reduce false positives from fuzzing (#3417)

mishoo · May 16, 2019 · 8939a36 · 8939a36
1 parent a21c348
commit 8939a36
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 24 deletions.
diff --git a/test/compress/sandbox.js b/test/compress/sandbox.js
@@ -66,3 +66,17 @@ toplevel_Infinity_NaN_undefined: {
     }
     expect_stdout: "foo 42 null"
 }
+
+log_global: {
+    input: {
+        console.log(function() {
+            return this;
+        }());
+    }
+    expect: {
+        console.log(function() {
+            return this;
+        }());
+    }
+    expect_stdout: "[object global]"
+}
diff --git a/test/sandbox.js b/test/sandbox.js
@@ -1,29 +1,7 @@
 var semver = require("semver");
 var vm = require("vm");
 
-function safe_log(arg, level) {
-    if (arg) switch (typeof arg) {
-      case "function":
-        return arg.toString();
-      case "object":
-        if (/Error$/.test(arg.name)) return arg.toString();
-        arg.constructor.toString();
-        if (level--) for (var key in arg) {
-            var desc = Object.getOwnPropertyDescriptor(arg, key);
-            if (!desc || !desc.get) arg[key] = safe_log(arg[key], level);
-        }
-    }
-    return arg;
-}
-
-function log(msg) {
-    if (arguments.length == 1 && typeof msg == "string") return console.log("%s", msg);
-    return console.log.apply(console, [].map.call(arguments, function(arg) {
-        return safe_log(arg, 3);
-    }));
-}
-
-var func_toString = new vm.Script([
+var setupContext = new vm.Script([
     "[ Array, Boolean, Error, Function, Number, Object, RegExp, String ].forEach(function(f) {",
     "    f.toString = Function.prototype.toString;",
     "});",
@@ -44,12 +22,36 @@ var func_toString = new vm.Script([
     '        return "function(){}";',
     "    };",
     "}();",
+    "this;",
 ]).join("\n"));
 
 function createContext() {
     var ctx = vm.createContext(Object.defineProperty({}, "console", { value: { log: log } }));
-    func_toString.runInContext(ctx);
+    var global = setupContext.runInContext(ctx);
     return ctx;
+
+    function safe_log(arg, level) {
+        if (arg) switch (typeof arg) {
+        case "function":
+            return arg.toString();
+        case "object":
+            if (arg === global) return "[object global]";
+            if (/Error$/.test(arg.name)) return arg.toString();
+            arg.constructor.toString();
+            if (level--) for (var key in arg) {
+                var desc = Object.getOwnPropertyDescriptor(arg, key);
+                if (!desc || !desc.get) arg[key] = safe_log(arg[key], level);
+            }
+        }
+        return arg;
+    }
+
+    function log(msg) {
+        if (arguments.length == 1 && typeof msg == "string") return console.log("%s", msg);
+        return console.log.apply(console, [].map.call(arguments, function(arg) {
+            return safe_log(arg, 3);
+        }));
+    }
 }
 
 exports.run_code = function(code, toplevel) {