Override Symbol.hasInstances without Proxy

Author: mrbbot

packages/core/src/plugins/core.ts

@@ -473,6 +473,11 @@ export class CorePlugin extends Plugin<CoreOptions> implements CoreOptions {
       // could be used as an escape hatch if behaviour needs to be different
       // locally for any reason
       MINIFLARE: true,
+
+      // Object, Function, Array, Promise, RegExp, Error, EvalError, RangeError,
+      // ReferenceError, SyntaxError, TypeError and URIError are intentionally
+      // omitted. See packages/runner-vm/src/instanceof.ts for a detailed
+      // explanation of why.
     };
 
     // Process module rules if modules mode was enabled

packages/core/test/plugins/bindings.spec.ts

@@ -513,7 +513,6 @@ test("BindingsPlugin: propagates error if service throws", async (t) => {
     }
   );
   await t.throwsAsync(mf.dispatchFetch("http://localhost/"), {
-    instanceOf: Error,
     message: "oops",
   });
 });

packages/jest-environment-miniflare/src/index.ts

@@ -11,7 +11,7 @@ import {
 } from "@miniflare/durable-objects";
 import { HTMLRewriterPlugin } from "@miniflare/html-rewriter";
 import { KVPlugin } from "@miniflare/kv";
-import { VMScriptRunner, makeProxiedGlobals } from "@miniflare/runner-vm";
+import { VMScriptRunner, defineHasInstances } from "@miniflare/runner-vm";
 import { Context, NoOpLog } from "@miniflare/shared";
 import { SitesPlugin } from "@miniflare/sites";
 import { WebSocketPlugin } from "@miniflare/web-sockets";
@@ -68,10 +68,12 @@ export default class MiniflareEnvironment implements JestEnvironment {
     this.config = config;
     // Intentionally allowing code generation as some coverage tools require it
     this.context = vm.createContext({});
-    this.scriptRunner = new VMScriptRunner(
-      this.context,
-      /* blockCodeGeneration */ false
-    );
+    // Make sure we define custom [Symbol.hasInstance]s for primitives so
+    // cross-realm instanceof works correctly. This is done automatically
+    // when running scripts using @miniflare/runner-vm, but we might not be
+    // using Durable Objects, so may never do this.
+    defineHasInstances(this.context);
+    this.scriptRunner = new VMScriptRunner(this.context);
 
     const global = (this.global = vm.runInContext("this", this.context));
     global.global = global;
@@ -174,7 +176,6 @@ export default class MiniflareEnvironment implements JestEnvironment {
     mfGlobalScope.self = global;
     // Make sure Miniflare's global scope is assigned to Jest's global context,
     // even if we didn't run a script because we had no Durable Objects
-    Object.assign(global, makeProxiedGlobals(/* blockCodeGeneration */ false));
     Object.assign(global, mfGlobalScope);
 
     // Add a way of getting bindings in modules mode to allow seeding data.

packages/jest-environment-miniflare/test/fixtures/core.worker.spec.js

@@ -39,3 +39,11 @@ describe("uses Jest fake timers", () => {
 test("can generate secure random numbers", () => {
   crypto.getRandomValues(new Uint8Array(8));
 });
+
+test("Object instanceof checks succeed", () => {
+  expect(new Uint8Array() instanceof Object).toBe(true);
+  expect({} instanceof Object).toBe(true);
+  expect({}.constructor === Object).toBe(true);
+  expect(new Object({ a: 1 })).toEqual({ a: 1 });
+  expect(Object.getPrototypeOf({}) === Object.prototype);
+});

packages/runner-vm/src/index.ts

@@ -8,18 +8,15 @@ import {
   ScriptRunnerResult,
 } from "@miniflare/shared";
 import { VMScriptRunnerError } from "./error";
+import { defineHasInstances } from "./instanceof";
 import { ModuleLinker } from "./linker";
-import { makeProxiedGlobals } from "./proxied";
 
 export * from "./error";
-export * from "./proxied";
+export * from "./instanceof";
 
 // noinspection JSMethodCanBeStatic
 export class VMScriptRunner implements ScriptRunner {
-  constructor(
-    private context?: vm.Context,
-    private blockCodeGeneration = true
-  ) {}
+  constructor(private context?: vm.Context) {}
 
   private runAsScript(context: vm.Context, blueprint: ScriptBlueprint) {
     const script = new vm.Script(blueprint.code, {
@@ -59,22 +56,20 @@ export class VMScriptRunner implements ScriptRunner {
     const linker =
       modulesRules && new ModuleLinker(modulesRules, additionalModules ?? {});
 
-    // Add proxied globals so cross-realm instanceof works correctly.
-    // globalScope will be fresh for each call of run so it's fine to mutate it.
-    Object.assign(globalScope, makeProxiedGlobals(this.blockCodeGeneration));
-
     let context = this.context;
     if (context) {
       // This path is for custom test environments, where this.context is only
       // used once.
       Object.assign(context, globalScope);
     } else {
       // Create a new context with eval/new Function/WASM compile disabled
-      const allow = !this.blockCodeGeneration;
       context = vm.createContext(globalScope, {
-        codeGeneration: { strings: allow, wasm: allow },
+        codeGeneration: { strings: false, wasm: false },
       });
     }
+    // Define custom [Symbol.hasInstance]s for primitives so cross-realm
+    // instanceof works correctly.
+    defineHasInstances(context);
 
     // Keep track of module namespaces and total script size
     let exports: Context = {};

packages/runner-vm/src/instanceof.ts

@@ -0,0 +1,132 @@
+/* eslint-disable @typescript-eslint/ban-types */
+// Object, Function, Array, Promise, RegExp, Error, EvalError, RangeError,
+// ReferenceError, SyntaxError, TypeError and URIError are intentionally
+// not passed into the sandbox. There's a trade-off here, ideally we'd like all
+// these checks to pass:
+//
+// ```js
+// import vm from "vm";
+//
+// const ctx1 = vm.createContext({ objectFunction: () => ({}) });
+//
+// vm.runInContext("({}) instanceof Object", ctx1); // true
+// vm.runInContext("({}).constructor === Object", ctx1); // true
+//
+// vm.runInContext("objectFunction() instanceof Object", ctx1); // false
+// vm.runInContext("objectFunction().constructor === Object", ctx1); // false
+//
+// const ctx2 = vm.createContext({ Object: Object, objectFunction: () => ({}) });
+//
+// vm.runInContext("({}) instanceof Object", ctx2); // false
+// vm.runInContext("({}).constructor === Object", ctx2); // false
+//
+// vm.runInContext("objectFunction() instanceof Object", ctx2); // true
+// vm.runInContext("objectFunction().constructor === Object", ctx2); // true
+// ```
+//
+// wasm-bindgen (a tool used to make compiling Rust to WebAssembly easier),
+// often generates code that looks like `value instanceof Object`.
+// We'd like this check to succeed for objects generated outside the worker
+// (e.g. Workers runtime APIs), and inside user code (instances of classes we
+// pass in e.g. `new Uint8Array()`, and literals e.g. `{}`). To do this, we
+// override the `[Symbol.hasInstance]` property of primitive classes like
+// `Object` so `instanceof` performs a cross-realm check.
+// See `defineHasInstancesScript` later in this file.
+//
+// Historically, we used to do this by proxying the primitive classes instead:
+//
+// ```js
+// function isObject(value) {
+//   return value !== null && typeof value === "object";
+// }
+//
+// const ObjectProxy = new Proxy(Object, {
+//   get(target, property, receiver) {
+//     if (property === Symbol.hasInstance) return isObject;
+//     return Reflect.get(target, property, receiver);
+//   },
+// });
+//
+// const ctx3 = vm.createContext({
+//   Object: ObjectProxy,
+//   objectFunction: () => ({}),
+// });
+//
+// vm.runInContext("({}) instanceof Object", ctx3); // true
+// vm.runInContext("({}).constructor === Object", ctx3); // false
+//
+// vm.runInContext("objectFunction() instanceof Object", ctx3); // true
+// vm.runInContext("objectFunction().constructor === Object", ctx3); // false
+// ```
+//
+// The problem with this option is that the `constructor`/`prototype` checks
+// fail, because we're passing in the `Object` from the outer realm.
+// These are used quite a lot in JS, and this was the cause of several issues:
+// - https://github.com/cloudflare/miniflare/issues/109
+// - https://github.com/cloudflare/miniflare/issues/137
+// - https://github.com/cloudflare/miniflare/issues/141
+// - https://github.com/cloudflare/wrangler2/issues/91
+//
+// The new behaviour still has the issue `constructor`/`prototype`/`instanceof`
+// checks for `Object`s created outside the sandbox would fail, but I think
+// that's less likely to be a problem.
+
+import util from "util";
+import vm from "vm";
+
+// https://nodejs.org/api/util.html#util_util_isobject_object
+function isObject(value: any): value is Object {
+  return value !== null && typeof value === "object";
+}
+
+// https://nodejs.org/api/util.html#util_util_isfunction_object
+function isFunction(value: any): value is Function {
+  return typeof value === "function";
+}
+
+function isError<Ctor extends ErrorConstructor>(errorCtor: Ctor) {
+  const name = errorCtor.prototype.name;
+  return function (value: any): value is InstanceType<Ctor> {
+    if (!util.types.isNativeError(value)) return false;
+    // Traverse up prototype chain and check for matching name
+    let prototype = value;
+    while ((prototype = Object.getPrototypeOf(prototype)) !== null) {
+      if (prototype.name === name) return true;
+    }
+    return false;
+  };
+}
+
+const types = {
+  isObject,
+  isFunction,
+  isArray: Array.isArray,
+  isPromise: util.types.isPromise,
+  isRegExp: util.types.isRegExp,
+  isError,
+};
+
+const defineHasInstancesScript = new vm.Script(
+  `(function(types) {
+  // Only define properties once, will throw if we try doing this twice
+  if (Object[Symbol.hasInstance] === types.isObject) return;
+  Object.defineProperty(Object, Symbol.hasInstance, { value: types.isObject });
+  Object.defineProperty(Function, Symbol.hasInstance, { value: types.isFunction });
+  Object.defineProperty(Array, Symbol.hasInstance, { value: types.isArray });
+  Object.defineProperty(Promise, Symbol.hasInstance, { value: types.isPromise });
+  Object.defineProperty(RegExp, Symbol.hasInstance, { value: types.isRegExp });
+  Object.defineProperty(Error, Symbol.hasInstance, { value: types.isError(Error) });
+  Object.defineProperty(EvalError, Symbol.hasInstance, { value: types.isError(EvalError) });
+  Object.defineProperty(RangeError, Symbol.hasInstance, { value: types.isError(RangeError) });
+  Object.defineProperty(ReferenceError, Symbol.hasInstance, { value: types.isError(ReferenceError) });
+  Object.defineProperty(SyntaxError, Symbol.hasInstance, { value: types.isError(SyntaxError) });
+  Object.defineProperty(TypeError, Symbol.hasInstance, { value: types.isError(TypeError) });
+  Object.defineProperty(URIError, Symbol.hasInstance, { value: types.isError(URIError) });
+})`,
+  { filename: "<defineHasInstancesScript>" }
+);
+
+// This is called on each new vm.Context before executing arbitrary user code
+export function defineHasInstances(ctx: vm.Context): void {
+  defineHasInstancesScript.runInContext(ctx)(types);
+}

packages/runner-vm/src/proxied.ts

@@ -52,6 +52,7 @@ test("VMScriptRunner: run: includes module file name in stack traces", async (t)
   }
 });
 test("VMScriptRunner: run: disallows dynamic JavaScript execution", async (t) => {
+  // noinspection JSUnusedGlobalSymbols
   const globals = { callback: () => t.fail() };
   const expectations: ThrowsExpectation = {
     message: "Code generation from strings disallowed for this context",
@@ -97,30 +98,46 @@ test("VMScriptRunner: run: disallows WebAssembly compilation", async (t) => {
       "WebAssembly.compile(): Wasm code generation disallowed by embedder",
   });
 });
-test("VMScriptRunner: run: allows dynamic code generation if enabled", async (t) => {
-  const runner = new VMScriptRunner(undefined, false);
-  const addModule = await fs.readFile(path.join(fixturesPath, "add.wasm"));
-  await runner.run({}, { code: 'eval("1 + 1")', filePath: "test.js" });
-  await runner.run({}, { code: 'new Function("1 + 1")', filePath: "test.js" });
-  await runner.run(
-    { addModule },
-    { code: "await WebAssembly.compile(addModule)", filePath: "test.js" },
-    []
-  );
-  t.pass();
-});
 test("VMScriptRunner: run: supports cross-realm instanceof", async (t) => {
   const result = await runner.run(
-    { outsideRegexp: /a/ },
+    { outsideObject: {}, outsideRegexp: /a/ },
     {
       code: `
-      export const outsideInstanceOf = outsideRegexp instanceof RegExp;
-      export const insideInstanceOf = /a/ instanceof RegExp;
+      // Simulating wasm-bindgen
+      export const outsideInstanceOf = outsideObject instanceof Object;
+      export const insideInstanceOf = {} instanceof Object;
+      
+      export const outsideRegExpInstanceOf = outsideRegexp instanceof RegExp;
+      export const insideRegExpInstanceOf = /a/ instanceof RegExp;
+      
+      // https://github.com/cloudflare/miniflare/issues/109
+      // https://github.com/cloudflare/miniflare/issues/141
+      export const outsideConstructor = outsideObject.constructor === Object;
+      export const insideConstructor = {}.constructor === Object;
+
+      // https://github.com/cloudflare/miniflare/issues/137
+      export const newObject = new Object({ a: 1 });
+      
+      // https://github.com/cloudflare/wrangler2/issues/91
+      export const outsidePrototype = Object.getPrototypeOf(outsideObject) === Object.prototype;
+      export const insidePrototype = Object.getPrototypeOf({}) === Object.prototype;
       `,
       filePath: "test.js",
     },
     []
   );
+
   t.true(result.exports.outsideInstanceOf);
   t.true(result.exports.insideInstanceOf);
+
+  t.true(result.exports.outsideRegExpInstanceOf);
+  t.true(result.exports.insideRegExpInstanceOf);
+
+  t.false(result.exports.outsideConstructor); // :(
+  t.true(result.exports.insideConstructor);
+
+  t.deepEqual(result.exports.newObject, { a: 1 });
+
+  t.false(result.exports.outsidePrototype); // :(
+  t.true(result.exports.insidePrototype);
 });