Skip to content

Commit

Permalink
Update allowed globals
Browse files Browse the repository at this point in the history
  • Loading branch information
@appurva21
appurva21 committed Sep 24, 2024
1 parent e8d30d7 commit 1eee648
Show file tree
Hide file tree
Showing 4 changed files with 146 additions and 38 deletions.
5 changes: 5 additions & 0 deletions CHANGELOG.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
unreleased:
new features:
- >-
GH-676 Updated allowed globals list to include:
URL, Encoding, Cryptographic, and Stream APIs
2.2.0:
date: 2024-03-13
new features:
Expand Down
77 changes: 66 additions & 11 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,25 +63,80 @@ myscope.exec('setTimeout(function () { __exitscope(null); }, 1000)', { async: tr

These are the list of globals available to scripts in the scope

### Standard Built-ins:

```json
[
"Array", "ArrayBuffer", "Atomics",
"BigInt", "BigInt64Array", "BigUint64Array",
"Boolean", "DataView", "Date",
"Error", "EvalError", "Float32Array",
"Float64Array", "Function", "Infinity",
"Int16Array", "Int32Array", "Int8Array",
"BigInt", "Boolean", "DataView",
"Date", "Function", "Infinity",
"JSON", "Map", "Math",
"NaN", "Number", "Object",
"Promise", "Proxy", "RangeError",
"ReferenceError", "Reflect", "RegExp",
"Set", "SharedArrayBuffer", "String",
"Symbol", "SyntaxError", "TypeError",
"URIError", "Uint16Array", "Uint32Array",
"Uint8Array", "Uint8ClampedArray", "WeakMap",
"Promise", "Proxy", "Reflect",
"RegExp", "Set", "SharedArrayBuffer",
"String", "Symbol", "WeakMap",
"WeakSet", "decodeURI", "decodeURIComponent",
"encodeURI", "encodeURIComponent", "escape",
"isFinite", "isNaN", "parseFloat",
"parseInt", "undefined", "unescape"
]
```
### Errors:

```json
[
"Error", "EvalError", "RangeError",
"ReferenceError", "SyntaxError", "TypeError",
"URIError"
]
```

### Typed Arrays:

```json
[
"BigInt64Array", "BigUint64Array", "Float32Array",
"Float64Array", "Int16Array", "Int32Array",
"Int8Array", "Uint16Array", "Uint32Array",
"Uint8Array", "Uint8ClampedArray"
]
```

### URL:

```json
[
"URL", "URLSearchParams"
]
```

### Encoding:
```json
[
"atob", "btoa",
"TextDecoder", "TextDecoderStream",
"TextEncoder", "TextEncoderStream"
]
```

### Cryptography:
```json
[
"Crypto", "CryptoKey",
"crypto", "SubtleCrypto"
]
```

### Stream:
```json
[
"ByteLengthQueuingStrategy", "CountQueuingStrategy",
"CompressionStream", "DecompressionStream",
"ReadableByteStreamController", "ReadableStream",
"ReadableStreamBYOBReader", "ReadableStreamBYOBRequest",
"ReadableStreamDefaultController", "ReadableStreamDefaultReader",
"TransformStream", "TransformStreamDefaultController",
"WritableStream", "WritableStreamDefaultController",
"WritableStreamDefaultWriter"
]
```
80 changes: 62 additions & 18 deletions lib/allowed-globals.js
View file
Original file line number Diff line number Diff line change
@@ -1,27 +1,71 @@
/* eslint-disable one-var */
/* eslint-disable no-multi-spaces */
/**
* Add variables here that will be available as globals inside the scope during execution.
*
* @const
* @type {String[]}
*/
module.exports = [

const StandardBuiltIns = [
'Array', 'ArrayBuffer', 'Atomics',
'BigInt', 'BigInt64Array', 'BigUint64Array',
'Boolean', 'DataView', 'Date',
'Error', 'EvalError', 'Float32Array',
'Float64Array', 'Function', 'Infinity',
'Int16Array', 'Int32Array', 'Int8Array',
'BigInt', 'Boolean', 'DataView',
'Date', 'Function', 'Infinity',
'JSON', 'Map', 'Math',
'NaN', 'Number', 'Object',
'Promise', 'Proxy', 'RangeError',
'ReferenceError', 'Reflect', 'RegExp',
'Set', 'SharedArrayBuffer', 'String',
'Symbol', 'SyntaxError', 'TypeError',
'URIError', 'Uint16Array', 'Uint32Array',
'Uint8Array', 'Uint8ClampedArray', 'WeakMap',
'Promise', 'Proxy', 'Reflect',
'RegExp', 'Set', 'SharedArrayBuffer',
'String', 'Symbol', 'WeakMap',
'WeakSet', 'decodeURI', 'decodeURIComponent',
'encodeURI', 'encodeURIComponent', 'escape',
'isFinite', 'isNaN', 'parseFloat',
'parseInt', 'undefined', 'unescape'
];


const Errors = [
'Error', 'EvalError', 'RangeError',
'ReferenceError', 'SyntaxError', 'TypeError',
'URIError'
];

const TypedArrays = [
'BigInt64Array', 'BigUint64Array', 'Float32Array',
'Float64Array', 'Int16Array', 'Int32Array',
'Int8Array', 'Uint16Array', 'Uint32Array',
'Uint8Array', 'Uint8ClampedArray'
];

const UrlAPI = ['URL', 'URLSearchParams'];

const EncodingAPI = [
'atob', 'btoa',
'TextDecoder', 'TextDecoderStream',
'TextEncoder', 'TextEncoderStream'
];

const CryptoAPI = [
'Crypto', 'CryptoKey',
'crypto', 'SubtleCrypto'
];

const StreamsAPI = [
'ByteLengthQueuingStrategy', 'CountQueuingStrategy',
'CompressionStream', 'DecompressionStream',
'ReadableByteStreamController', 'ReadableStream',
'ReadableStreamBYOBReader', 'ReadableStreamBYOBRequest',
'ReadableStreamDefaultController', 'ReadableStreamDefaultReader',
'TransformStream', 'TransformStreamDefaultController',
'WritableStream', 'WritableStreamDefaultController',
'WritableStreamDefaultWriter'
];

/**
* Add variables here that will be available as globals inside the scope during execution.
*
* @const
* @type {String[]}
*/
module.exports = [
...StandardBuiltIns,
...Errors,
...TypedArrays,
...UrlAPI,
...EncodingAPI,
...CryptoAPI,
...StreamsAPI
];
22 changes: 13 additions & 9 deletions test/unit/scope-globals.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,15 +15,19 @@ describe('scope module globals', function () {
it('should be limited to a known subset in context', function (done) {
scope.exec(`
var availableGlobals = Object.getOwnPropertyNames(this).sort();
expect(availableGlobals).eql(['Array', 'ArrayBuffer', 'Atomics', 'BigInt', 'BigInt64Array',
'BigUint64Array', 'Boolean', 'DataView', 'Date', 'decodeURI', 'decodeURIComponent', 'encodeURI',
'encodeURIComponent', 'Error', 'escape', 'EvalError', 'Float32Array', 'Float64Array', 'Function',
'Infinity', 'Int8Array', 'Int16Array', 'Int32Array', 'isFinite', 'isNaN', 'JSON', 'Map', 'Math', 'NaN',
'Number', 'Object', 'parseFloat', 'parseInt', 'Proxy', 'Promise', 'RangeError', 'ReferenceError',
'Reflect', 'RegExp', 'Set', 'SharedArrayBuffer', 'String', 'Symbol', 'SyntaxError', 'TypeError',
'Uint8Array', 'Uint8ClampedArray', 'Uint16Array', 'Uint32Array', 'undefined', 'unescape', 'URIError',
'WeakMap', 'WeakSet',
expect(availableGlobals).eql(['Array', 'ArrayBuffer', 'Atomics', 'atob', 'BigInt', 'BigInt64Array',
'BigUint64Array', 'Boolean', 'ByteLengthQueuingStrategy', 'CompressionStream', 'CountQueuingStrategy',
'btoa', 'Crypto', 'CryptoKey', 'crypto', 'DataView', 'Date', 'DecompressionStream', 'decodeURI',
'decodeURIComponent', 'encodeURI', 'encodeURIComponent', 'Error', 'escape', 'EvalError', 'Float32Array',
'Float64Array', 'Function', 'Infinity', 'Int8Array', 'Int16Array', 'Int32Array', 'isFinite', 'isNaN',
'JSON','Map', 'Math', 'NaN', 'Number', 'Object', 'parseFloat', 'parseInt', 'Proxy', 'Promise',
'RangeError', 'ReadableByteStreamController', 'ReadableStream', 'ReadableStreamBYOBReader',
'ReadableStreamBYOBRequest', 'ReadableStreamDefaultController', 'ReadableStreamDefaultReader',
'ReferenceError', 'Reflect', 'RegExp', 'Set', 'SharedArrayBuffer', 'String', 'SubtleCrypto', 'Symbol',
'SyntaxError', 'TextDecoder', 'TextDecoderStream', 'TextEncoder', 'TextEncoderStream',
'TransformStream', 'TransformStreamDefaultController', 'TypeError', 'Uint8Array', 'Uint8ClampedArray',
'Uint16Array', 'Uint32Array', 'undefined', 'unescape', 'URIError', 'URL', 'URLSearchParams', 'WeakMap',
'WeakSet', 'WritableStream', 'WritableStreamDefaultController', 'WritableStreamDefaultWriter',
'expect' // special for test
].sort())
`, done);
Expand Down

0 comments on commit 1eee648

Please sign in to comment.