-
Notifications
You must be signed in to change notification settings - Fork 71
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
refactor(ses): Lint to disallow SES polymorphic calls (merge #827)
- Loading branch information
Showing
32 changed files
with
621 additions
and
365 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
"use strict" | ||
|
||
module.exports = { | ||
meta: { | ||
docs: { | ||
description: | ||
"disallow polymorphic function calls e.g.: 'array.slice()'", | ||
category: "Possible Security Errors", | ||
recommended: true, | ||
url: | ||
"https://github.com/endojs/endo/blob/master/packages/eslint-plugin/lib/rules/no-polymorphic-call.js", | ||
}, | ||
type: "problem", | ||
fixable: null, | ||
schema: [], | ||
supported: true, | ||
}, | ||
create (context) { | ||
return { | ||
CallExpression(node) { | ||
if (node.callee.type !== 'MemberExpression') { | ||
return | ||
} | ||
const reportHint = prepareMemberExpressionHint(node.callee) | ||
context.report(node, `Polymorphic call: "${reportHint}". May be vulnerable to corruption or trap`) | ||
} | ||
} | ||
}, | ||
} | ||
|
||
function prepareMemberExpressionHint (node) { | ||
const { object, property, computed } = node | ||
let objectHint | ||
let propertyHint | ||
if (object.type === 'Identifier') { | ||
objectHint = object.name | ||
} else if (object.type === 'MemberExpression') { | ||
objectHint = prepareMemberExpressionHint(object) | ||
} else { | ||
objectHint = `[[${object.type}]]` | ||
} | ||
if (property.type === 'Identifier') { | ||
if (computed) { | ||
propertyHint = `[${property.name}]` | ||
} else { | ||
propertyHint = property.name | ||
} | ||
} else { | ||
propertyHint = `[[${property.type}]]` | ||
} | ||
return `${objectHint}.${propertyHint}` | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
/// <reference types="ses"> | ||
import { | ||
TypeError, | ||
arrayPush, | ||
create, | ||
defineProperties, | ||
getOwnPropertyDescriptors, | ||
} from './commons.js'; | ||
import { | ||
evadeHtmlCommentTest, | ||
evadeImportExpressionTest, | ||
rejectSomeDirectEvalExpressions, | ||
} from './transforms.js'; | ||
import { performEval } from './evaluate.js'; | ||
|
||
export const compartmentEvaluate = (compartmentFields, source, options) => { | ||
// Perform this check first to avoid unecessary sanitizing. | ||
// TODO Maybe relax string check and coerce instead: | ||
// https://github.com/tc39/proposal-dynamic-code-brand-checks | ||
if (typeof source !== 'string') { | ||
throw new TypeError('first argument of evaluate() must be a string'); | ||
} | ||
|
||
// Extract options, and shallow-clone transforms. | ||
const { | ||
transforms = [], | ||
sloppyGlobalsMode = false, | ||
__moduleShimLexicals__ = undefined, | ||
__evadeHtmlCommentTest__ = false, | ||
__evadeImportExpressionTest__ = false, | ||
__rejectSomeDirectEvalExpressions__ = true, // Note default on | ||
} = options; | ||
const localTransforms = [...transforms]; | ||
if (__evadeHtmlCommentTest__ === true) { | ||
arrayPush(localTransforms, evadeHtmlCommentTest); | ||
} | ||
if (__evadeImportExpressionTest__ === true) { | ||
arrayPush(localTransforms, evadeImportExpressionTest); | ||
} | ||
if (__rejectSomeDirectEvalExpressions__ === true) { | ||
arrayPush(localTransforms, rejectSomeDirectEvalExpressions); | ||
} | ||
|
||
let { globalTransforms } = compartmentFields; | ||
const { globalObject, globalLexicals, knownScopeProxies } = compartmentFields; | ||
|
||
let localObject = globalLexicals; | ||
if (__moduleShimLexicals__ !== undefined) { | ||
// When using `evaluate` for ESM modules, as should only occur from the | ||
// module-shim's module-instance.js, we do not reveal the SES-shim's | ||
// module-to-program translation, as this is not standardizable behavior. | ||
// However, the `localTransforms` will come from the `__shimTransforms__` | ||
// Compartment option in this case, which is a non-standardizable escape | ||
// hatch so programs designed specifically for the SES-shim | ||
// implementation may opt-in to use the same transforms for `evaluate` | ||
// and `import`, at the expense of being tightly coupled to SES-shim. | ||
globalTransforms = undefined; | ||
|
||
localObject = create(null, getOwnPropertyDescriptors(globalLexicals)); | ||
defineProperties( | ||
localObject, | ||
getOwnPropertyDescriptors(__moduleShimLexicals__), | ||
); | ||
} | ||
|
||
return performEval(source, globalObject, localObject, { | ||
globalTransforms, | ||
localTransforms, | ||
sloppyGlobalsMode, | ||
knownScopeProxies, | ||
}); | ||
}; |
Oops, something went wrong.