf: '*', | ||
| join: '*', | ||
| keys: '*', | ||
| lastIndexOf: '*', | ||
| length: 'maybeAccessor', | ||
| map: '*', | ||
| reduce: '*', | ||
| reduceRight: '*', | ||
| reverse: '*', | ||
| set: '*', | ||
| slice: '*', | ||
| some: '*', | ||
| sort: '*', | ||
| subarray: '*', | ||
| values: '*', | ||
| BYTES_PER_ELEMENT: '*' | ||
| } | ||
| } | ||
| }, | ||
| namedIntrinsics: { | ||
| // In order according to | ||
@@ -593,2 +571,5 @@ // http://www.ecma-international.org/ecma-262/ with chapter | ||
| // B.2.5 | ||
| compile: false, // UNSAFE. Purposely suppressed | ||
| // 21.2.6 instances | ||
@@ -636,5 +617,2 @@ lastIndex: '*', | ||
| // B.2.5 | ||
| compile: false, // UNSAFE. Purposely suppressed | ||
| // 22.1.4 instances | ||
@@ -840,2 +818,3 @@ length: '*' | ||
| // B.2.5 (RegExp.prototype.compile) is marked 'false' up in 21.2 | ||
@@ -848,6 +827,22 @@ // Other | ||
| // needlessly expensive for current usage. | ||
| } | ||
| }; | ||
| }, | ||
| return whitelist; | ||
| } | ||
| Realm: { | ||
| makeRootRealm: t, | ||
| makeCompartment: t, | ||
| prototype: { | ||
| global: "maybeAccessor", | ||
| evaluate: t | ||
| } | ||
| }, | ||
| SES: { | ||
| confine: t, | ||
| confineExpr: t | ||
| }, | ||
| Nat: j, | ||
| def: j | ||
| } | ||
| }; |
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Improved metrics
- Dev dependency count
- decreased by-25%
3
- Number of low supply chain risk alerts
- decreased by-33.33%
6
- Number of medium supply chain risk alerts
- decreased by-62.5%
9
Worsened metrics
- Total package byte prevSize
- decreased by-5.86%
973032
- Dependency count
- increased byInfinity%
1
- Number of package files
- decreased by-50%
68
- Lines of code
- decreased by-20.27%
8636
Dependency changes
+ Addedesm@^3.2.4
+ Addedesm@3.2.25(transitive)