3.0.0

Author: solkimicreb

README.md

@@ -2,7 +2,7 @@
 
 This library is part of the [NX framework](http://nx-framework.com/).
 The purpose of this library is to allow the execution of strings as code in the
-context of a sandbox object with optional security restrictions.
+context of a sandbox object.
 
 ## Installation
 
@@ -46,137 +46,16 @@ strict mode.
 const expression = compiler.compileExpression('prop1 || prop2')
 ```
 
-### compiler.secure(String, ..., String)
-
-This methods secures the sandbox and the compiled code. It prevents access to the global scope
-from inside the passed code. You can optionally pass global variable names as strings to expose
-them to the sandbox. Exposed global variables and the prototypes of literals (strings, numbers, etc.)
-are deep frozen with Object.freeze() to prevent security leaks. Deep frozen means that their whole prototype chain and all constructors found on that prototype chain are frozen. Calling secure more than once throws an error.
-
-```js
-compiler.secure('console', 'setTimeout')
-```
-
-This method is experimental, please do not use it in a production environment yet!
-
 ## Example
 
 ```js
 const compiler = require('@risingstack/nx-compile')
-compiler.secure('console')
-
-const sandbox = {name: 'nx-compile', version: '1.0'}
-const code = compiler.compileCode('console.log(name + version)', sandbox)
-
-// outputs 'nx-compile1.0' to console
-code()
-```
-
-## Features, limitations and edge cases
-
-#### lookup order
-
-The compiled function tries to retrieve the variables first from the sandbox and then from the global object.
-
-```js
-const compiler = require('@risingstack/nx-compile')
-
-global.prop = 'globalValue' // in a browser global would be window
-const sandbox = {prop: 'sandboxValue'}
-
-const code = compiler.compileCode('console.log(prop)', sandbox)
-
-// outputs 'sandboxValue' to the console
-code()
-
-
-// the key is still present in the sandbox
-// outputs 'undefined' to the console
-sandbox.prop = undefined
-code()
-
-// the key is not present in the sandbox
-// outputs 'globalValue' to the console
-delete sandbox.prop
-code()
-```
-
-#### local variables can't be exposed
-
-You can only expose variables declared on the global object.
-
-```js
-// this code is assumed to run in a module, so declared variables are not global
-const compiler = require('@risingstack/nx-compile')
-
-const localVariable = 'localValue'
-const code = compiler.compileCode('console.log(localVariable)', {})
-
-// tries to retrieve 'localVariable' from the global object
-// throws a ReferenceError
-code()
-```
-
-#### 'this' inside the sandboxed code
-
-`this` points to the sandbox inside the sandboxed code.
-
-```js
-const compiler = require('@risingstack/nx-compile')
-
-const message = 'local message'
-const sandbox = {message: 'sandboxed message'}
-const code = compiler.compileCode('console.log(this.message)', sandbox)
-
-// outputs 'sandboxed message' to the console
-code()
-```
-
-#### functions defined inside the sandboxed code
-
-Functions defined inside the sandboxed code are also sandboxed.
-
-```js
-const compiler = require('@risingstack/nx-compile')
-
-const message = 'local message'
-const sandbox = {message: 'sandboxed message'}
-const code = compiler.compileCode('setTimeout(() => console.log(message))', sandbox)
-
-// outputs 'sandboxed message' to the console
-code()
-```
-
-#### globals in secure mode
-
-Unexposed global variable access is prevented in secure mode.
-
-```js
-const compiler = require('@risingstack/nx-compile')
-compiler.secure('console')
-
-const sandbox = {}
-const code = compiler.compileCode('console.log(setTimeout)', sandbox)
-
-// console is exposed, setTimeout is not exposed
-// outputs 'undefined' to the console
-code()
-```
-
-#### frozen objects in secure mode
-
-Exposed globals and literal prototypes are frozen in secure mode.
-
-```js
-const compiler = require('@risingstack/nx-compile')
-compiler.secure('console')
 
-const sandbox = {}
-const rawCode = '({}).constructor.create = function(/* evil stuff */) {}'
-const code = compiler.compileCode(, sandbox)
+const sandbox = {name: 'nx-compile', version: '3.0.0'}
+const expression = compiler.compileExpression('name + version)', sandbox)
 
-// throws a TypeError, Object.create() can not be overwritten
-code()
+// outputs 'nx-compile3.0.0' to console
+console.log(expression())
 ```
 
 ## Contributions

compiler.js

@@ -1,16 +1,24 @@
 'use strict'
 
-let secured = false
-let exposedGlobals = []
-
 module.exports = {
   compileCode,
-  compileExpression,
-  secure
+  compileExpression
 }
 
 function compileExpression (src, sandbox) {
-  return compileCode(`return ${src}`, sandbox)
+  if (typeof src !== 'string') {
+    throw new TypeError('first argument must be a string')
+  }
+  if (typeof sandbox !== 'object') {
+    throw new TypeError('second argument must be an object')
+  }
+
+  sandbox = new Proxy(sandbox, {get, has})
+  const expression = `
+  try { with (sandbox) { return ${src} } } catch (err) {
+    if (!(err instanceof ReferenceError || err instanceof TypeError)) throw err
+  }`
+  return new Function('sandbox', expression).bind(sandbox, sandbox) // eslint-disable-line
 }
 
 function compileCode (src, sandbox) {
@@ -21,15 +29,8 @@ function compileCode (src, sandbox) {
     throw new TypeError('second argument must be an object')
   }
 
-  if (secured) {
-    sandbox = new Proxy(sandbox, {get, has})
-  }
-
-  // test for string manipulation
-  new Function(`'use strict'; ${src}`) // eslint-disable-line
-
-  return new Function(`with (this) { return (() => { 'use strict'; ${src} }) }`) // eslint-disable-line
-    .call(sandbox)
+  sandbox = new Proxy(sandbox, {get, has})
+  return new Function('sandbox', `with (sandbox) { ${src} }`).bind(sandbox, sandbox) // eslint-disable-line
 }
 
 function get (target, key, receiver) {
@@ -40,41 +41,5 @@ function get (target, key, receiver) {
 }
 
 function has (target, key) {
-  if (exposedGlobals.indexOf(key) !== -1) {
-    return Reflect.has(target, key)
-  }
   return true
 }
-
-function secure () {
-  if (secured) {
-    throw new Error('the compiler is already secured')
-  }
-
-  exposedGlobals.push(...arguments)
-  const globalObject = getGlobalObject()
-  for (let exposed of exposedGlobals) {
-    deepFreeze(globalObject[exposed])
-  }
-
-  const literals = ['', 0, true, /a/, [], {}, () => {}]
-  for (let literal of literals) {
-    deepFreeze(Object.getPrototypeOf(literal))
-  }
-  secured = true
-}
-
-function deepFreeze (obj) {
-  if ((typeof obj === 'object' || typeof obj === 'function') && obj !== null && !Object.isFrozen(obj)) {
-    Object.freeze(obj)
-    Object.freeze(obj.constructor)
-    deepFreeze(Object.getPrototypeOf(obj))
-  }
-}
-
-function getGlobalObject () {
-  if (typeof global === 'object' && global.global === global) return global
-  if (typeof self === 'object' && self.self === self) return self // eslint-disable-line
-  if (typeof window === 'object' && window.window === window) return window
-  throw new Error('global object could not be detected')
-}

compiler.test.js

@@ -5,8 +5,6 @@ const compiler = require('./compiler')
 
 global.prop1 = 3
 global.prop2 = 4
-global.propObj = { nestedProp: 'nestedProp' }
-global.isSecure = true
 const localProp = 1
 
 describe('nx-compile', () => {
@@ -46,12 +44,7 @@ describe('nx-compile', () => {
 
     it('should not expose local variables', () => {
       const expression = compiler.compileExpression('localProp', {})
-      expect(expression).to.throw(ReferenceError)
-    })
-
-    it('should expose global variables', () => {
-      const expression = compiler.compileExpression('prop1 + prop2', {})
-      expect(expression()).to.equal(7)
+      expect(expression()).to.equal(undefined)
     })
 
     it('should favour sandbox variables over global ones', () => {
@@ -69,64 +62,4 @@ describe('nx-compile', () => {
       expect(code()).to.equal(undefined)
     })
   })
-
-  describe('secure()', () => {
-    before(() => compiler.secure('prop1', 'propObj', 'localProp', 'setTimeout'))
-    beforeEach(() => global.isSecure = true)
-
-    it('should not expose unallowed globals to the sandbox', () => {
-      const expression = compiler.compileExpression('prop2', {})
-      expect(expression()).to.equal(undefined)
-    })
-
-    it('should expose specified globals to the sandbox', () => {
-      const expression = compiler.compileExpression('prop1', {})
-      expect(expression()).to.equal(3)
-    })
-
-    it('should not expose globals inside functions defined in the passed code', () => {
-      const code = compiler.compileCode('(function () { isSecure = false })()', {})
-      code()
-      expect(global.isSecure).to.be.true
-    })
-
-    it('should not expose globals inside async functions defined in the passed code', () => {
-      const code = compiler.compileCode('setTimeout(() => isSecure = false)', {})
-      code()
-      expect(global.isSecure).to.be.true
-    })
-
-    it('should protect against string manipulation', () => {
-      expect(() => compiler.compileCode('isSecure=false})};function this(){}//', {})).to.throw(SyntaxError)
-      expect(() => compiler.compileCode('})} isSecure = false; {({', {})).to.throw(SyntaxError)
-      expect(global.isSecure).to.be.true
-    })
-
-    it('should deep freeze the prototype of literals', () => {
-      const literals = ['', 0, true, /o/, {}, [], () => {}]
-      for (let literal of literals) {
-        expect(Object.isFrozen(Object.getPrototypeOf(literal))).to.be.true
-      }
-    })
-
-    it('should deep freeze exposed global objects', () => {
-      expect(Object.isFrozen(global.propObj)).to.be.true
-    })
-
-    it('should generally protect against global object mutation', () => {
-      const code1 = compiler.compileCode('("").__proto__.replace = function() {}', {})
-      const code2 = compiler.compileCode('({}).__proto__.toJSON = function() {}', {})
-      const code3 = compiler.compileCode('({}).constructor.create = function() {}', {})
-      const code4 = compiler.compileCode('({}).constructor.prototype.hasOwnProperty = function() {}', {})
-
-      expect(code1).to.throw(TypeError)
-      expect(code2).to.throw(TypeError)
-      expect(code3).to.throw(TypeError)
-      expect(code4).to.throw(TypeError)
-    })
-
-    it('should throw on further secure() calls', () => {
-      expect(() => compiler.secure('prop3')).to.throw(Error)
-    })
-  })
 })

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@risingstack/nx-compile",
-  "version": "2.0.0",
+  "version": "3.0.0",
   "description": "Execution of strings as code in a sandboxed environment with optional security.",
   "main": "compiler.js",
   "scripts": {