Skip to content

Commit

Permalink
Merge pull request #6 from commenthol/fix-breakout-console
Browse files Browse the repository at this point in the history 
Fix breakout console
  • Loading branch information
@commenthol
commenthol committed Jul 14, 2019
2 parents d3167c8 + 25c3048 commit 073267a
Show file tree
Hide file tree
Showing 5 changed files with 57 additions and 28 deletions.
6 changes: 3 additions & 3 deletions README.md
View file
Expand Up @@ -25,9 +25,9 @@ Runs on node and in modern browsers:

| | Versions |
| --- | --- |
| **node** | 4, 6, 8, 10, 11 |
| **Chrome** | 69, 71 |
| **Firefox** | 60, 64 |
| **node** | 8, 10, 11, 12 |
| **Chrome** | 70, 75 |
| **Firefox** | 60, 68 |
| **Edge** | 17, 18 |
| **IE** | ~~11~~ |
| **Safari** | 11, 12|
Expand Down
32 changes: 16 additions & 16 deletions package.json
View file
@@ -1,6 +1,6 @@
{
"name": "safer-eval",
"version": "1.3.3",
"version": "1.3.4-0",
"description": "a safer eval",
"keywords": [
"eval",
Expand Down Expand Up @@ -37,32 +37,32 @@
"clones": "^1.2.0"
},
"devDependencies": {
"@babel/cli": "^7.4.4",
"@babel/core": "^7.4.4",
"@babel/preset-env": "^7.4.4",
"@babel/cli": "^7.5.0",
"@babel/core": "^7.5.4",
"@babel/preset-env": "^7.5.4",
"babel-loader": "^8.0.6",
"eslint": "^5.16.0",
"eslint-config-standard": "^12.0.0",
"eslint-plugin-import": "^2.17.2",
"eslint-plugin-node": "^9.0.1",
"eslint-plugin-promise": "^4.1.1",
"eslint": "^6.0.1",
"eslint-config-standard": "^13.0.1",
"eslint-plugin-import": "^2.18.0",
"eslint-plugin-node": "^9.1.0",
"eslint-plugin-promise": "^4.2.1",
"eslint-plugin-standard": "^4.0.0",
"karma": "^4.1.0",
"karma-chrome-launcher": "^2.2.0",
"karma": "^4.2.0",
"karma-chrome-launcher": "^3.0.0",
"karma-firefox-launcher": "^1.1.0",
"karma-mocha": "^1.3.0",
"karma-sourcemap-loader": "^0.3.7",
"karma-spec-reporter": "~0.0.32",
"karma-webpack": "^3.0.5",
"karma-webpack": "^4.0.2",
"mocha": "^6.1.4",
"nyc": "^14.1.1",
"rimraf": "^2.6.3",
"webpack": "^4.31.0"
},
"_devDependencies": {
"zuul": "^3.11.1"
"webpack": "^4.35.3"
},
"engines": {
"node": ">=6.0.0"
},
"optionalDevDependencies": {
"zuul": "^3.11.1"
}
}
12 changes: 8 additions & 4 deletions src/common.js
View file
Expand Up @@ -47,13 +47,17 @@ exports.createContext = function () {
cloneFunctions(context)
context.Buffer = _protect('Buffer')
context.console = clones(console, console) // console needs special treatment
context.console.constructor.constructor = 'function () {}'
}
if (hasWindow) {
fillContext(window, true)
cloneFunctions(context)
protectBuiltInObjects(context)
context.console = clones(console, console) // console needs special treatment
context.Object.constructor.constructor = 'function () {}'
try {
context.Object.constructor.constructor = 'function () {}'
} catch (e) {
}
}

return context
Expand Down Expand Up @@ -82,7 +86,7 @@ function cloneFunctions (context) {
'clearTimeout'
].forEach((str) => {
try {
let fn = new Function(`return ${str}`)() // eslint-disable-line no-new-func
const fn = new Function(`return ${str}`)() // eslint-disable-line no-new-func
context[str] = fn
? function () {
return fn.apply(null, [].slice.call(arguments))
Expand All @@ -97,7 +101,7 @@ function cloneFunctions (context) {
'setTimeout'
].forEach((str) => {
try {
let fn = new Function(`return ${str}`)() // eslint-disable-line no-new-func
const fn = new Function(`return ${str}`)() // eslint-disable-line no-new-func
context[str] = fn
? function (f) {
if (typeof f === 'function') {
Expand Down Expand Up @@ -175,7 +179,7 @@ function protectBuiltInObjects (context) {
*/
function _protect (str) {
try {
let type = new Function(`return ${str}`)() // eslint-disable-line no-new-func
const type = new Function(`return ${str}`)() // eslint-disable-line no-new-func
return type
? clones.classes(type)
: undefined
Expand Down
31 changes: 28 additions & 3 deletions test/saferEval.spec.js
View file
Expand Up @@ -83,8 +83,9 @@ describe('#saferEval', function () {
})

it('setInterval passing a function', function (done) {
var res = saferEval('(function (){var id = setInterval(function () {Array._test = 111; console.log("intervall"); clearInterval(id)}, 5)}())')
assert.strictEqual(res)
var res = saferEval('(function (){var id = setInterval(function () {Array._test = 111; console.log("interval"); clearInterval(id)}, 5)})')
assert.strictEqual(typeof res, 'function')
res()
setTimeout(function () {
assert.strictEqual(Array._test, undefined)
done()
Expand Down Expand Up @@ -270,6 +271,22 @@ describe('#saferEval', function () {
}
assert.strictEqual(res, undefined)
})
it('should not allow using console.constructor.constructor', function () {
let res
try {
res = saferEval("console.constructor.constructor('return process')().env")
} catch (e) {
}
assert.strictEqual(res, undefined)
})
it('should not allow using JSON.constructor.constructor', function () {
let res
try {
res = saferEval("JSON.constructor.constructor('return process')().env")
} catch (e) {
}
assert.strictEqual(res, undefined)
})
it('should prevent a breakout using Object.constructor', function () {
let res
try {
Expand Down Expand Up @@ -301,7 +318,15 @@ describe('#saferEval', function () {
it('should not allow using Object.constructor.constructor', function () {
let res
try {
res = saferEval("Object.constructor.constructor('return localStorage')()")
res = saferEval("Object.constructor.constructor('return window')()")
} catch (e) {
}
assert.strictEqual(res, undefined)
})
it('should not allow using console.constructor.constructor', function () {
let res
try {
res = saferEval("console.constructor.constructor('return window')()")
} catch (e) {
}
assert.strictEqual(res, undefined)
Expand Down
4 changes: 2 additions & 2 deletions webpack.config.js
View file
Expand Up @@ -6,8 +6,8 @@ module.exports = {
devtool: 'source-map',
resolve: {
alias: {
'src': path.resolve(__dirname, 'src'),
'lib': path.resolve(__dirname, 'lib')
src: path.resolve(__dirname, 'src'),
lib: path.resolve(__dirname, 'lib')
}
},
module: {
Expand Down

0 comments on commit 073267a

Please sign in to comment.