src: allow --disallow-code-generation-from-strings in workers

Make --disallow-code-generation-from-strings a per-isolate option
instead of a V8-only option, allowing it to be passed via worker
execArgv.

Fixes: #60371

Author: mcollina

src/api/environment.cc

@@ -488,7 +488,7 @@ Environment* CreateEnvironment(
     CHECK(!context.IsEmpty());
     Context::Scope context_scope(context);
 
-    if (InitializeContextRuntime(context).IsNothing()) {
+    if (InitializeContextRuntime(context, isolate_data).IsNothing()) {
       FreeEnvironment(env);
       return nullptr;
     }
@@ -670,10 +670,16 @@ MaybeLocal<Object> GetPerContextExports(Local<Context> context,
 // call NewContext and so they will experience breakages.
 Local<Context> NewContext(Isolate* isolate,
                           Local<ObjectTemplate> object_template) {
+  return NewContext(isolate, object_template, nullptr);
+}
+
+Local<Context> NewContext(Isolate* isolate,
+                          Local<ObjectTemplate> object_template,
+                          IsolateData* isolate_data) {
   auto context = Context::New(isolate, nullptr, object_template);
   if (context.IsEmpty()) return context;
 
-  if (InitializeContext(context).IsNothing()) {
+  if (InitializeContext(context, isolate_data).IsNothing()) {
     return Local<Context>();
   }
 
@@ -686,7 +692,8 @@ void ProtoThrower(const FunctionCallbackInfo<Value>& info) {
 
 // This runs at runtime, regardless of whether the context
 // is created from a snapshot.
-Maybe<void> InitializeContextRuntime(Local<Context> context) {
+Maybe<void> InitializeContextRuntime(Local<Context> context,
+                                     IsolateData* isolate_data) {
   Isolate* isolate = Isolate::GetCurrent();
   HandleScope handle_scope(isolate);
 
@@ -698,6 +705,18 @@ Maybe<void> InitializeContextRuntime(Local<Context> context) {
   // to the runtime flags, propagate the value to the embedder data.
   bool is_code_generation_from_strings_allowed =
       context->IsCodeGenerationFromStringsAllowed();
+
+  // Check if the Node.js option --disallow-code-generation-from-strings is set
+  // Use isolate_data if provided, otherwise fall back to per_process options
+  if (isolate_data != nullptr &&
+      isolate_data->options()->disallow_code_generation_from_strings) {
+    is_code_generation_from_strings_allowed = false;
+  } else if (isolate_data == nullptr &&
+             per_process::cli_options->per_isolate
+                 ->disallow_code_generation_from_strings) {
+    is_code_generation_from_strings_allowed = false;
+  }
+
   context->AllowCodeGenerationFromStrings(false);
   context->SetEmbedderData(
       ContextEmbedderIndex::kAllowCodeGenerationFromStrings,
@@ -922,11 +941,16 @@ Maybe<void> InitializePrimordials(Local<Context> context,
 
 // This initializes the main context (i.e. vm contexts are not included).
 Maybe<bool> InitializeContext(Local<Context> context) {
+  return InitializeContext(context, nullptr);
+}
+
+Maybe<bool> InitializeContext(Local<Context> context,
+                              IsolateData* isolate_data) {
   if (InitializeMainContextForSnapshot(context).IsNothing()) {
     return Nothing<bool>();
   }
 
-  if (InitializeContextRuntime(context).IsNothing()) {
+  if (InitializeContextRuntime(context, isolate_data).IsNothing()) {
     return Nothing<bool>();
   }
   return Just(true);

src/node.h

@@ -567,10 +567,20 @@ NODE_EXTERN v8::Local<v8::Context> NewContext(
     v8::Local<v8::ObjectTemplate> object_template =
         v8::Local<v8::ObjectTemplate>());
 
+// Overload that accepts IsolateData for per-isolate options
+v8::Local<v8::Context> NewContext(
+    v8::Isolate* isolate,
+    v8::Local<v8::ObjectTemplate> object_template,
+    IsolateData* isolate_data);
+
 // Runs Node.js-specific tweaks on an already constructed context
 // Return value indicates success of operation
 NODE_EXTERN v8::Maybe<bool> InitializeContext(v8::Local<v8::Context> context);
 
+// Overload that accepts IsolateData for per-isolate options
+v8::Maybe<bool> InitializeContext(v8::Local<v8::Context> context,
+                                  IsolateData* isolate_data);
+
 // If `platform` is passed, it will be used to register new Worker instances.
 // It can be `nullptr`, in which case creating new Workers inside of
 // Environments that use this `IsolateData` will not work.

src/node_contextify.cc

@@ -253,7 +253,7 @@ ContextifyContext* ContextifyContext::New(Local<Context> v8_context,
   // only initialized when needed because even deserializing them slows
   // things down significantly and they are only needed in rare occasions
   // in the vm contexts.
-  if (InitializeContextRuntime(v8_context).IsNothing()) {
+  if (InitializeContextRuntime(v8_context, env->isolate_data()).IsNothing()) {
     return {};
   }
 

src/node_internals.h

@@ -116,7 +116,8 @@ std::string GetHumanReadableProcessName();
 
 v8::Maybe<void> InitializeBaseContextForSnapshot(
     v8::Local<v8::Context> context);
-v8::Maybe<void> InitializeContextRuntime(v8::Local<v8::Context> context);
+v8::Maybe<void> InitializeContextRuntime(v8::Local<v8::Context> context,
+                                         IsolateData* isolate_data);
 v8::Maybe<void> InitializePrimordials(v8::Local<v8::Context> context,
                                       IsolateData* isolate_data);
 v8::MaybeLocal<v8::Object> InitializePrivateSymbols(

src/node_options.cc

@@ -1172,7 +1172,7 @@ PerIsolateOptionsParser::PerIsolateOptionsParser(
             kAllowedInEnvvar);
   AddOption("--disallow-code-generation-from-strings",
             "disallow eval and friends",
-            V8Option{},
+            &PerIsolateOptions::disallow_code_generation_from_strings,
             kAllowedInEnvvar);
   AddOption("--jitless",
             "disable runtime allocation of executable memory",

src/node_options.h

@@ -293,6 +293,7 @@ class PerIsolateOptions : public Options {
   std::string max_old_space_size;
   int64_t stack_trace_limit = 10;
   std::string report_signal = "SIGUSR2";
+  bool disallow_code_generation_from_strings = false;
   bool build_snapshot = false;
   std::string build_snapshot_config;
   inline EnvironmentOptions* get_per_env_options();

src/node_worker.cc

@@ -352,13 +352,14 @@ void Worker::Run() {
                                           SnapshotData::kNodeBaseContextIndex)
                         .ToLocalChecked();
           if (!context.IsEmpty() &&
-              !InitializeContextRuntime(context).IsJust()) {
+              !InitializeContextRuntime(context, data.isolate_data_.get()).IsJust()) {
             context = Local<Context>();
           }
         } else {
           Debug(
               this, "Worker %llu builds context from scratch\n", thread_id_.id);
-          context = NewContext(isolate_);
+          context = NewContext(isolate_, Local<ObjectTemplate>(),
+                               data.isolate_data_.get());
         }
         if (context.IsEmpty()) {
           // TODO(joyeecheung): maybe this should be kBootstrapFailure instead?

test/parallel/test-worker-disallow-code-generation-from-strings.js

@@ -0,0 +1,76 @@
+'use strict';
+const common = require('../common');
+const assert = require('assert');
+const { Worker } = require('worker_threads');
+
+// Test that --disallow-code-generation-from-strings can be passed to workers
+// and properly blocks eval() and related code generation functions.
+
+// Test 1: Worker with --disallow-code-generation-from-strings should block eval
+{
+  const worker = new Worker(`
+    const { parentPort } = require('worker_threads');
+    try {
+      eval('"test"');
+      parentPort.postMessage({ evalBlocked: false });
+    } catch (err) {
+      parentPort.postMessage({ evalBlocked: true, errorName: err.name });
+    }
+  `, {
+    eval: true,
+    execArgv: ['--disallow-code-generation-from-strings']
+  });
+
+  worker.on('message', common.mustCall((msg) => {
+    assert.strictEqual(msg.evalBlocked, true);
+    assert.strictEqual(msg.errorName, 'EvalError');
+  }));
+
+  worker.on('error', common.mustNotCall());
+}
+
+// Test 2: Worker without the flag should allow eval
+{
+  const worker = new Worker(`
+    const { parentPort } = require('worker_threads');
+    try {
+      const result = eval('"test"');
+      parentPort.postMessage({ evalBlocked: false, result });
+    } catch (err) {
+      parentPort.postMessage({ evalBlocked: true });
+    }
+  `, {
+    eval: true,
+    execArgv: []
+  });
+
+  worker.on('message', common.mustCall((msg) => {
+    assert.strictEqual(msg.evalBlocked, false);
+    assert.strictEqual(msg.result, 'test');
+  }));
+
+  worker.on('error', common.mustNotCall());
+}
+
+// Test 3: Verify the flag also blocks Function constructor
+{
+  const worker = new Worker(`
+    const { parentPort } = require('worker_threads');
+    try {
+      new Function('return 42')();
+      parentPort.postMessage({ functionBlocked: false });
+    } catch (err) {
+      parentPort.postMessage({ functionBlocked: true, errorName: err.name });
+    }
+  `, {
+    eval: true,
+    execArgv: ['--disallow-code-generation-from-strings']
+  });
+
+  worker.on('message', common.mustCall((msg) => {
+    assert.strictEqual(msg.functionBlocked, true);
+    assert.strictEqual(msg.errorName, 'EvalError');
+  }));
+
+  worker.on('error', common.mustNotCall());
+}