From 40cf1c87eeb3036f3578ffefe4e89d99f628a495 Mon Sep 17 00:00:00 2001 From: Appurva Murawat Date: Mon, 23 Sep 2024 18:36:07 +0530 Subject: [PATCH] Update allowed globals --- CHANGELOG.yaml | 4 ++ README.md | 77 ++++++++++++++++++++++++++++----- lib/allowed-globals.js | 65 ++++++++++++++++++++-------- test/unit/scope-globals.test.js | 22 ++++++---- 4 files changed, 130 insertions(+), 38 deletions(-) diff --git a/CHANGELOG.yaml b/CHANGELOG.yaml index bc6a7f0c..ff793f98 100644 --- a/CHANGELOG.yaml +++ b/CHANGELOG.yaml @@ -1,6 +1,10 @@ unreleased: breaking changes: - GH-677 Dropped support for Node < v18 + new features: + - >- + GH-676 Updated allowed globals list to include: + URL, Encoding, Cryptographic, and Stream APIs chores: - GH-677 Updated ESLint rules - GH-677 Updated dependencies diff --git a/README.md b/README.md index f9bd68c0..95141b16 100644 --- a/README.md +++ b/README.md @@ -63,25 +63,80 @@ myscope.exec('setTimeout(function () { __exitscope(null); }, 1000)', { async: tr These are the list of globals available to scripts in the scope +### Standard Built-ins: + ```json [ "Array", "ArrayBuffer", "Atomics", - "BigInt", "BigInt64Array", "BigUint64Array", - "Boolean", "DataView", "Date", - "Error", "EvalError", "Float32Array", - "Float64Array", "Function", "Infinity", - "Int16Array", "Int32Array", "Int8Array", + "BigInt", "Boolean", "DataView", + "Date", "Function", "Infinity", "JSON", "Map", "Math", "NaN", "Number", "Object", - "Promise", "Proxy", "RangeError", - "ReferenceError", "Reflect", "RegExp", - "Set", "SharedArrayBuffer", "String", - "Symbol", "SyntaxError", "TypeError", - "URIError", "Uint16Array", "Uint32Array", - "Uint8Array", "Uint8ClampedArray", "WeakMap", + "Promise", "Proxy", "Reflect", + "RegExp", "Set", "SharedArrayBuffer", + "String", "Symbol", "WeakMap", "WeakSet", "decodeURI", "decodeURIComponent", "encodeURI", "encodeURIComponent", "escape", "isFinite", "isNaN", "parseFloat", "parseInt", "undefined", "unescape" ] ``` +### Errors: + +```json +[ + "Error", "EvalError", "RangeError", + "ReferenceError", "SyntaxError", "TypeError", + "URIError" +] +``` + +### Typed Arrays: + +```json +[ + "BigInt64Array", "BigUint64Array", "Float32Array", + "Float64Array", "Int16Array", "Int32Array", + "Int8Array", "Uint16Array", "Uint32Array", + "Uint8Array", "Uint8ClampedArray" +] +``` + +### URL: + +```json +[ + "URL", "URLSearchParams" +] +``` + +### Encoding: +```json +[ + "atob", "btoa", + "TextDecoder", "TextDecoderStream", + "TextEncoder", "TextEncoderStream" +] +``` + +### Cryptography: +```json +[ + "Crypto", "CryptoKey", + "crypto", "SubtleCrypto" +] +``` + +### Stream: +```json +[ + "ByteLengthQueuingStrategy", "CountQueuingStrategy", + "CompressionStream", "DecompressionStream", + "ReadableByteStreamController", "ReadableStream", + "ReadableStreamBYOBReader", "ReadableStreamBYOBRequest", + "ReadableStreamDefaultController", "ReadableStreamDefaultReader", + "TransformStream", "TransformStreamDefaultController", + "WritableStream", "WritableStreamDefaultController", + "WritableStreamDefaultWriter" +] +``` diff --git a/lib/allowed-globals.js b/lib/allowed-globals.js index 1acd99bb..7595c6d5 100644 --- a/lib/allowed-globals.js +++ b/lib/allowed-globals.js @@ -1,4 +1,6 @@ +/* eslint-disable one-var */ /* eslint-disable @stylistic/js/no-multi-spaces */ + /** * Add variables here that will be available as globals inside the scope during execution. * @@ -6,22 +8,49 @@ * @type {String[]} */ module.exports = [ - 'Array', 'ArrayBuffer', 'Atomics', - 'BigInt', 'BigInt64Array', 'BigUint64Array', - 'Boolean', 'DataView', 'Date', - 'Error', 'EvalError', 'Float32Array', - 'Float64Array', 'Function', 'Infinity', - 'Int16Array', 'Int32Array', 'Int8Array', - 'JSON', 'Map', 'Math', - 'NaN', 'Number', 'Object', - 'Promise', 'Proxy', 'RangeError', - 'ReferenceError', 'Reflect', 'RegExp', - 'Set', 'SharedArrayBuffer', 'String', - 'Symbol', 'SyntaxError', 'TypeError', - 'URIError', 'Uint16Array', 'Uint32Array', - 'Uint8Array', 'Uint8ClampedArray', 'WeakMap', - 'WeakSet', 'decodeURI', 'decodeURIComponent', - 'encodeURI', 'encodeURIComponent', 'escape', - 'isFinite', 'isNaN', 'parseFloat', - 'parseInt', 'undefined', 'unescape' + 'Array', 'ArrayBuffer', 'Atomics', + 'BigInt', 'Boolean', 'DataView', + 'Date', 'Function', 'Infinity', + 'JSON', 'Map', 'Math', + 'NaN', 'Number', 'Object', + 'Promise', 'Proxy', 'Reflect', + 'RegExp', 'Set', 'SharedArrayBuffer', + 'String', 'Symbol', 'WeakMap', + 'WeakSet', 'decodeURI', 'decodeURIComponent', + 'encodeURI', 'encodeURIComponent', 'escape', + 'isFinite', 'isNaN', 'parseFloat', + 'parseInt', 'undefined', 'unescape', + + // Error + 'Error', 'EvalError', 'RangeError', + 'ReferenceError', 'SyntaxError', 'TypeError', + 'URIError', + + // Typed Arrays + 'BigInt64Array', 'BigUint64Array', 'Float32Array', + 'Float64Array', 'Int16Array', 'Int32Array', + 'Int8Array', 'Uint16Array', 'Uint32Array', + 'Uint8Array', 'Uint8ClampedArray', + + // URL + 'URL', 'URLSearchParams', + + // Encoding + 'atob', 'btoa', + 'TextDecoder', 'TextDecoderStream', + 'TextEncoder', 'TextEncoderStream', + + // Cryptography + 'Crypto', 'CryptoKey', + 'crypto', 'SubtleCrypto', + + // Stream + 'ByteLengthQueuingStrategy', 'CountQueuingStrategy', + 'CompressionStream', 'DecompressionStream', + 'ReadableByteStreamController', 'ReadableStream', + 'ReadableStreamBYOBReader', 'ReadableStreamBYOBRequest', + 'ReadableStreamDefaultController', 'ReadableStreamDefaultReader', + 'TransformStream', 'TransformStreamDefaultController', + 'WritableStream', 'WritableStreamDefaultController', + 'WritableStreamDefaultWriter' ]; diff --git a/test/unit/scope-globals.test.js b/test/unit/scope-globals.test.js index 99a785e9..8160bc33 100644 --- a/test/unit/scope-globals.test.js +++ b/test/unit/scope-globals.test.js @@ -15,15 +15,19 @@ describe('scope module globals', function () { it('should be limited to a known subset in context', function (done) { scope.exec(` var availableGlobals = Object.getOwnPropertyNames(this).sort(); - expect(availableGlobals).eql(['Array', 'ArrayBuffer', 'Atomics', 'BigInt', 'BigInt64Array', - 'BigUint64Array', 'Boolean', 'DataView', 'Date', 'decodeURI', 'decodeURIComponent', 'encodeURI', - 'encodeURIComponent', 'Error', 'escape', 'EvalError', 'Float32Array', 'Float64Array', 'Function', - 'Infinity', 'Int8Array', 'Int16Array', 'Int32Array', 'isFinite', 'isNaN', 'JSON', 'Map', 'Math', 'NaN', - 'Number', 'Object', 'parseFloat', 'parseInt', 'Proxy', 'Promise', 'RangeError', 'ReferenceError', - 'Reflect', 'RegExp', 'Set', 'SharedArrayBuffer', 'String', 'Symbol', 'SyntaxError', 'TypeError', - 'Uint8Array', 'Uint8ClampedArray', 'Uint16Array', 'Uint32Array', 'undefined', 'unescape', 'URIError', - 'WeakMap', 'WeakSet', - + expect(availableGlobals).eql(['Array', 'ArrayBuffer', 'Atomics', 'atob', 'BigInt', 'BigInt64Array', + 'BigUint64Array', 'Boolean', 'ByteLengthQueuingStrategy', 'CompressionStream', 'CountQueuingStrategy', + 'btoa', 'Crypto', 'CryptoKey', 'crypto', 'DataView', 'Date', 'DecompressionStream', 'decodeURI', + 'decodeURIComponent', 'encodeURI', 'encodeURIComponent', 'Error', 'escape', 'EvalError', 'Float32Array', + 'Float64Array', 'Function', 'Infinity', 'Int8Array', 'Int16Array', 'Int32Array', 'isFinite', 'isNaN', + 'JSON','Map', 'Math', 'NaN', 'Number', 'Object', 'parseFloat', 'parseInt', 'Proxy', 'Promise', + 'RangeError', 'ReadableByteStreamController', 'ReadableStream', 'ReadableStreamBYOBReader', + 'ReadableStreamBYOBRequest', 'ReadableStreamDefaultController', 'ReadableStreamDefaultReader', + 'ReferenceError', 'Reflect', 'RegExp', 'Set', 'SharedArrayBuffer', 'String', 'SubtleCrypto', 'Symbol', + 'SyntaxError', 'TextDecoder', 'TextDecoderStream', 'TextEncoder', 'TextEncoderStream', + 'TransformStream', 'TransformStreamDefaultController', 'TypeError', 'Uint8Array', 'Uint8ClampedArray', + 'Uint16Array', 'Uint32Array', 'undefined', 'unescape', 'URIError', 'URL', 'URLSearchParams', 'WeakMap', + 'WeakSet', 'WritableStream', 'WritableStreamDefaultController', 'WritableStreamDefaultWriter', 'expect' // special for test ].sort()) `, done);