Skip to content

Commit d88105f

Browse files
XmiliaHXmiliaH
committed
Ensure host array does not leak through proxy
1 parent 4d662e3 commit d88105f

File tree

1 file changed

+58
-0
lines changed

1 file changed

+58
-0
lines changed

lib/setup-sandbox.js

Lines changed: 58 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@ const {
2121
const {
2222
getPrototypeOf: localReflectGetPrototypeOf,
2323
apply: localReflectApply,
24+
construct: localReflectConstruct,
2425
deleteProperty: localReflectDeleteProperty,
2526
has: localReflectHas,
2627
defineProperty: localReflectDefineProperty,
@@ -432,6 +433,63 @@ if (AsyncGeneratorFunction) {
432433
overrideWithProxy(AsyncGeneratorFunction.prototype, 'constructor', AsyncGeneratorFunction, makeCheckFunction(true, true));
433434
}
434435

436+
function makeSafeHandlerArgs(args) {
437+
const sArgs = ensureThis(args);
438+
if (sArgs === args) return args;
439+
const a = [];
440+
for (let i=0; i < sArgs.length; i++) {
441+
localReflectDefineProperty(a, i, {
442+
__proto__: null,
443+
value: sArgs[i],
444+
enumerable: true,
445+
configurable: true,
446+
writable: true
447+
});
448+
}
449+
return a;
450+
}
451+
452+
const makeSafeArgs = Object.freeze({
453+
__proto__: null,
454+
apply(target, thiz, args) {
455+
return localReflectApply(target, thiz, makeSafeHandlerArgs(args));
456+
},
457+
construct(target, args, newTarget) {
458+
return localReflectConstruct(target, makeSafeHandlerArgs(args), newTarget);
459+
}
460+
});
461+
462+
const proxyHandlerHandler = Object.freeze({
463+
__proto__: null,
464+
get(target, name, receiver) {
465+
const value = target.handler[name];
466+
if (typeof value !== 'function') return value;
467+
return new LocalProxy(value, makeSafeArgs);
468+
}
469+
});
470+
471+
function wrapProxyHandler(args) {
472+
if (args.length < 2) return args;
473+
const handler = args[1];
474+
args[1] = new LocalProxy({__proto__: null, handler}, proxyHandlerHandler);
475+
return args;
476+
}
477+
478+
const proxyHandler = Object.freeze({
479+
__proto__: null,
480+
apply(target, thiz, args) {
481+
return localReflectApply(target, thiz, wrapProxyHandler(args));
482+
},
483+
construct(target, args, newTarget) {
484+
return localReflectConstruct(target, wrapProxyHandler(args), newTarget);
485+
}
486+
});
487+
488+
const proxiedProxy = new LocalProxy(LocalProxy, proxyHandler);
489+
490+
overrideWithProxy(LocalProxy, 'revocable', LocalProxy.revocable, proxyHandler);
491+
492+
global.Proxy = proxiedProxy;
435493
global.Function = proxiedFunction;
436494
global.eval = new LocalProxy(localEval, EvalHandler);
437495

0 commit comments

Comments
 (0)