From 50c924f6754675663a558ad7a052a7b1af303027 Mon Sep 17 00:00:00 2001 From: kumavis Date: Wed, 20 Nov 2024 10:07:00 -1000 Subject: [PATCH] fix(ses): warn on unsupported lockdownOptions mathTaming + dateTaming --- packages/ses/NEWS.md | 4 ++++ packages/ses/src/lockdown.js | 22 ++++++++++++++++++---- packages/ses/src/tame-date-constructor.js | 5 +---- packages/ses/src/tame-math-object.js | 5 +---- packages/ses/test/_lockdown-unsafe.js | 2 -- packages/ses/test/lockdown-options.test.js | 4 ++-- packages/ses/types.d.ts | 10 ++++++++-- packages/ses/types.test-d.ts | 2 -- 8 files changed, 34 insertions(+), 20 deletions(-) diff --git a/packages/ses/NEWS.md b/packages/ses/NEWS.md index 4bb7cba98e..09f7db561e 100644 --- a/packages/ses/NEWS.md +++ b/packages/ses/NEWS.md @@ -1,5 +1,9 @@ User-visible changes in `ses`: +# Next version + +- Specifying the long discontinued `mathTaming` or `dateTaming` options logs a warning. + # v1.10.0 (2024-11-13) - Permit [Promise.try](https://github.com/tc39/proposal-promise-try), diff --git a/packages/ses/src/lockdown.js b/packages/ses/src/lockdown.js index 97fdd84f95..d55e8b2ebf 100644 --- a/packages/ses/src/lockdown.js +++ b/packages/ses/src/lockdown.js @@ -194,8 +194,8 @@ export const repairIntrinsics = (options = {}) => { 'safe', ), __hardenTaming__ = getenv('LOCKDOWN_HARDEN_TAMING', 'safe'), - dateTaming = 'safe', // deprecated - mathTaming = 'safe', // deprecated + dateTaming, // deprecated + mathTaming, // deprecated ...extraOptions } = options; @@ -215,6 +215,20 @@ export const repairIntrinsics = (options = {}) => { Fail`lockdown(): non supported option ${q(extraOptionsNames)}`; const reporter = chooseReporter(reporting); + const { warn } = reporter; + + if (dateTaming !== undefined) { + // eslint-disable-next-line no-console + warn( + `SES The 'dateTaming' option is deprecated and does nothing. In the future specifying it will be an error.`, + ); + } + if (mathTaming !== undefined) { + // eslint-disable-next-line no-console + warn( + `SES The 'mathTaming' option is deprecated and does nothing. In the future specifying it will be an error.`, + ); + } priorRepairIntrinsics === undefined || // eslint-disable-next-line @endo/no-polymorphic-call @@ -289,9 +303,9 @@ export const repairIntrinsics = (options = {}) => { addIntrinsics(tameFunctionConstructors()); - addIntrinsics(tameDateConstructor(dateTaming)); + addIntrinsics(tameDateConstructor()); addIntrinsics(tameErrorConstructor(errorTaming, stackFiltering)); - addIntrinsics(tameMathObject(mathTaming)); + addIntrinsics(tameMathObject()); addIntrinsics(tameRegExpConstructor(regExpTaming)); addIntrinsics(tameSymbolConstructor()); addIntrinsics(shimArrayBufferTransfer()); diff --git a/packages/ses/src/tame-date-constructor.js b/packages/ses/src/tame-date-constructor.js index 0b756d8b71..2dfbc14738 100644 --- a/packages/ses/src/tame-date-constructor.js +++ b/packages/ses/src/tame-date-constructor.js @@ -8,10 +8,7 @@ import { defineProperties, } from './commons.js'; -export default function tameDateConstructor(dateTaming = 'safe') { - if (dateTaming !== 'safe' && dateTaming !== 'unsafe') { - throw TypeError(`unrecognized dateTaming ${dateTaming}`); - } +export default function tameDateConstructor() { const OriginalDate = Date; const DatePrototype = OriginalDate.prototype; diff --git a/packages/ses/src/tame-math-object.js b/packages/ses/src/tame-math-object.js index 0e175ea97f..678bcbd5df 100644 --- a/packages/ses/src/tame-math-object.js +++ b/packages/ses/src/tame-math-object.js @@ -6,10 +6,7 @@ import { objectPrototype, } from './commons.js'; -export default function tameMathObject(mathTaming = 'safe') { - if (mathTaming !== 'safe' && mathTaming !== 'unsafe') { - throw TypeError(`unrecognized mathTaming ${mathTaming}`); - } +export default function tameMathObject() { const originalMath = Math; const initialMath = originalMath; // to follow the naming pattern diff --git a/packages/ses/test/_lockdown-unsafe.js b/packages/ses/test/_lockdown-unsafe.js index 7a6d6fc347..0d9c444954 100644 --- a/packages/ses/test/_lockdown-unsafe.js +++ b/packages/ses/test/_lockdown-unsafe.js @@ -1,5 +1,3 @@ lockdown({ - dateTaming: 'unsafe', - mathTaming: 'unsafe', errorTaming: 'unsafe', }); diff --git a/packages/ses/test/lockdown-options.test.js b/packages/ses/test/lockdown-options.test.js index 53754c69fe..526d565358 100644 --- a/packages/ses/test/lockdown-options.test.js +++ b/packages/ses/test/lockdown-options.test.js @@ -3,12 +3,12 @@ import { repairIntrinsics } from '../src/lockdown.js'; test('repairIntrinsics throws with non-recognized options', t => { t.throws( - () => repairIntrinsics({ mathTaming: 'unsafe', abc: true }), + () => repairIntrinsics({ abc: true }), undefined, 'throws with value true', ); t.throws( - () => repairIntrinsics({ mathTaming: 'unsafe', abc: false }), + () => repairIntrinsics({ abc: false }), undefined, 'throws with value false', ); diff --git a/packages/ses/types.d.ts b/packages/ses/types.d.ts index cfde6dd017..ba452a7768 100644 --- a/packages/ses/types.d.ts +++ b/packages/ses/types.d.ts @@ -27,8 +27,14 @@ export interface RepairOptions { reporting?: 'platform' | 'console' | 'none'; unhandledRejectionTrapping?: 'report' | 'none'; errorTaming?: 'safe' | 'unsafe' | 'unsafe-debug'; - dateTaming?: 'safe' | 'unsafe'; // deprecated - mathTaming?: 'safe' | 'unsafe'; // deprecated + /** + * @deprecated Deprecated and does nothing. In the future specifying it will be an error. + */ + dateTaming?: 'safe' | 'unsafe'; + /** + * @deprecated Deprecated and does nothing. In the future specifying it will be an error. + */ + mathTaming?: 'safe' | 'unsafe'; evalTaming?: 'safeEval' | 'unsafeEval' | 'noEval'; stackFiltering?: 'concise' | 'verbose'; overrideTaming?: 'moderate' | 'min' | 'severe'; diff --git a/packages/ses/types.test-d.ts b/packages/ses/types.test-d.ts index 4428b04855..412144fcba 100644 --- a/packages/ses/types.test-d.ts +++ b/packages/ses/types.test-d.ts @@ -10,8 +10,6 @@ lockdown(); lockdown({}); lockdown({ errorTaming: 'unsafe' }); lockdown({ - mathTaming: 'unsafe', - dateTaming: 'unsafe', errorTaming: 'unsafe', localeTaming: 'unsafe', consoleTaming: 'unsafe',