Skip to content

Commit

Permalink
🐛 Make stringify a bit more resilient to poisoning (#5468)
Browse files Browse the repository at this point in the history
**Description**

<!-- Please provide a short description and potentially linked issues
justifying the need for this PR -->

While we may still miss lots of poisoning cases, we try to be closer to
a fully poisoning free implementation for `stringify`. There are still
problems and risks of poisoning in the implementation but we dropped
some of them with this PR.

In theory it should make tests easier to troubleshoot in case the test
failed because of a poisoning it introduced itself.

<!-- * Your PR is fixing a bug or regression? Check for existing issues
related to this bug and link them -->
<!-- * Your PR is adding a new feature? Make sure there is a related
issue or discussion attached to it -->

<!-- You can provide any additional context to help into understanding
what's this PR is attempting to solve: reproduction of a bug, code
snippets... -->

**Checklist** — _Don't delete this checklist and make sure you do the
following before opening the PR_

- [x] The name of my PR follows [gitmoji](https://gitmoji.dev/)
specification
- [x] My PR references one of several related issues (if any)
- [x] New features or breaking changes must come with an associated
Issue or Discussion
- [x] My PR does not add any new dependency without an associated Issue
or Discussion
- [x] My PR includes bumps details, please run `yarn bump` and flag the
impacts properly
- [x] My PR adds relevant tests and they would have failed without my PR
(when applicable)

<!-- More about contributing at
https://github.com/dubzzz/fast-check/blob/main/CONTRIBUTING.md -->

**Advanced**

<!-- How to fill the advanced section is detailed below! -->

- [x] Category: 🐛 Fix a bug
- [x] Impacts: None expected, should be more resilient to poisoning

<!-- [Category] Please use one of the categories below, it will help us
into better understanding the urgency of the PR -->
<!-- * ✨ Introduce new features -->
<!-- * 📝 Add or update documentation -->
<!-- * ✅ Add or update tests -->
<!-- * 🐛 Fix a bug -->
<!-- * 🏷️ Add or update types -->
<!-- * ⚡️ Improve performance -->
<!-- * _Other(s):_ ... -->

<!-- [Impacts] Please provide a comma separated list of the potential
impacts that might be introduced by this change -->
<!-- * Generated values: Can your change impact any of the existing
generators in terms of generated values, if so which ones? when? -->
<!-- * Shrink values: Can your change impact any of the existing
generators in terms of shrink values, if so which ones? when? -->
<!-- * Performance: Can it require some typings changes on user side?
Please give more details -->
<!-- * Typings: Is there a potential performance impact? In which cases?
-->
  • Loading branch information
dubzzz authored Dec 10, 2024
1 parent 2f0bb24 commit 163875b
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 4 deletions.
5 changes: 5 additions & 0 deletions .changeset/fuzzy-onions-smoke.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
"fast-check": patch
---

🐛 Make `stringify` a bit more resilient to poisoning
10 changes: 6 additions & 4 deletions packages/fast-check/src/utils/stringify.ts
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,9 @@ import {
safePush,
safeToISOString,
safeToString,
Map,
String,
Symbol as StableSymbol,
} from './globals';

const safeArrayFrom = Array.from;
Expand Down Expand Up @@ -249,14 +251,14 @@ export function stringifyInternal<Ts>(
return typeof value === 'string' ? safeJsonStringify(value) : `new String(${safeJsonStringify(value)})`;
case '[object Symbol]': {
const s = value as unknown as symbol;
if (Symbol.keyFor(s) !== undefined) {
return `Symbol.for(${safeJsonStringify(Symbol.keyFor(s))})`;
if (StableSymbol.keyFor(s) !== undefined) {
return `Symbol.for(${safeJsonStringify(StableSymbol.keyFor(s))})`;
}
const desc = getSymbolDescription(s);
if (desc === null) {
return 'Symbol()';
}
const knownSymbol = desc.startsWith('Symbol.') && (Symbol as any)[desc.substring(7)];
const knownSymbol = desc.startsWith('Symbol.') && (StableSymbol as any)[desc.substring(7)];
return s === knownSymbol ? desc : `Symbol(${safeJsonStringify(desc)})`;
}
case '[object Promise]': {
Expand Down Expand Up @@ -353,7 +355,7 @@ export function stringify<Ts>(value: Ts): string {
* @internal
*/
export function possiblyAsyncStringify<Ts>(value: Ts): string | Promise<string> {
const stillPendingMarker = Symbol();
const stillPendingMarker = StableSymbol();
const pendingPromisesForCache: Promise<void>[] = [];
const cache = new Map<unknown, AsyncContent>();

Expand Down

0 comments on commit 163875b

Please sign in to comment.