src: don't overwrite non-writable vm globals #11109
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nodejs-github-bot
added
c++
fhinkel
force-pushed
the
vm_read_only
branch
2 times, most recently
from
7546f71
to
aa952c4
Compare
bnoordhuis
approved these changes
Feb 2, 2017
jasnell
approved these changes
Feb 2, 2017
thefourtheye
reviewed
Feb 2, 2017
|
|
||
| // https://github.com/nodejs/node/issues/10223 | ||
| ctx = vm.createContext(); | ||
| vm.runInContext('Object.defineProperty(this, "x", { value: 42 })', ctx); |
There was a problem hiding this comment.
Nit: These tests can be logically grouped. Can you group them in blocks?
There was a problem hiding this comment.
Which groups did you have in mind?
There was a problem hiding this comment.
Maybe something like this?
{
// https://github.com/nodejs/node/issues/10223
const ctx = vm.createContext();
{
vm.runInContext('Object.defineProperty(this, "x", { value: 42 })', ctx);
assert.strictEqual(ctx.x, 42);
assert.strictEqual(vm.runInContext('x', ctx), 42);
}
{
vm.runInContext('x = 0', ctx); // Does not throw but x...
assert.strictEqual(vm.runInContext('x', ctx), 42); // ...should be unaltered.
}
{
assert.throws(() => vm.runInContext('"use strict"; x = 0', ctx),
/Cannot assign to read only property 'x'/);
assert.strictEqual(vm.runInContext('x', ctx), 42);
}
}There was a problem hiding this comment.
Blocks in JS Code look weird to me. I added some extra blank lines. OK like this?
There was a problem hiding this comment.
Cool :-) This looks clean to my eyes now.
Check that the property doesn't have the read-only flag set before overwriting it. This is Ben Noordhuis previous commit, but keeping is_contextual_store. is_contextual_store describes whether this.foo = 42 or foo = 42 was called. The second is contextual and will fail in strict mode if foo is used without declaration. Therefore only do an early return if it is a contextual store. In particular, don't do an early return for Object.defineProperty(this, ...). Fixes: nodejs#10223 Refs: nodejs#10227
thefourtheye
approved these changes
Feb 3, 2017
|
|
||
| // https://github.com/nodejs/node/issues/10223 | ||
| ctx = vm.createContext(); | ||
| vm.runInContext('Object.defineProperty(this, "x", { value: 42 })', ctx); |
There was a problem hiding this comment.
Cool :-) This looks clean to my eyes now.
|
Thanks for the reviews. Landed in e116cbe. |
fhinkel
added a commit
that referenced
this pull request
Feb 4, 2017
Check that the property doesn't have the read-only flag set before overwriting it. This is Ben Noordhuis previous commit, but keeping is_contextual_store. is_contextual_store describes whether this.foo = 42 or foo = 42 was called. The second is contextual and will fail in strict mode if foo is used without declaration. Therefore only do an early return if it is a contextual store. In particular, don't do an early return for Object.defineProperty(this, ...). Fixes: #10223 Refs: #10227 PR-URL: #11109 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
italoacasas
pushed a commit
to italoacasas/node
that referenced
this pull request
Feb 5, 2017
Check that the property doesn't have the read-only flag set before overwriting it. This is Ben Noordhuis previous commit, but keeping is_contextual_store. is_contextual_store describes whether this.foo = 42 or foo = 42 was called. The second is contextual and will fail in strict mode if foo is used without declaration. Therefore only do an early return if it is a contextual store. In particular, don't do an early return for Object.defineProperty(this, ...). Fixes: nodejs#10223 Refs: nodejs#10227 PR-URL: nodejs#11109 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
italoacasas
pushed a commit
to italoacasas/node
that referenced
this pull request
Feb 14, 2017
Check that the property doesn't have the read-only flag set before overwriting it. This is Ben Noordhuis previous commit, but keeping is_contextual_store. is_contextual_store describes whether this.foo = 42 or foo = 42 was called. The second is contextual and will fail in strict mode if foo is used without declaration. Therefore only do an early return if it is a contextual store. In particular, don't do an early return for Object.defineProperty(this, ...). Fixes: nodejs#10223 Refs: nodejs#10227 PR-URL: nodejs#11109 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
krydos
pushed a commit
to krydos/node
that referenced
this pull request
Feb 25, 2017
Check that the property doesn't have the read-only flag set before overwriting it. This is Ben Noordhuis previous commit, but keeping is_contextual_store. is_contextual_store describes whether this.foo = 42 or foo = 42 was called. The second is contextual and will fail in strict mode if foo is used without declaration. Therefore only do an early return if it is a contextual store. In particular, don't do an early return for Object.defineProperty(this, ...). Fixes: nodejs#10223 Refs: nodejs#10227 PR-URL: nodejs#11109 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
|
This would need a backport PR in order to land on v4 or v6 (if it should land on those at all) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Another try for #10223.
This is @bnoordhuis reverted commit, without removing
is_contextual_store.Now
defineProperty(this, ..., {value: })is intercepted and copied by the SetterCallback and global assignment succeeds the first time. The callback does not overwrite read-only values.The first assert in the test is different from the reverted commit, because
defineProperty(..., {value: })is intercepted and copied by the SetterCallback.https://github.com/nodejs/node/blob/master/test/known_issues/test-vm-data-property-writable.js is still a known issue, because the property descriptor is taken from the sandbox not the vm context. The test is not testing that read-only properties are not overwritten, but that defineProperty works.