Skip to content

Commit

Permalink
Merge pull request #395 from XmiliaH/security-fixes
Browse files Browse the repository at this point in the history
Internal restructuring and security improvements
  • Loading branch information
XmiliaH authored Feb 8, 2022
2 parents 3a21c36 + 94bf918 commit 532120d
Show file tree
Hide file tree
Showing 28 changed files with 7,932 additions and 3,476 deletions.
3 changes: 3 additions & 0 deletions .editorconfig
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,6 @@ indent_size = 4
end_of_line = lf
insert_final_newline = true
trim_trailing_whitespace = true

[/lib/events.js]
indent_size = 2
4 changes: 3 additions & 1 deletion .eslintignore
Original file line number Diff line number Diff line change
@@ -1 +1,3 @@
/test.js
/test.js
/node-*
/lib/events.js
10 changes: 7 additions & 3 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,8 +1,12 @@
v3.9.6 (2022-02-08)
-------------------
[fix] Security fixes (XmiliaH)

v3.9.5 (2021-10-17)
-------------------
[new] Editor config (aubelsb2)
[fix] Fix for Promise.then breaking
[fix] Fix for missing properties on CallSite
[new] Editor config (aubelsb2)
[fix] Fix for Promise.then breaking
[fix] Fix for missing properties on CallSite

v3.9.4 (2021-10-12)
-------------------
Expand Down
2 changes: 1 addition & 1 deletion LICENSE.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
MIT License

Copyright (c) 2014-2021 Patrik Simek and contributors
Copyright (c) 2014-2022 Patrik Simek and contributors

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

Expand Down
174 changes: 90 additions & 84 deletions README.md

Large diffs are not rendered by default.

20 changes: 14 additions & 6 deletions index.d.ts
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ export interface VMRequire {
mock?: any;
/* An additional lookup function in case a module wasn't found in one of the traditional node lookup paths. */
resolve?: (moduleName: string, parentDirname: string) => string;
/** Custom require to require host and built-in modules. */
customRequire?: (id: string) => any;
}

/**
Expand Down Expand Up @@ -56,8 +58,14 @@ export interface VMOptions {
wasm?: boolean;
/**
* If set to `true` any attempt to run code using async will throw a `VMError` (default: `false`).
* @deprecated Use ``allowAsync` instead
*/
fixAsync?: boolean;

/**
* If set to `false` any attempt to run code using async will throw a `VMError` (default: `true`).
*/
allowAsync?: boolean;
}

/**
Expand All @@ -84,6 +92,8 @@ export interface NodeVMOptions extends VMOptions {
* This object will not be copied and the script can change this object.
*/
env?: any;
/** Run modules in strict mode. Required modules are always strict. */
strict?: boolean;
}

/**
Expand All @@ -98,9 +108,7 @@ export class VM {
/** Timeout to use for the run methods */
timeout?: number;
/** Runs the code */
run(js: string, path?: string): any;
/** Runs the VMScript object */
run(script: VMScript): any;
run(script: string|VMScript, options?: string|{filename?: string}): any;
/** Runs the code in the specific file */
runFile(filename: string): any;
/** Loads all the values into the global object with the same names */
Expand Down Expand Up @@ -146,9 +154,7 @@ export class NodeVM extends EventEmitter implements VM {
/** Only here because of implements VM. Does nothing. */
timeout?: number;
/** Runs the code */
run(js: string, path?: string): any;
/** Runs the VMScript object */
run(script: VMScript): any;
run(js: string|VMScript, options?: string|{filename?: string, wrapper?: "commonjs" | "none", strict?: boolean}): any;
/** Runs the code in the specific file */
runFile(filename: string): any;
/** Loads all the values into the global object with the same names */
Expand All @@ -159,6 +165,8 @@ export class NodeVM extends EventEmitter implements VM {
getGlobal(name: string): any;
/** Freezes the object inside VM making it read-only. Not available for primitive values. */
freeze(object: any, name?: string): any;
/** Freezes the object inside VM making it read-only. Not available for primitive values. */
readonly(object: any): any;
/** Protects the object inside VM making impossible to set functions as it's properties. Not available for primitive values */
protect(object: any, name?: string): any;
}
Expand Down
Loading

0 comments on commit 532120d

Please sign in to comment.