@appium/execute-driver-plugin 6.0.1 → 6.0.2

package/README.md

@@ -14,7 +14,7 @@ Running a driver script in a child process adds a degree of parallelisation, whi
 faster test execution.
 
 > [!WARNING]
-> This plugin enables execution of arbitrary JavaScript code. We recommend only using this plugin in a controlled environment.
+> This plugin enables execution of arbitrary JavaScript code. We recommend only using this plugin in a controlled environment. Scripts run in a Node.js `vm` context with a hardened view of the WebdriverIO driver (host-realm prototype metadata is not exposed), but `vm` is still not a full security boundary for untrusted code; treat `--allow-insecure=…:execute_driver_script` as highly privileged.
 
 ## Installation
 

package/build/lib/execute-child.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"execute-child.d.ts","sourceRoot":"","sources":["../../lib/execute-child.ts"],"names":[],"mappings":"AAWA,eAAO,MAAM,eAAe,wCAAkC,CAAC;AAC/D,eAAO,MAAM,mBAAmB,YAAY,CAAC"}
+{"version":3,"file":"execute-child.d.ts","sourceRoot":"","sources":["../../lib/execute-child.ts"],"names":[],"mappings":"AAYA,eAAO,MAAM,eAAe,wCAAkC,CAAC;AAC/D,eAAO,MAAM,mBAAmB,YAAY,CAAC"}

package/build/lib/execute-child.js

@@ -8,6 +8,7 @@ const lodash_1 = __importDefault(require("lodash"));
 const node_vm_1 = __importDefault(require("node:vm"));
 const node_util_1 = require("node:util");
 const support_1 = require("appium/support");
+const vm_host_binding_1 = require("./vm-host-binding");
 const log = support_1.logger.getLogger('ExecuteDriver Child');
 let send;
 // duplicate defining these keys here so we don't need to re-load a huge appium
@@ -34,17 +35,27 @@ async function runScript(eventParams) {
         log: [],
     };
     const consoleFns = {
-        error: (...logMsgs) => logs.error.push(...logMsgs),
-        warn: (...logMsgs) => logs.warn.push(...logMsgs),
-        log: (...logMsgs) => logs.log.push(...logMsgs),
+        error: (0, vm_host_binding_1.wrapHostBindingForVmContext)((...logMsgs) => logs.error.push(...logMsgs)),
+        warn: (0, vm_host_binding_1.wrapHostBindingForVmContext)((...logMsgs) => logs.warn.push(...logMsgs)),
+        log: (0, vm_host_binding_1.wrapHostBindingForVmContext)((...logMsgs) => logs.log.push(...logMsgs)),
     };
     const { attach } = await import('webdriverio');
     const driver = await attach(driverOpts);
+    const sandboxDriver = (0, vm_host_binding_1.wrapHostBindingForVmContext)(driver);
+    const sandboxConsole = (0, vm_host_binding_1.wrapHostBindingForVmContext)(consoleFns);
+    const sandboxSetTimeout = (0, vm_host_binding_1.wrapHostBindingForVmContext)(setTimeout);
+    const sandboxClearTimeout = (0, vm_host_binding_1.wrapHostBindingForVmContext)(clearTimeout);
     const fullScript = `(async () => {${script}})();`;
     log.info('Running driver script in Node vm');
     // run the driver script, giving user access to the driver object, a fake console logger,
-    // and standard setTimeout/clearTimeout functions
-    let result = await node_vm_1.default.runInNewContext(fullScript, { driver, console: consoleFns, setTimeout, clearTimeout }, { timeout: timeoutMs, breakOnSigint: true });
+    // and standard setTimeout/clearTimeout functions. Each host value is proxied so
+    // main-realm prototype metadata cannot be used to obtain the host `Function` (VM escape).
+    let result = await node_vm_1.default.runInNewContext(fullScript, {
+        driver: sandboxDriver,
+        console: sandboxConsole,
+        setTimeout: sandboxSetTimeout,
+        clearTimeout: sandboxClearTimeout,
+    }, { timeout: timeoutMs, breakOnSigint: true });
     result = coerceScriptResult(result);
     log.info('Successfully ensured driver script result is appropriate type for return');
     return { result, logs };

package/build/lib/execute-child.js.map

@@ -1 +1 @@
-{"version":3,"file":"execute-child.js","sourceRoot":"","sources":["../../lib/execute-child.ts"],"names":[],"mappings":";;;;;;AAAA,oDAAuB;AACvB,sDAAyB;AACzB,yCAAoC;AACpC,4CAA4C;AAG5C,MAAM,GAAG,GAAG,gBAAM,CAAC,SAAS,CAAC,qBAAqB,CAAC,CAAC;AACpD,IAAI,IAA0C,CAAC;AAE/C,+EAA+E;AAC/E,wDAAwD;AAC3C,QAAA,eAAe,GAAG,cAAI,CAAC,0BAA0B,CAAC;AAClD,QAAA,mBAAmB,GAAG,SAAS,CAAC;AAE7C;;;;;GAKG;AACH,KAAK,UAAU,SAAS,CAAC,WAAqC;IAC5D,MAAM,EAAC,UAAU,EAAE,MAAM,EAAE,SAAS,EAAC,GAAG,WAAW,CAAC;IACpD,IAAI,CAAC,gBAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,SAAS,CAAC,oCAAoC,CAAC,CAAC;IAC5D,CAAC;IAED;;OAEG;IACH,MAAM,IAAI,GAA4C;QACpD,KAAK,EAAE,EAAE;QACT,IAAI,EAAE,EAAE;QACR,GAAG,EAAE,EAAE;KACR,CAAC;IACF,MAAM,UAAU,GAAqG;QACnH,KAAK,EAAE,CAAC,GAAG,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC;QAClD,IAAI,EAAE,CAAC,GAAG,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC;QAChD,GAAG,EAAE,CAAC,GAAG,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC;KAC/C,CAAC;IAEF,MAAM,EAAC,MAAM,EAAC,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;IAE7C,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,CAAC;IAExC,MAAM,UAAU,GAAG,iBAAiB,MAAM,OAAO,CAAC;IAElD,GAAG,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;IAE7C,yFAAyF;IACzF,iDAAiD;IACjD,IAAI,MAAM,GAAG,MAAM,iBAAE,CAAC,eAAe,CACnC,UAAU,EACV,EAAC,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,YAAY,EAAC,EACvD,EAAC,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,IAAI,EAAC,CAC1C,CAAC;IAEF,MAAM,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;IACpC,GAAG,CAAC,IAAI,CAAC,0EAA0E,CAAC,CAAC;IACrF,OAAO,EAAC,MAAM,EAAE,IAAI,EAAC,CAAC;AACxB,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,kBAAkB,CAAC,GAAQ;IAClC,2EAA2E;IAC3E,wEAAwE;IACxE,IAAI,CAAC;QACH,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;IACxC,CAAC;IAAC,MAAM,CAAC;QACP,GAAG,CAAC,IAAI,CACN,yDAAyD;YACvD,eAAe,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,qBAAqB,CAC1D,CAAC;QACF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,GAAQ,CAAC;IAEb,0CAA0C;IAC1C,IAAI,gBAAC,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC;QACzB,wEAAwE;QACxE,yEAAyE;QACzE,6DAA6D;QAC7D,GAAG,GAAG,EAAE,CAAC;QAET,IAAI,GAAG,CAAC,2BAAmB,CAAC,IAAI,GAAG,CAAC,uBAAe,CAAC,EAAE,CAAC;YACrD,wFAAwF;YACxF,yFAAyF;YACzF,qFAAqF;YACrF,4FAA4F;YAC5F,QAAQ;YACR,IAAI,GAAG,CAAC,2BAAmB,CAAC,EAAE,CAAC;gBAC7B,GAAG,CAAC,2BAAmB,CAAC,GAAG,GAAG,CAAC,2BAAmB,CAAC,CAAC;YACtD,CAAC;YAED,IAAI,GAAG,CAAC,uBAAe,CAAC,EAAE,CAAC;gBACzB,GAAG,CAAC,uBAAe,CAAC,GAAG,GAAG,CAAC,uBAAe,CAAC,CAAC;YAC9C,CAAC;YACD,OAAO,GAAG,CAAC;QACb,CAAC;QAED,qCAAqC;QACrC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YACnC,GAAG,CAAC,GAAG,CAAC,GAAG,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1C,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED,qBAAqB;IACrB,IAAI,gBAAC,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACnB,OAAO,GAAG,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;IACrC,CAAC;IAED,iEAAiE;IACjE,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,IAAI,CAAC,WAAqC;IACvD;;OAEG;IACH,IAAI,GAAiB,CAAC;IACtB,GAAG,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;IACpD,IAAI,CAAC;QACH,GAAG,GAAG,EAAC,OAAO,EAAE,MAAM,SAAS,CAAC,WAAW,CAAC,EAAC,CAAC;QAC9C,GAAG,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAChC,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,GAAG,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QAC5B,GAAG,GAAG,EAAC,KAAK,EAAE,EAAC,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAC,EAAC,CAAC;IAC9D,CAAC;IACD,MAAM,IAAI,CAAC,GAAG,CAAC,CAAC;AAClB,CAAC;AAED,+CAA+C;AAC/C,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,IAAI,gBAAC,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;IAC1D,IAAI,GAAG,IAAA,qBAAS,EAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC7C,GAAG,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;IACtD,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;AAC9B,CAAC"}
+{"version":3,"file":"execute-child.js","sourceRoot":"","sources":["../../lib/execute-child.ts"],"names":[],"mappings":";;;;;;AAAA,oDAAuB;AACvB,sDAAyB;AACzB,yCAAoC;AACpC,4CAA4C;AAE5C,uDAA8D;AAE9D,MAAM,GAAG,GAAG,gBAAM,CAAC,SAAS,CAAC,qBAAqB,CAAC,CAAC;AACpD,IAAI,IAA0C,CAAC;AAE/C,+EAA+E;AAC/E,wDAAwD;AAC3C,QAAA,eAAe,GAAG,cAAI,CAAC,0BAA0B,CAAC;AAClD,QAAA,mBAAmB,GAAG,SAAS,CAAC;AAE7C;;;;;GAKG;AACH,KAAK,UAAU,SAAS,CAAC,WAAqC;IAC5D,MAAM,EAAC,UAAU,EAAE,MAAM,EAAE,SAAS,EAAC,GAAG,WAAW,CAAC;IACpD,IAAI,CAAC,gBAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,SAAS,CAAC,oCAAoC,CAAC,CAAC;IAC5D,CAAC;IAED;;OAEG;IACH,MAAM,IAAI,GAA4C;QACpD,KAAK,EAAE,EAAE;QACT,IAAI,EAAE,EAAE;QACR,GAAG,EAAE,EAAE;KACR,CAAC;IACF,MAAM,UAAU,GAAqG;QACnH,KAAK,EAAE,IAAA,6CAA2B,EAAC,CAAC,GAAG,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC;QAC/E,IAAI,EAAE,IAAA,6CAA2B,EAAC,CAAC,GAAG,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC;QAC7E,GAAG,EAAE,IAAA,6CAA2B,EAAC,CAAC,GAAG,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC;KAC5E,CAAC;IAEF,MAAM,EAAC,MAAM,EAAC,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;IAE7C,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,CAAC;IACxC,MAAM,aAAa,GAAG,IAAA,6CAA2B,EAAC,MAAM,CAAC,CAAC;IAC1D,MAAM,cAAc,GAAG,IAAA,6CAA2B,EAAC,UAAU,CAAC,CAAC;IAC/D,MAAM,iBAAiB,GAAG,IAAA,6CAA2B,EAAC,UAAU,CAAC,CAAC;IAClE,MAAM,mBAAmB,GAAG,IAAA,6CAA2B,EAAC,YAAY,CAAC,CAAC;IAEtE,MAAM,UAAU,GAAG,iBAAiB,MAAM,OAAO,CAAC;IAElD,GAAG,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;IAE7C,yFAAyF;IACzF,gFAAgF;IAChF,0FAA0F;IAC1F,IAAI,MAAM,GAAG,MAAM,iBAAE,CAAC,eAAe,CACnC,UAAU,EACV;QACE,MAAM,EAAE,aAAa;QACrB,OAAO,EAAE,cAAc;QACvB,UAAU,EAAE,iBAAiB;QAC7B,YAAY,EAAE,mBAAmB;KAClC,EACD,EAAC,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,IAAI,EAAC,CAC1C,CAAC;IAEF,MAAM,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;IACpC,GAAG,CAAC,IAAI,CAAC,0EAA0E,CAAC,CAAC;IACrF,OAAO,EAAC,MAAM,EAAE,IAAI,EAAC,CAAC;AACxB,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,kBAAkB,CAAC,GAAQ;IAClC,2EAA2E;IAC3E,wEAAwE;IACxE,IAAI,CAAC;QACH,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;IACxC,CAAC;IAAC,MAAM,CAAC;QACP,GAAG,CAAC,IAAI,CACN,yDAAyD;YACvD,eAAe,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,qBAAqB,CAC1D,CAAC;QACF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,GAAQ,CAAC;IAEb,0CAA0C;IAC1C,IAAI,gBAAC,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC;QACzB,wEAAwE;QACxE,yEAAyE;QACzE,6DAA6D;QAC7D,GAAG,GAAG,EAAE,CAAC;QAET,IAAI,GAAG,CAAC,2BAAmB,CAAC,IAAI,GAAG,CAAC,uBAAe,CAAC,EAAE,CAAC;YACrD,wFAAwF;YACxF,yFAAyF;YACzF,qFAAqF;YACrF,4FAA4F;YAC5F,QAAQ;YACR,IAAI,GAAG,CAAC,2BAAmB,CAAC,EAAE,CAAC;gBAC7B,GAAG,CAAC,2BAAmB,CAAC,GAAG,GAAG,CAAC,2BAAmB,CAAC,CAAC;YACtD,CAAC;YAED,IAAI,GAAG,CAAC,uBAAe,CAAC,EAAE,CAAC;gBACzB,GAAG,CAAC,uBAAe,CAAC,GAAG,GAAG,CAAC,uBAAe,CAAC,CAAC;YAC9C,CAAC;YACD,OAAO,GAAG,CAAC;QACb,CAAC;QAED,qCAAqC;QACrC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YACnC,GAAG,CAAC,GAAG,CAAC,GAAG,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1C,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED,qBAAqB;IACrB,IAAI,gBAAC,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACnB,OAAO,GAAG,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;IACrC,CAAC;IAED,iEAAiE;IACjE,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,IAAI,CAAC,WAAqC;IACvD;;OAEG;IACH,IAAI,GAAiB,CAAC;IACtB,GAAG,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;IACpD,IAAI,CAAC;QACH,GAAG,GAAG,EAAC,OAAO,EAAE,MAAM,SAAS,CAAC,WAAW,CAAC,EAAC,CAAC;QAC9C,GAAG,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAChC,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,GAAG,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QAC5B,GAAG,GAAG,EAAC,KAAK,EAAE,EAAC,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAC,EAAC,CAAC;IAC9D,CAAC;IACD,MAAM,IAAI,CAAC,GAAG,CAAC,CAAC;AAClB,CAAC;AAED,+CAA+C;AAC/C,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,IAAI,gBAAC,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;IAC1D,IAAI,GAAG,IAAA,qBAAS,EAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC7C,GAAG,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;IACtD,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;AAC9B,CAAC"}

package/build/lib/vm-host-binding.d.ts

@@ -0,0 +1,62 @@
+/**
+ * @fileoverview Bridges host-realm (child process) objects into Node's `vm.runInNewContext` without
+ * leaking main-realm prototype metadata that untrusted script could use to obtain the real
+ * `Function` constructor and escape the VM (RCE on the Appium host).
+ *
+ * ## Why this exists
+ *
+ * `vm` isolates *globals* and bytecode, but any **host object** you inject still carries the
+ * **main V8 realm's** prototypes.
+ *
+ * ## Strategy (high level)
+ *
+ * 1. **Deep `Proxy`**: Every host object/function exposed to the script is wrapped. Property
+ *    reads (`get`), call results (`apply` / `construct`), and—where allowed—descriptor reflection
+ *    (`getOwnPropertyDescriptor`) funnel return values through `wrapIfNeeded`, which recursively
+ *    wraps objects and functions so nested references never surface as raw host callables.
+ *
+ * 2. **Prototype-adjacent keys**: `constructor` and `__proto__` are not read from the target;
+ *    the `get` trap returns a frozen null-prototype sentinel, `getPrototypeOf` always reports that
+ *    sentinel (not the real prototype chain), `has` hides those keys, and `setPrototypeOf` is
+ *    rejected—closing the usual `…constructor.constructor` chains.
+ *
+ * 3. **Identity**: `targetToProxy` is a `WeakMap` from each host object/function to its single
+ *    proxy, so repeated reads (e.g. `driver.m === driver.m`) stay stable and cycles do not recurse
+ *    forever. `proxyToTarget` reverses the mapping so `Reflect.get`/`apply` can unwrap `this` and
+ *    pass the real host receiver to accessors and methods that expect it.
+ *
+ * 4. **Promises**: A `Proxy` around a native `Promise` breaks V8's internal `then` branding
+ *    (WebdriverIO breaks). Host promises are therefore surfaced as a **null-prototype thenable**
+ *    that forwards to the real promise and runs `wrapIfNeeded` on fulfilled/rejected values before
+ *    VM continuations run. One thenable object per promise lives in `promiseToThenableHost`.
+ *
+ * 5. **Descriptors**: For **configurable** own properties only, `getOwnPropertyDescriptor` returns
+ *    descriptors whose `value` / `get` / `set` are wrapped—so descriptor-based extraction of a
+ *    method still yields a sandbox proxy. **Non-configurable** properties must return the real
+ *    descriptor unchanged (ECMAScript Proxy invariants); those paths can still expose raw host
+ *    callables until the script uses normal property access, which remains wrapped.
+ *
+ * 6. **`defineProperty`**: Incoming descriptors from the VM may reference our proxies; fields are
+ *    unwrapped before `Reflect.defineProperty` so the host object receives real functions/objects.
+ *
+ * This is defense in depth: Node documents that `vm` is not a full security boundary. Treat
+ * `--allow-insecure=…:execute_driver_script` as highly privileged regardless of this module.
+ */
+/**
+ * Any host-realm callable (methods, timers, `console.log`, etc.) that may be wrapped
+ * and passed into the VM alongside plain objects.
+ */
+type HostCallable = (...args: unknown[]) => unknown;
+type HostTarget = object | HostCallable;
+/**
+ * Entry point: wrap a host object or function for use as a global in `vm.runInNewContext`.
+ *
+ * Delegates to {@link wrapDeep}; see the file-level overview for behavior and limitations.
+ *
+ * @typeParam T - Host object or function type (returned value is proxied but typed as `T`).
+ * @param hostValue - Root binding injected into the VM (e.g. WebdriverIO `driver`, `console`).
+ * @returns A proxy whose transitive property/call/descriptor surfaces hide host `Function` leaks.
+ */
+export declare function wrapHostBindingForVmContext<T extends HostTarget>(hostValue: T): T;
+export {};
+//# sourceMappingURL=vm-host-binding.d.ts.map

package/build/lib/vm-host-binding.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"vm-host-binding.d.ts","sourceRoot":"","sources":["../../lib/vm-host-binding.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2CG;AASH;;;GAGG;AACH,KAAK,YAAY,GAAG,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC;AACpD,KAAK,UAAU,GAAG,MAAM,GAAG,YAAY,CAAC;AAexC;;;;;;;;GAQG;AACH,wBAAgB,2BAA2B,CAAC,CAAC,SAAS,UAAU,EAAE,SAAS,EAAE,CAAC,GAAG,CAAC,CAEjF"}

package/build/lib/vm-host-binding.js

@@ -0,0 +1,327 @@
+"use strict";
+/**
+ * @fileoverview Bridges host-realm (child process) objects into Node's `vm.runInNewContext` without
+ * leaking main-realm prototype metadata that untrusted script could use to obtain the real
+ * `Function` constructor and escape the VM (RCE on the Appium host).
+ *
+ * ## Why this exists
+ *
+ * `vm` isolates *globals* and bytecode, but any **host object** you inject still carries the
+ * **main V8 realm's** prototypes.
+ *
+ * ## Strategy (high level)
+ *
+ * 1. **Deep `Proxy`**: Every host object/function exposed to the script is wrapped. Property
+ *    reads (`get`), call results (`apply` / `construct`), and—where allowed—descriptor reflection
+ *    (`getOwnPropertyDescriptor`) funnel return values through `wrapIfNeeded`, which recursively
+ *    wraps objects and functions so nested references never surface as raw host callables.
+ *
+ * 2. **Prototype-adjacent keys**: `constructor` and `__proto__` are not read from the target;
+ *    the `get` trap returns a frozen null-prototype sentinel, `getPrototypeOf` always reports that
+ *    sentinel (not the real prototype chain), `has` hides those keys, and `setPrototypeOf` is
+ *    rejected—closing the usual `…constructor.constructor` chains.
+ *
+ * 3. **Identity**: `targetToProxy` is a `WeakMap` from each host object/function to its single
+ *    proxy, so repeated reads (e.g. `driver.m === driver.m`) stay stable and cycles do not recurse
+ *    forever. `proxyToTarget` reverses the mapping so `Reflect.get`/`apply` can unwrap `this` and
+ *    pass the real host receiver to accessors and methods that expect it.
+ *
+ * 4. **Promises**: A `Proxy` around a native `Promise` breaks V8's internal `then` branding
+ *    (WebdriverIO breaks). Host promises are therefore surfaced as a **null-prototype thenable**
+ *    that forwards to the real promise and runs `wrapIfNeeded` on fulfilled/rejected values before
+ *    VM continuations run. One thenable object per promise lives in `promiseToThenableHost`.
+ *
+ * 5. **Descriptors**: For **configurable** own properties only, `getOwnPropertyDescriptor` returns
+ *    descriptors whose `value` / `get` / `set` are wrapped—so descriptor-based extraction of a
+ *    method still yields a sandbox proxy. **Non-configurable** properties must return the real
+ *    descriptor unchanged (ECMAScript Proxy invariants); those paths can still expose raw host
+ *    callables until the script uses normal property access, which remains wrapped.
+ *
+ * 6. **`defineProperty`**: Incoming descriptors from the VM may reference our proxies; fields are
+ *    unwrapped before `Reflect.defineProperty` so the host object receives real functions/objects.
+ *
+ * This is defense in depth: Node documents that `vm` is not a full security boundary. Treat
+ * `--allow-insecure=…:execute_driver_script` as highly privileged regardless of this module.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.wrapHostBindingForVmContext = wrapHostBindingForVmContext;
+/**
+ * Null-prototype object returned for prototype-adjacent property lookups on
+ * proxied host values. It must not inherit `Object.prototype` (which would
+ * reintroduce `constructor` / `__proto__` chains back to the host `Function`).
+ */
+const SAFE_LOOKUP_TARGET = Object.freeze(Object.create(null));
+/** Host target → single deep proxy (stable identity, cycle-safe). */
+const targetToProxy = new WeakMap();
+/** Deep proxy → underlying host target (unwrap `this` / receivers / defineProperty). */
+const proxyToTarget = new WeakMap();
+/**
+ * Host `Promise` → null-prototype thenable facade (one per promise; then wrapped by `wrapDeep`).
+ * Native promises cannot be proxied without breaking `Promise.prototype.then` receiver checks.
+ */
+const promiseToThenableHost = new WeakMap();
+/**
+ * Entry point: wrap a host object or function for use as a global in `vm.runInNewContext`.
+ *
+ * Delegates to {@link wrapDeep}; see the file-level overview for behavior and limitations.
+ *
+ * @typeParam T - Host object or function type (returned value is proxied but typed as `T`).
+ * @param hostValue - Root binding injected into the VM (e.g. WebdriverIO `driver`, `console`).
+ * @returns A proxy whose transitive property/call/descriptor surfaces hide host `Function` leaks.
+ */
+function wrapHostBindingForVmContext(hostValue) {
+    return wrapDeep(hostValue);
+}
+/**
+ * @returns Whether `value` is a proxy created by this module (`proxyToTarget` has an entry).
+ * Includes both object proxies and function proxies.
+ */
+function isOurProxy(value) {
+    return value !== null && (typeof value === 'object' || typeof value === 'function') && proxyToTarget.has(value);
+}
+/**
+ * Maps a value that may be our deep proxy back to the underlying host target for host APIs.
+ *
+ * @param value - Possibly a proxy from this module, or any other value.
+ * @returns The host target if `value` is our proxy; otherwise `value` unchanged.
+ */
+function unwrapIfProxy(value) {
+    if (isOurProxy(value)) {
+        return proxyToTarget.get(value);
+    }
+    return value;
+}
+/** Property keys that must never resolve through the real target (VM escape vectors). */
+function isBlockedPrototypeKey(prop) {
+    return prop === 'constructor' || prop === '__proto__';
+}
+/** Whether `value` is a native host Promise (handled via thenable facade, not `wrapDeep` alone). */
+function isNativePromise(value) {
+    return value instanceof Promise;
+}
+/**
+ * Wraps a host Promise by exposing a null-prototype thenable that delegates to `p` and ensures
+ * fulfillment/rejection values are passed through {@link wrapIfNeeded} before VM callbacks run.
+ *
+ * @param p - Host promise returned from driver or other host APIs.
+ * @returns A deep-proxied thenable safe for `await` / `.then` from inside the VM.
+ */
+function wrapPromiseAsThenable(p) {
+    const cached = promiseToThenableHost.get(p);
+    const hostObj = cached ??
+        (() => {
+            /* eslint-disable promise/prefer-await-to-then -- thenable facade over a host Promise */
+            const o = Object.assign(Object.create(null), {
+                then(onFulfilled, onRejected) {
+                    const adaptFulfill = onFulfilled != null && typeof onFulfilled === 'function'
+                        ? (v) => Reflect.apply(onFulfilled, undefined, [wrapIfNeeded(v)])
+                        : (v) => wrapIfNeeded(v);
+                    const adaptReject = onRejected != null && typeof onRejected === 'function'
+                        ? (e) => Reflect.apply(onRejected, undefined, [wrapIfNeeded(e)])
+                        : undefined;
+                    return wrapIfNeeded(p.then(adaptFulfill, adaptReject));
+                },
+                catch(onRejected) {
+                    return wrapIfNeeded(p.catch((e) => onRejected != null && typeof onRejected === 'function'
+                        ? Reflect.apply(onRejected, undefined, [wrapIfNeeded(e)])
+                        : Promise.reject(wrapIfNeeded(e))));
+                },
+                finally(onFinally) {
+                    return wrapIfNeeded(p.finally(onFinally));
+                },
+            });
+            /* eslint-enable promise/prefer-await-to-then */
+            promiseToThenableHost.set(p, o);
+            return o;
+        })();
+    return wrapDeep(hostObj);
+}
+/**
+ * Clones a **configurable** property descriptor so `value` / `get` / `set` are wrapped for the VM.
+ *
+ * @param d - Descriptor from `Reflect.getOwnPropertyDescriptor` on the host target.
+ * @returns A new descriptor safe to return from the proxy `getOwnPropertyDescriptor` trap.
+ */
+function mapDescriptorForSandbox(descriptor) {
+    if ('value' in descriptor) {
+        return {
+            configurable: descriptor.configurable,
+            enumerable: descriptor.enumerable,
+            writable: descriptor.writable,
+            value: wrapIfNeeded(descriptor.value),
+        };
+    }
+    return {
+        configurable: descriptor.configurable,
+        enumerable: descriptor.enumerable,
+        get: descriptor.get ? wrapIfNeeded(descriptor.get) : undefined,
+        set: descriptor.set ? wrapIfNeeded(descriptor.set) : undefined,
+    };
+}
+/**
+ * Prepares a property descriptor coming **from** the VM so `Reflect.defineProperty` on the host
+ * receives real targets, not our proxy objects.
+ *
+ * @param descriptor - Descriptor passed into the proxy `defineProperty` trap.
+ * @returns Descriptor with `value` / `get` / `set` unwrapped where they were our proxies.
+ */
+function mapDescriptorForHost(descriptor) {
+    const mapped = {};
+    if ('configurable' in descriptor) {
+        mapped.configurable = descriptor.configurable;
+    }
+    if ('enumerable' in descriptor) {
+        mapped.enumerable = descriptor.enumerable;
+    }
+    if ('writable' in descriptor) {
+        mapped.writable = descriptor.writable;
+    }
+    if ('value' in descriptor) {
+        mapped.value = unwrapIfProxy(descriptor.value);
+    }
+    if ('get' in descriptor) {
+        mapped.get = unwrapIfProxy(descriptor.get);
+    }
+    if ('set' in descriptor) {
+        mapped.set = unwrapIfProxy(descriptor.set);
+    }
+    return mapped;
+}
+/**
+ * Unwraps the proxy when used as the `receiver` for `Reflect.get`, so host getters see real `this`.
+ */
+function reflectReceiver(receiver) {
+    return unwrapIfProxy(receiver);
+}
+/**
+ * Unwraps constructor references passed to `Reflect.construct`.
+ *
+ * @param newTarget - Constructor received by the proxy `construct` trap.
+ * @returns Host constructor with this module's proxy removed when applicable.
+ */
+function unwrapConstructor(newTarget) {
+    return unwrapIfProxy(newTarget);
+}
+/**
+ * Unwraps each argument before forwarding calls into host functions so VM-facing proxies
+ * round-trip back to their original host targets.
+ *
+ * @param argList - Arguments received by the proxy `apply` trap.
+ * @returns Arguments with this module's proxies replaced by underlying host targets.
+ */
+function unwrapArgList(argList) {
+    return argList.map((arg) => unwrapIfProxy(arg));
+}
+/**
+ * Builds the shared `ProxyHandler` used for every deep wrap (objects and functions).
+ *
+ * Traps implement the file-level strategy: hide prototype edges, wrap outgoing values, unwrap
+ * incoming `this` / descriptors where required by invariants.
+ */
+function createDeepHandler() {
+    return {
+        apply(proxyTarget, thisArg, argArray) {
+            const hostFn = proxyTarget;
+            const hostThis = unwrapIfProxy(thisArg);
+            const hostArgs = unwrapArgList(argArray);
+            const result = Reflect.apply(hostFn, hostThis, hostArgs);
+            return wrapIfNeeded(result);
+        },
+        construct(proxyTarget, argArray, newTarget) {
+            const hostCtor = proxyTarget;
+            const hostArgs = unwrapArgList(argArray);
+            const hostNewTarget = unwrapConstructor(newTarget);
+            const result = Reflect.construct(hostCtor, hostArgs, hostNewTarget);
+            return wrapIfNeeded(result);
+        },
+        defineProperty(target, prop, descriptor) {
+            return Reflect.defineProperty(target, prop, mapDescriptorForHost(descriptor));
+        },
+        get(target, prop, receiver) {
+            if (isBlockedPrototypeKey(prop)) {
+                return SAFE_LOOKUP_TARGET;
+            }
+            const value = Reflect.get(target, prop, reflectReceiver(receiver));
+            return wrapIfNeeded(value);
+        },
+        getOwnPropertyDescriptor(target, prop) {
+            if (isBlockedPrototypeKey(prop)) {
+                return {
+                    configurable: true,
+                    enumerable: false,
+                    value: SAFE_LOOKUP_TARGET,
+                    writable: false,
+                };
+            }
+            const descriptor = Reflect.getOwnPropertyDescriptor(target, prop);
+            if (!descriptor) {
+                return undefined;
+            }
+            // Non-configurable properties must keep a descriptor compatible with the target
+            // (SameValue rules for getters / values); wrapping would violate Proxy invariants.
+            if (!descriptor.configurable) {
+                return descriptor;
+            }
+            return mapDescriptorForSandbox(descriptor);
+        },
+        getPrototypeOf(target) {
+            void target;
+            return SAFE_LOOKUP_TARGET;
+        },
+        has(target, prop) {
+            if (isBlockedPrototypeKey(prop)) {
+                return false;
+            }
+            return Reflect.has(target, prop);
+        },
+        setPrototypeOf(target, prototype) {
+            void target;
+            void prototype;
+            return false;
+        },
+    };
+}
+/**
+ * Returns the one deep proxy for this host target, creating and caching it on first use.
+ *
+ * @typeParam T - Host object or function type.
+ * @param hostValue - Raw host reference (not a primitive).
+ * @returns Cached or new proxy for `hostValue`.
+ */
+function wrapDeep(hostValue) {
+    if (typeof hostValue !== 'object' && typeof hostValue !== 'function') {
+        return hostValue;
+    }
+    if (isOurProxy(hostValue)) {
+        return hostValue;
+    }
+    const cached = targetToProxy.get(hostValue);
+    if (cached) {
+        return cached;
+    }
+    const handler = createDeepHandler();
+    const proxy = new Proxy(hostValue, handler);
+    targetToProxy.set(hostValue, proxy);
+    proxyToTarget.set(proxy, hostValue);
+    return proxy;
+}
+/**
+ * Recursively wraps objects and functions; leaves primitives unchanged; routes Promises to the
+ * thenable facade.
+ *
+ * @param value - Result of a `get` / `apply` / descriptor field, or any nested host value.
+ * @returns Wrapped proxy, thenable-wrapped promise pipeline, or the original primitive.
+ */
+function wrapIfNeeded(value) {
+    if (value === null || (typeof value !== 'object' && typeof value !== 'function')) {
+        return value;
+    }
+    if (typeof value === 'function') {
+        return wrapDeep(value);
+    }
+    if (isNativePromise(value)) {
+        return wrapPromiseAsThenable(value);
+    }
+    return wrapDeep(value);
+}
+//# sourceMappingURL=vm-host-binding.js.map

package/build/lib/vm-host-binding.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"vm-host-binding.js","sourceRoot":"","sources":["../../lib/vm-host-binding.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2CG;;AAsCH,kEAEC;AAtCD;;;;GAIG;AACH,MAAM,kBAAkB,GAAW,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AAUtE,qEAAqE;AACrE,MAAM,aAAa,GAAG,IAAI,OAAO,EAAsB,CAAC;AAExD,wFAAwF;AACxF,MAAM,aAAa,GAAG,IAAI,OAAO,EAAsB,CAAC;AAExD;;;GAGG;AACH,MAAM,qBAAqB,GAAG,IAAI,OAAO,EAA4B,CAAC;AAEtE;;;;;;;;GAQG;AACH,SAAgB,2BAA2B,CAAuB,SAAY;IAC5E,OAAO,QAAQ,CAAC,SAAS,CAAC,CAAC;AAC7B,CAAC;AAED;;;GAGG;AACH,SAAS,UAAU,CAAC,KAAc;IAChC,OAAO,KAAK,KAAK,IAAI,IAAI,CAAC,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,UAAU,CAAC,IAAI,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;AAClH,CAAC;AAED;;;;;GAKG;AACH,SAAS,aAAa,CAAI,KAAQ;IAChC,IAAI,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,aAAa,CAAC,GAAG,CAAC,KAAK,CAAM,CAAC;IACvC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,yFAAyF;AACzF,SAAS,qBAAqB,CAAC,IAAqB;IAClD,OAAO,IAAI,KAAK,aAAa,IAAI,IAAI,KAAK,WAAW,CAAC;AACxD,CAAC;AAED,oGAAoG;AACpG,SAAS,eAAe,CAAC,KAAa;IACpC,OAAO,KAAK,YAAY,OAAO,CAAC;AAClC,CAAC;AAED;;;;;;GAMG;AACH,SAAS,qBAAqB,CAAC,CAAmB;IAChD,MAAM,MAAM,GAAG,qBAAqB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAC5C,MAAM,OAAO,GACX,MAAM;QACN,CAAC,GAAG,EAAE;YACJ,wFAAwF;YACxF,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE;gBAC3C,IAAI,CAAC,WAAqB,EAAE,UAAoB;oBAC9C,MAAM,YAAY,GAChB,WAAW,IAAI,IAAI,IAAI,OAAO,WAAW,KAAK,UAAU;wBACtD,CAAC,CAAC,CAAC,CAAU,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,WAA2B,EAAE,SAAS,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;wBAC1F,CAAC,CAAC,CAAC,CAAU,EAAE,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;oBACtC,MAAM,WAAW,GACf,UAAU,IAAI,IAAI,IAAI,OAAO,UAAU,KAAK,UAAU;wBACpD,CAAC,CAAC,CAAC,CAAU,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,UAA0B,EAAE,SAAS,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;wBACzF,CAAC,CAAC,SAAS,CAAC;oBAChB,OAAO,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC,CAAC;gBACzD,CAAC;gBACD,KAAK,CAAC,UAAoB;oBACxB,OAAO,YAAY,CACjB,CAAC,CAAC,KAAK,CAAC,CAAC,CAAU,EAAE,EAAE,CACrB,UAAU,IAAI,IAAI,IAAI,OAAO,UAAU,KAAK,UAAU;wBACpD,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,UAA0B,EAAE,SAAS,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;wBACzE,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CACpC,CACF,CAAC;gBACJ,CAAC;gBACD,OAAO,CAAC,SAAmB;oBACzB,OAAO,YAAY,CAAC,CAAC,CAAC,OAAO,CAAC,SAAuD,CAAC,CAAC,CAAC;gBAC1F,CAAC;aACF,CAAC,CAAC;YACH,gDAAgD;YAChD,qBAAqB,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YAChC,OAAO,CAAC,CAAC;QACX,CAAC,CAAC,EAAE,CAAC;IACP,OAAO,QAAQ,CAAC,OAAO,CAAC,CAAC;AAC3B,CAAC;AAED;;;;;GAKG;AACH,SAAS,uBAAuB,CAAC,UAA8B;IAC7D,IAAI,OAAO,IAAI,UAAU,EAAE,CAAC;QAC1B,OAAO;YACL,YAAY,EAAE,UAAU,CAAC,YAAY;YACrC,UAAU,EAAE,UAAU,CAAC,UAAU;YACjC,QAAQ,EAAE,UAAU,CAAC,QAAQ;YAC7B,KAAK,EAAE,YAAY,CAAC,UAAU,CAAC,KAAK,CAAC;SACtC,CAAC;IACJ,CAAC;IACD,OAAO;QACL,YAAY,EAAE,UAAU,CAAC,YAAY;QACrC,UAAU,EAAE,UAAU,CAAC,UAAU;QACjC,GAAG,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAE,YAAY,CAAC,UAAU,CAAC,GAAG,CAAmB,CAAC,CAAC,CAAC,SAAS;QACjF,GAAG,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAE,YAAY,CAAC,UAAU,CAAC,GAAG,CAA0B,CAAC,CAAC,CAAC,SAAS;KACzF,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,SAAS,oBAAoB,CAAC,UAA8B;IAC1D,MAAM,MAAM,GAAuB,EAAE,CAAC;IACtC,IAAI,cAAc,IAAI,UAAU,EAAE,CAAC;QACjC,MAAM,CAAC,YAAY,GAAG,UAAU,CAAC,YAAY,CAAC;IAChD,CAAC;IACD,IAAI,YAAY,IAAI,UAAU,EAAE,CAAC;QAC/B,MAAM,CAAC,UAAU,GAAG,UAAU,CAAC,UAAU,CAAC;IAC5C,CAAC;IACD,IAAI,UAAU,IAAI,UAAU,EAAE,CAAC;QAC7B,MAAM,CAAC,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC;IACxC,CAAC;IACD,IAAI,OAAO,IAAI,UAAU,EAAE,CAAC;QAC1B,MAAM,CAAC,KAAK,GAAG,aAAa,CAAE,UAA+B,CAAC,KAAK,CAAC,CAAC;IACvE,CAAC;IACD,IAAI,KAAK,IAAI,UAAU,EAAE,CAAC;QACxB,MAAM,CAAC,GAAG,GAAG,aAAa,CAAC,UAAU,CAAC,GAAG,CAAgC,CAAC;IAC5E,CAAC;IACD,IAAI,KAAK,IAAI,UAAU,EAAE,CAAC;QACxB,MAAM,CAAC,GAAG,GAAG,aAAa,CAAC,UAAU,CAAC,GAAG,CAAuC,CAAC;IACnF,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,QAAiB;IACxC,OAAO,aAAa,CAAC,QAAQ,CAAC,CAAC;AACjC,CAAC;AAED;;;;;GAKG;AACH,SAAS,iBAAiB,CAAC,SAAuB;IAChD,OAAO,aAAa,CAAC,SAAS,CAA+B,CAAC;AAChE,CAAC;AAED;;;;;;GAMG;AACH,SAAS,aAAa,CAAC,OAA2B;IAChD,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC;AAClD,CAAC;AAED;;;;;GAKG;AACH,SAAS,iBAAiB;IACxB,OAAO;QACL,KAAK,CAAC,WAAuB,EAAE,OAAgB,EAAE,QAAmB;YAClE,MAAM,MAAM,GAAG,WAA2B,CAAC;YAC3C,MAAM,QAAQ,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;YACxC,MAAM,QAAQ,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;YACzC,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;YACzD,OAAO,YAAY,CAAC,MAAM,CAAC,CAAC;QAC9B,CAAC;QAED,SAAS,CAAC,WAAuB,EAAE,QAAmB,EAAE,SAAkB;YACxE,MAAM,QAAQ,GAAG,WAA8B,CAAC;YAChD,MAAM,QAAQ,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;YACzC,MAAM,aAAa,GAAG,iBAAiB,CAAC,SAAyB,CAAC,CAAC;YACnE,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,QAAQ,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC;YACpE,OAAO,YAAY,CAAC,MAAM,CAAW,CAAC;QACxC,CAAC;QAED,cAAc,CACZ,MAAkB,EAClB,IAAqB,EACrB,UAA8B;YAE9B,OAAO,OAAO,CAAC,cAAc,CAAC,MAAM,EAAE,IAAI,EAAE,oBAAoB,CAAC,UAAU,CAAC,CAAC,CAAC;QAChF,CAAC;QAED,GAAG,CAAC,MAAkB,EAAE,IAAqB,EAAE,QAAiB;YAC9D,IAAI,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChC,OAAO,kBAAkB,CAAC;YAC5B,CAAC;YACD,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC;YACnE,OAAO,YAAY,CAAC,KAAK,CAAC,CAAC;QAC7B,CAAC;QAED,wBAAwB,CACtB,MAAkB,EAClB,IAAqB;YAErB,IAAI,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChC,OAAO;oBACL,YAAY,EAAE,IAAI;oBAClB,UAAU,EAAE,KAAK;oBACjB,KAAK,EAAE,kBAAkB;oBACzB,QAAQ,EAAE,KAAK;iBAChB,CAAC;YACJ,CAAC;YACD,MAAM,UAAU,GAAG,OAAO,CAAC,wBAAwB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;YAClE,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,OAAO,SAAS,CAAC;YACnB,CAAC;YACD,gFAAgF;YAChF,mFAAmF;YACnF,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC;gBAC7B,OAAO,UAAU,CAAC;YACpB,CAAC;YACD,OAAO,uBAAuB,CAAC,UAAU,CAAC,CAAC;QAC7C,CAAC;QAED,cAAc,CAAC,MAAkB;YAC/B,KAAK,MAAM,CAAC;YACZ,OAAO,kBAAkB,CAAC;QAC5B,CAAC;QAED,GAAG,CAAC,MAAkB,EAAE,IAAqB;YAC3C,IAAI,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChC,OAAO,KAAK,CAAC;YACf,CAAC;YACD,OAAO,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACnC,CAAC;QAED,cAAc,CAAC,MAAkB,EAAE,SAAwB;YACzD,KAAK,MAAM,CAAC;YACZ,KAAK,SAAS,CAAC;YACf,OAAO,KAAK,CAAC;QACf,CAAC;KACF,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,SAAS,QAAQ,CAAuB,SAAY;IAClD,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,OAAO,SAAS,KAAK,UAAU,EAAE,CAAC;QACrE,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IAAI,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC1B,OAAO,SAAc,CAAC;IACxB,CAAC;IACD,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAC5C,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,MAAW,CAAC;IACrB,CAAC;IACD,MAAM,OAAO,GAAG,iBAAiB,EAAE,CAAC;IACpC,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC5C,aAAa,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IACpC,aAAa,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;IACpC,OAAO,KAAU,CAAC;AACpB,CAAC;AAED;;;;;;GAMG;AACH,SAAS,YAAY,CAAC,KAAc;IAClC,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,UAAU,CAAC,EAAE,CAAC;QACjF,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,UAAU,EAAE,CAAC;QAChC,OAAO,QAAQ,CAAC,KAAqB,CAAC,CAAC;IACzC,CAAC;IACD,IAAI,eAAe,CAAC,KAAe,CAAC,EAAE,CAAC;QACrC,OAAO,qBAAqB,CAAC,KAAyB,CAAC,CAAC;IAC1D,CAAC;IACD,OAAO,QAAQ,CAAC,KAAmB,CAAC,CAAC;AACvC,CAAC"}

package/lib/execute-child.ts

@@ -3,6 +3,7 @@ import vm from 'node:vm';
 import {promisify} from 'node:util';
 import {logger, util} from 'appium/support';
 import type {DriverScriptMessageEvent, ScriptResult, RunScriptResult} from './types';
+import {wrapHostBindingForVmContext} from './vm-host-binding';
 
 const log = logger.getLogger('ExecuteDriver Child');
 let send: (res: ScriptResult) => Promise<void>;
@@ -33,24 +34,34 @@ async function runScript(eventParams: DriverScriptMessageEvent): Promise<RunScri
     log: [],
   };
   const consoleFns: {error: (...args: any[]) => void; warn: (...args: any[]) => void; log: (...args: any[]) => void} = {
-    error: (...logMsgs) => logs.error.push(...logMsgs),
-    warn: (...logMsgs) => logs.warn.push(...logMsgs),
-    log: (...logMsgs) => logs.log.push(...logMsgs),
+    error: wrapHostBindingForVmContext((...logMsgs) => logs.error.push(...logMsgs)),
+    warn: wrapHostBindingForVmContext((...logMsgs) => logs.warn.push(...logMsgs)),
+    log: wrapHostBindingForVmContext((...logMsgs) => logs.log.push(...logMsgs)),
   };
 
   const {attach} = await import('webdriverio');
 
   const driver = await attach(driverOpts);
+  const sandboxDriver = wrapHostBindingForVmContext(driver);
+  const sandboxConsole = wrapHostBindingForVmContext(consoleFns);
+  const sandboxSetTimeout = wrapHostBindingForVmContext(setTimeout);
+  const sandboxClearTimeout = wrapHostBindingForVmContext(clearTimeout);
 
   const fullScript = `(async () => {${script}})();`;
 
   log.info('Running driver script in Node vm');
 
   // run the driver script, giving user access to the driver object, a fake console logger,
-  // and standard setTimeout/clearTimeout functions
+  // and standard setTimeout/clearTimeout functions. Each host value is proxied so
+  // main-realm prototype metadata cannot be used to obtain the host `Function` (VM escape).
   let result = await vm.runInNewContext(
     fullScript,
-    {driver, console: consoleFns, setTimeout, clearTimeout},
+    {
+      driver: sandboxDriver,
+      console: sandboxConsole,
+      setTimeout: sandboxSetTimeout,
+      clearTimeout: sandboxClearTimeout,
+    },
     {timeout: timeoutMs, breakOnSigint: true}
   );
 

package/lib/vm-host-binding.ts

@@ -0,0 +1,370 @@
+/**
+ * @fileoverview Bridges host-realm (child process) objects into Node's `vm.runInNewContext` without
+ * leaking main-realm prototype metadata that untrusted script could use to obtain the real
+ * `Function` constructor and escape the VM (RCE on the Appium host).
+ *
+ * ## Why this exists
+ *
+ * `vm` isolates *globals* and bytecode, but any **host object** you inject still carries the
+ * **main V8 realm's** prototypes.
+ *
+ * ## Strategy (high level)
+ *
+ * 1. **Deep `Proxy`**: Every host object/function exposed to the script is wrapped. Property
+ *    reads (`get`), call results (`apply` / `construct`), and—where allowed—descriptor reflection
+ *    (`getOwnPropertyDescriptor`) funnel return values through `wrapIfNeeded`, which recursively
+ *    wraps objects and functions so nested references never surface as raw host callables.
+ *
+ * 2. **Prototype-adjacent keys**: `constructor` and `__proto__` are not read from the target;
+ *    the `get` trap returns a frozen null-prototype sentinel, `getPrototypeOf` always reports that
+ *    sentinel (not the real prototype chain), `has` hides those keys, and `setPrototypeOf` is
+ *    rejected—closing the usual `…constructor.constructor` chains.
+ *
+ * 3. **Identity**: `targetToProxy` is a `WeakMap` from each host object/function to its single
+ *    proxy, so repeated reads (e.g. `driver.m === driver.m`) stay stable and cycles do not recurse
+ *    forever. `proxyToTarget` reverses the mapping so `Reflect.get`/`apply` can unwrap `this` and
+ *    pass the real host receiver to accessors and methods that expect it.
+ *
+ * 4. **Promises**: A `Proxy` around a native `Promise` breaks V8's internal `then` branding
+ *    (WebdriverIO breaks). Host promises are therefore surfaced as a **null-prototype thenable**
+ *    that forwards to the real promise and runs `wrapIfNeeded` on fulfilled/rejected values before
+ *    VM continuations run. One thenable object per promise lives in `promiseToThenableHost`.
+ *
+ * 5. **Descriptors**: For **configurable** own properties only, `getOwnPropertyDescriptor` returns
+ *    descriptors whose `value` / `get` / `set` are wrapped—so descriptor-based extraction of a
+ *    method still yields a sandbox proxy. **Non-configurable** properties must return the real
+ *    descriptor unchanged (ECMAScript Proxy invariants); those paths can still expose raw host
+ *    callables until the script uses normal property access, which remains wrapped.
+ *
+ * 6. **`defineProperty`**: Incoming descriptors from the VM may reference our proxies; fields are
+ *    unwrapped before `Reflect.defineProperty` so the host object receives real functions/objects.
+ *
+ * This is defense in depth: Node documents that `vm` is not a full security boundary. Treat
+ * `--allow-insecure=…:execute_driver_script` as highly privileged regardless of this module.
+ */
+
+/**
+ * Null-prototype object returned for prototype-adjacent property lookups on
+ * proxied host values. It must not inherit `Object.prototype` (which would
+ * reintroduce `constructor` / `__proto__` chains back to the host `Function`).
+ */
+const SAFE_LOOKUP_TARGET: object = Object.freeze(Object.create(null));
+
+/**
+ * Any host-realm callable (methods, timers, `console.log`, etc.) that may be wrapped
+ * and passed into the VM alongside plain objects.
+ */
+type HostCallable = (...args: unknown[]) => unknown;
+type HostTarget = object | HostCallable;
+type HostConstructor = new (...args: unknown[]) => object;
+
+/** Host target → single deep proxy (stable identity, cycle-safe). */
+const targetToProxy = new WeakMap<HostTarget, object>();
+
+/** Deep proxy → underlying host target (unwrap `this` / receivers / defineProperty). */
+const proxyToTarget = new WeakMap<object, HostTarget>();
+
+/**
+ * Host `Promise` → null-prototype thenable facade (one per promise; then wrapped by `wrapDeep`).
+ * Native promises cannot be proxied without breaking `Promise.prototype.then` receiver checks.
+ */
+const promiseToThenableHost = new WeakMap<Promise<unknown>, object>();
+
+/**
+ * Entry point: wrap a host object or function for use as a global in `vm.runInNewContext`.
+ *
+ * Delegates to {@link wrapDeep}; see the file-level overview for behavior and limitations.
+ *
+ * @typeParam T - Host object or function type (returned value is proxied but typed as `T`).
+ * @param hostValue - Root binding injected into the VM (e.g. WebdriverIO `driver`, `console`).
+ * @returns A proxy whose transitive property/call/descriptor surfaces hide host `Function` leaks.
+ */
+export function wrapHostBindingForVmContext<T extends HostTarget>(hostValue: T): T {
+  return wrapDeep(hostValue);
+}
+
+/**
+ * @returns Whether `value` is a proxy created by this module (`proxyToTarget` has an entry).
+ * Includes both object proxies and function proxies.
+ */
+function isOurProxy(value: unknown): value is HostTarget {
+  return value !== null && (typeof value === 'object' || typeof value === 'function') && proxyToTarget.has(value);
+}
+
+/**
+ * Maps a value that may be our deep proxy back to the underlying host target for host APIs.
+ *
+ * @param value - Possibly a proxy from this module, or any other value.
+ * @returns The host target if `value` is our proxy; otherwise `value` unchanged.
+ */
+function unwrapIfProxy<T>(value: T): T {
+  if (isOurProxy(value)) {
+    return proxyToTarget.get(value) as T;
+  }
+  return value;
+}
+
+/** Property keys that must never resolve through the real target (VM escape vectors). */
+function isBlockedPrototypeKey(prop: string | symbol): boolean {
+  return prop === 'constructor' || prop === '__proto__';
+}
+
+/** Whether `value` is a native host Promise (handled via thenable facade, not `wrapDeep` alone). */
+function isNativePromise(value: object): value is Promise<unknown> {
+  return value instanceof Promise;
+}
+
+/**
+ * Wraps a host Promise by exposing a null-prototype thenable that delegates to `p` and ensures
+ * fulfillment/rejection values are passed through {@link wrapIfNeeded} before VM callbacks run.
+ *
+ * @param p - Host promise returned from driver or other host APIs.
+ * @returns A deep-proxied thenable safe for `await` / `.then` from inside the VM.
+ */
+function wrapPromiseAsThenable(p: Promise<unknown>): unknown {
+  const cached = promiseToThenableHost.get(p);
+  const hostObj: object =
+    cached ??
+    (() => {
+      /* eslint-disable promise/prefer-await-to-then -- thenable facade over a host Promise */
+      const o = Object.assign(Object.create(null), {
+        then(onFulfilled?: unknown, onRejected?: unknown) {
+          const adaptFulfill =
+            onFulfilled != null && typeof onFulfilled === 'function'
+              ? (v: unknown) => Reflect.apply(onFulfilled as HostCallable, undefined, [wrapIfNeeded(v)])
+              : (v: unknown) => wrapIfNeeded(v);
+          const adaptReject =
+            onRejected != null && typeof onRejected === 'function'
+              ? (e: unknown) => Reflect.apply(onRejected as HostCallable, undefined, [wrapIfNeeded(e)])
+              : undefined;
+          return wrapIfNeeded(p.then(adaptFulfill, adaptReject));
+        },
+        catch(onRejected?: unknown) {
+          return wrapIfNeeded(
+            p.catch((e: unknown) =>
+              onRejected != null && typeof onRejected === 'function'
+                ? Reflect.apply(onRejected as HostCallable, undefined, [wrapIfNeeded(e)])
+                : Promise.reject(wrapIfNeeded(e))
+            )
+          );
+        },
+        finally(onFinally?: unknown) {
+          return wrapIfNeeded(p.finally(onFinally as () => void | PromiseLike<void> | undefined));
+        },
+      });
+      /* eslint-enable promise/prefer-await-to-then */
+      promiseToThenableHost.set(p, o);
+      return o;
+    })();
+  return wrapDeep(hostObj);
+}
+
+/**
+ * Clones a **configurable** property descriptor so `value` / `get` / `set` are wrapped for the VM.
+ *
+ * @param d - Descriptor from `Reflect.getOwnPropertyDescriptor` on the host target.
+ * @returns A new descriptor safe to return from the proxy `getOwnPropertyDescriptor` trap.
+ */
+function mapDescriptorForSandbox(descriptor: PropertyDescriptor): PropertyDescriptor {
+  if ('value' in descriptor) {
+    return {
+      configurable: descriptor.configurable,
+      enumerable: descriptor.enumerable,
+      writable: descriptor.writable,
+      value: wrapIfNeeded(descriptor.value),
+    };
+  }
+  return {
+    configurable: descriptor.configurable,
+    enumerable: descriptor.enumerable,
+    get: descriptor.get ? (wrapIfNeeded(descriptor.get) as () => unknown) : undefined,
+    set: descriptor.set ? (wrapIfNeeded(descriptor.set) as (v: unknown) => void) : undefined,
+  };
+}
+
+/**
+ * Prepares a property descriptor coming **from** the VM so `Reflect.defineProperty` on the host
+ * receives real targets, not our proxy objects.
+ *
+ * @param descriptor - Descriptor passed into the proxy `defineProperty` trap.
+ * @returns Descriptor with `value` / `get` / `set` unwrapped where they were our proxies.
+ */
+function mapDescriptorForHost(descriptor: PropertyDescriptor): PropertyDescriptor {
+  const mapped: PropertyDescriptor = {};
+  if ('configurable' in descriptor) {
+    mapped.configurable = descriptor.configurable;
+  }
+  if ('enumerable' in descriptor) {
+    mapped.enumerable = descriptor.enumerable;
+  }
+  if ('writable' in descriptor) {
+    mapped.writable = descriptor.writable;
+  }
+  if ('value' in descriptor) {
+    mapped.value = unwrapIfProxy((descriptor as {value: unknown}).value);
+  }
+  if ('get' in descriptor) {
+    mapped.get = unwrapIfProxy(descriptor.get) as (() => unknown) | undefined;
+  }
+  if ('set' in descriptor) {
+    mapped.set = unwrapIfProxy(descriptor.set) as ((v: unknown) => void) | undefined;
+  }
+  return mapped;
+}
+
+/**
+ * Unwraps the proxy when used as the `receiver` for `Reflect.get`, so host getters see real `this`.
+ */
+function reflectReceiver(receiver: unknown): unknown {
+  return unwrapIfProxy(receiver);
+}
+
+/**
+ * Unwraps constructor references passed to `Reflect.construct`.
+ *
+ * @param newTarget - Constructor received by the proxy `construct` trap.
+ * @returns Host constructor with this module's proxy removed when applicable.
+ */
+function unwrapConstructor(newTarget: HostCallable): HostConstructor {
+  return unwrapIfProxy(newTarget) as unknown as HostConstructor;
+}
+
+/**
+ * Unwraps each argument before forwarding calls into host functions so VM-facing proxies
+ * round-trip back to their original host targets.
+ *
+ * @param argList - Arguments received by the proxy `apply` trap.
+ * @returns Arguments with this module's proxies replaced by underlying host targets.
+ */
+function unwrapArgList(argList: readonly unknown[]): unknown[] {
+  return argList.map((arg) => unwrapIfProxy(arg));
+}
+
+/**
+ * Builds the shared `ProxyHandler` used for every deep wrap (objects and functions).
+ *
+ * Traps implement the file-level strategy: hide prototype edges, wrap outgoing values, unwrap
+ * incoming `this` / descriptors where required by invariants.
+ */
+function createDeepHandler(): ProxyHandler<HostTarget> {
+  return {
+    apply(proxyTarget: HostTarget, thisArg: unknown, argArray: unknown[]): unknown {
+      const hostFn = proxyTarget as HostCallable;
+      const hostThis = unwrapIfProxy(thisArg);
+      const hostArgs = unwrapArgList(argArray);
+      const result = Reflect.apply(hostFn, hostThis, hostArgs);
+      return wrapIfNeeded(result);
+    },
+
+    construct(proxyTarget: HostTarget, argArray: unknown[], newTarget: unknown): object {
+      const hostCtor = proxyTarget as HostConstructor;
+      const hostArgs = unwrapArgList(argArray);
+      const hostNewTarget = unwrapConstructor(newTarget as HostCallable);
+      const result = Reflect.construct(hostCtor, hostArgs, hostNewTarget);
+      return wrapIfNeeded(result) as object;
+    },
+
+    defineProperty(
+      target: HostTarget,
+      prop: string | symbol,
+      descriptor: PropertyDescriptor
+    ): boolean {
+      return Reflect.defineProperty(target, prop, mapDescriptorForHost(descriptor));
+    },
+
+    get(target: HostTarget, prop: string | symbol, receiver: unknown): unknown {
+      if (isBlockedPrototypeKey(prop)) {
+        return SAFE_LOOKUP_TARGET;
+      }
+      const value = Reflect.get(target, prop, reflectReceiver(receiver));
+      return wrapIfNeeded(value);
+    },
+
+    getOwnPropertyDescriptor(
+      target: HostTarget,
+      prop: string | symbol
+    ): PropertyDescriptor | undefined {
+      if (isBlockedPrototypeKey(prop)) {
+        return {
+          configurable: true,
+          enumerable: false,
+          value: SAFE_LOOKUP_TARGET,
+          writable: false,
+        };
+      }
+      const descriptor = Reflect.getOwnPropertyDescriptor(target, prop);
+      if (!descriptor) {
+        return undefined;
+      }
+      // Non-configurable properties must keep a descriptor compatible with the target
+      // (SameValue rules for getters / values); wrapping would violate Proxy invariants.
+      if (!descriptor.configurable) {
+        return descriptor;
+      }
+      return mapDescriptorForSandbox(descriptor);
+    },
+
+    getPrototypeOf(target: HostTarget): object | null {
+      void target;
+      return SAFE_LOOKUP_TARGET;
+    },
+
+    has(target: HostTarget, prop: string | symbol): boolean {
+      if (isBlockedPrototypeKey(prop)) {
+        return false;
+      }
+      return Reflect.has(target, prop);
+    },
+
+    setPrototypeOf(target: HostTarget, prototype: object | null): boolean {
+      void target;
+      void prototype;
+      return false;
+    },
+  };
+}
+
+/**
+ * Returns the one deep proxy for this host target, creating and caching it on first use.
+ *
+ * @typeParam T - Host object or function type.
+ * @param hostValue - Raw host reference (not a primitive).
+ * @returns Cached or new proxy for `hostValue`.
+ */
+function wrapDeep<T extends HostTarget>(hostValue: T): T {
+  if (typeof hostValue !== 'object' && typeof hostValue !== 'function') {
+    return hostValue;
+  }
+  if (isOurProxy(hostValue)) {
+    return hostValue as T;
+  }
+  const cached = targetToProxy.get(hostValue);
+  if (cached) {
+    return cached as T;
+  }
+  const handler = createDeepHandler();
+  const proxy = new Proxy(hostValue, handler);
+  targetToProxy.set(hostValue, proxy);
+  proxyToTarget.set(proxy, hostValue);
+  return proxy as T;
+}
+
+/**
+ * Recursively wraps objects and functions; leaves primitives unchanged; routes Promises to the
+ * thenable facade.
+ *
+ * @param value - Result of a `get` / `apply` / descriptor field, or any nested host value.
+ * @returns Wrapped proxy, thenable-wrapped promise pipeline, or the original primitive.
+ */
+function wrapIfNeeded(value: unknown): unknown {
+  if (value === null || (typeof value !== 'object' && typeof value !== 'function')) {
+    return value;
+  }
+  if (typeof value === 'function') {
+    return wrapDeep(value as HostCallable);
+  }
+  if (isNativePromise(value as object)) {
+    return wrapPromiseAsThenable(value as Promise<unknown>);
+  }
+  return wrapDeep(value as HostTarget);
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@appium/execute-driver-plugin",
-  "version": "6.0.1",
+  "version": "6.0.2",
   "description": "Plugin for batching and executing Appium driver commands",
   "keywords": [
     "automation",
@@ -34,9 +34,9 @@
   ],
   "scripts": {
     "test": "npm run test:unit",
-    "test:e2e": "mocha --exit -t 160s --slow 20s \"./test/e2e/**/*.spec.*ts\"",
+    "test:e2e": "mocha --exit -t 160s --slow 20s \"./test/e2e/**/*.spec.ts\"",
     "test:smoke": "node ./build/lib/index.js",
-    "test:unit": "mocha \"./test/unit/**/*.spec.*ts\""
+    "test:unit": "mocha \"./test/unit/**/*.spec.ts\""
   },
   "dependencies": {
     "lodash": "4.18.1",
@@ -56,5 +56,5 @@
     "pluginName": "execute-driver",
     "mainClass": "ExecuteDriverPlugin"
   },
-  "gitHead": "7a8965f5c30ffec2ad04ce75903b3960537cef06"
+  "gitHead": "17f84265d10944fec06ae7684ae8ad77d1224b50"
 }

package/tsconfig.json

@@ -1,5 +1,6 @@
 {
   "compilerOptions": {
+    "rootDir": ".",
     "outDir": "build",
     "checkJs": true,
     "esModuleInterop": true,