Skip to content

Commit

Permalink
feat(ses): harden some Node.js intrinsics
Browse files Browse the repository at this point in the history
  • Loading branch information
mhofman committed Jan 9, 2024
1 parent 43c09a6 commit 148f101
Showing 1 changed file with 23 additions and 0 deletions.
23 changes: 23 additions & 0 deletions packages/ses/src/lockdown.js
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ import {
stringSplit,
noEvalEvaluate,
getOwnPropertyNames,
getPrototypeOf,
} from './commons.js';
import { makeHardener } from './make-hardener.js';
import { makeIntrinsicsCollector } from './intrinsics.js';
Expand Down Expand Up @@ -281,6 +282,14 @@ export const repairIntrinsics = (options = {}) => {

const intrinsics = finalIntrinsics();

const hostIntrinsics = { __proto__: null };

// The Node.js Buffer is a derived class of Uint8Array, and as such is often
// passed around where a Uint8Array is expected.
if (typeof globalThis.Buffer === 'function') {
hostIntrinsics.Buffer = globalThis.Buffer;
}

/**
* Wrap console unless suppressed.
* At the moment, the console is considered a host power in the start
Expand All @@ -301,6 +310,19 @@ export const repairIntrinsics = (options = {}) => {
);
globalThis.console = /** @type {Console} */ (consoleRecord.console);

// The untamed Node.js console cannot itself be hardened as it has mutable
// internal properties, but some of these properties expose internal versions
// of classes from node's "primordials" concept.
// eslint-disable-next-line no-underscore-dangle
if (typeof (/** @type {any} */ (consoleRecord.console)._times) === 'object') {
// SafeMap is a derived Map class used internally by Node
// There doesn't seem to be a cleaner way to reach it.
hostIntrinsics.SafeMap = getPrototypeOf(
// eslint-disable-next-line no-underscore-dangle
/** @type {any} */ (consoleRecord.console)._times,
);
}

// @ts-ignore assert is absent on globalThis type def.
if (errorTaming === 'unsafe' && globalThis.assert === assert) {
// If errorTaming is 'unsafe' we replace the global assert with
Expand Down Expand Up @@ -390,6 +412,7 @@ export const repairIntrinsics = (options = {}) => {
// must be the operation that modifies the intrinsics.
const toHarden = {
intrinsics,
hostIntrinsics,
globals: {
// Harden evaluators
Function: globalThis.Function,
Expand Down

0 comments on commit 148f101

Please sign in to comment.