static-eval
Advanced tools
Comparing version 2.0.4 to 2.0.5
@@ -5,4 +5,7 @@ # static-eval Change Log | ||
## 2.0.5 | ||
* Fix function bodies being invoked during declaration. ([@RoboPhred](https://github.com/RoboPhred) in [#30](https://github.com/browserify/static-eval/pull/30)) | ||
## 2.0.4 | ||
* Short-circuit evaluation in `&&` and `||` expressions. ([@RoboPhred](https://github.com/RoboPhred) in [#28](https://github.com/browserify/static-eval/pull/28)) | ||
* Start tracking changes. |
47
index.js
@@ -7,3 +7,3 @@ var unparse = require('escodegen').generate; | ||
var result = (function walk (node, scopeVars) { | ||
var result = (function walk (node, noExecute) { | ||
if (node.type === 'Literal') { | ||
@@ -13,3 +13,3 @@ return node.value; | ||
else if (node.type === 'UnaryExpression'){ | ||
var val = walk(node.argument) | ||
var val = walk(node.argument, noExecute) | ||
if (node.operator === '+') return +val | ||
@@ -24,3 +24,3 @@ if (node.operator === '-') return -val | ||
for (var i = 0, l = node.elements.length; i < l; i++) { | ||
var x = walk(node.elements[i]); | ||
var x = walk(node.elements[i], noExecute); | ||
if (x === FAIL) return FAIL; | ||
@@ -37,3 +37,3 @@ xs.push(x); | ||
? prop.value | ||
: walk(prop.value) | ||
: walk(prop.value, noExecute) | ||
; | ||
@@ -66,5 +66,5 @@ if (value === FAIL) return FAIL; | ||
var l = walk(node.left); | ||
var l = walk(node.left, noExecute); | ||
if (l === FAIL) return FAIL; | ||
var r = walk(node.right); | ||
var r = walk(node.right, noExecute); | ||
if (r === FAIL) return FAIL; | ||
@@ -104,7 +104,8 @@ | ||
else if (node.type === 'CallExpression') { | ||
var callee = walk(node.callee); | ||
var callee = walk(node.callee, noExecute); | ||
if (callee === FAIL) return FAIL; | ||
if (typeof callee !== 'function') return FAIL; | ||
var ctx = node.callee.object ? walk(node.callee.object) : FAIL; | ||
var ctx = node.callee.object ? walk(node.callee.object, noExecute) : FAIL; | ||
if (ctx === FAIL) ctx = null; | ||
@@ -114,10 +115,15 @@ | ||
for (var i = 0, l = node.arguments.length; i < l; i++) { | ||
var x = walk(node.arguments[i]); | ||
var x = walk(node.arguments[i], noExecute); | ||
if (x === FAIL) return FAIL; | ||
args.push(x); | ||
} | ||
if (noExecute) { | ||
return undefined; | ||
} | ||
return callee.apply(ctx, args); | ||
} | ||
else if (node.type === 'MemberExpression') { | ||
var obj = walk(node.object); | ||
var obj = walk(node.object, noExecute); | ||
// do not allow access to methods on Function | ||
@@ -131,3 +137,3 @@ if((obj === FAIL) || (typeof obj == 'function')){ | ||
} | ||
var prop = walk(node.property); | ||
var prop = walk(node.property, noExecute); | ||
if (prop === null || prop === FAIL) return FAIL; | ||
@@ -138,8 +144,8 @@ if (isUnsafeProperty(prop)) return FAIL; | ||
else if (node.type === 'ConditionalExpression') { | ||
var val = walk(node.test) | ||
var val = walk(node.test, noExecute) | ||
if (val === FAIL) return FAIL; | ||
return val ? walk(node.consequent) : walk(node.alternate) | ||
return val ? walk(node.consequent) : walk(node.alternate, noExecute) | ||
} | ||
else if (node.type === 'ExpressionStatement') { | ||
var val = walk(node.expression) | ||
var val = walk(node.expression, noExecute) | ||
if (val === FAIL) return FAIL; | ||
@@ -149,6 +155,5 @@ return val; | ||
else if (node.type === 'ReturnStatement') { | ||
return walk(node.argument) | ||
return walk(node.argument, noExecute) | ||
} | ||
else if (node.type === 'FunctionExpression') { | ||
var bodies = node.body.body; | ||
@@ -170,3 +175,3 @@ | ||
for(var i in bodies){ | ||
if(walk(bodies[i]) === FAIL){ | ||
if(walk(bodies[i], true) === FAIL){ | ||
return FAIL; | ||
@@ -187,10 +192,10 @@ } | ||
for (var i = 0; i < node.expressions.length; i++) { | ||
str += walk(node.quasis[i]); | ||
str += walk(node.expressions[i]); | ||
str += walk(node.quasis[i], noExecute); | ||
str += walk(node.expressions[i], noExecute); | ||
} | ||
str += walk(node.quasis[i]); | ||
str += walk(node.quasis[i], noExecute); | ||
return str; | ||
} | ||
else if (node.type === 'TaggedTemplateExpression') { | ||
var tag = walk(node.tag); | ||
var tag = walk(node.tag, noExecute); | ||
var quasi = node.quasi; | ||
@@ -197,0 +202,0 @@ var strings = quasi.quasis.map(walk); |
{ | ||
"name": "static-eval", | ||
"version": "2.0.4", | ||
"version": "2.0.5", | ||
"description": "evaluate statically-analyzable expressions", | ||
@@ -28,5 +28,5 @@ "main": "index.js", | ||
"type": "git", | ||
"url": "git://github.com/substack/static-eval.git" | ||
"url": "git://github.com/browserify/static-eval.git" | ||
}, | ||
"homepage": "https://github.com/substack/static-eval", | ||
"homepage": "https://github.com/browserify/static-eval", | ||
"keywords": [ | ||
@@ -33,0 +33,0 @@ "static", |
@@ -47,2 +47,16 @@ var test = require('tape'); | ||
test('array methods invocation count', function(t) { | ||
t.plan(2); | ||
var variables = { | ||
values: [1, 2, 3], | ||
receiver: [] | ||
}; | ||
var src = 'values.forEach(function(x) { receiver.push(x); })' | ||
var ast = parse(src).body[0].expression; | ||
evaluate(ast, variables); | ||
t.equal(variables.receiver.length, 3); | ||
t.deepEqual(variables.receiver, [1, 2, 3]); | ||
}) | ||
test('array methods with vars', function(t) { | ||
@@ -150,2 +164,16 @@ t.plan(1); | ||
t.equals(fnInvoked, false); | ||
}) | ||
}) | ||
test('function declaration does not invoke CallExpressions', function(t) { | ||
t.plan(1); | ||
var invoked = false; | ||
var variables = { | ||
noop: function(){}, | ||
onInvoke: function() {invoked = true} | ||
}; | ||
var src = 'noop(function(){ onInvoke(); })'; | ||
var ast = parse(src).body[0].expression; | ||
evaluate(ast, variables); | ||
t.equal(invoked, false); | ||
}); |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
19130
386
12