@cuxt/sandboxjs 0.1.0

package/dist/node/unraw.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Replace raw escape character strings with their escape characters.
+ * @param raw A string where escape characters are represented as raw string
+ * values like `\'` rather than `'`.
+ * @param allowOctals If `true`, will process the now-deprecated octal escape
+ * sequences (ie, `\111`).
+ * @returns The processed string, with escape characters replaced by their
+ * respective actual Unicode characters.
+ */
+export declare function unraw(raw: string): string;
+export default unraw;

package/dist/node/utils.d.ts

@@ -0,0 +1,264 @@
+export declare const AsyncFunction: Function;
+export declare const GeneratorFunction: Function;
+export declare const AsyncGeneratorFunction: Function;
+import { IEvalContext } from './eval';
+import { Change, Unknown } from './executor';
+import { IConstants, IExecutionTree, Lisp, LispItem } from './parser';
+import SandboxExec from './SandboxExec';
+export type replacementCallback = (obj: any, isStaticAccess: boolean) => any;
+export interface IOptionParams {
+    audit?: boolean;
+    forbidFunctionCalls?: boolean;
+    forbidFunctionCreation?: boolean;
+    prototypeReplacements?: Map<Function, replacementCallback>;
+    prototypeWhitelist?: Map<Function, Set<string>>;
+    globals?: IGlobals;
+    executionQuota?: bigint;
+    haltOnSandboxError?: boolean;
+}
+export interface IOptions {
+    audit: boolean;
+    forbidFunctionCalls: boolean;
+    forbidFunctionCreation: boolean;
+    prototypeReplacements: Map<Function, replacementCallback>;
+    prototypeWhitelist: Map<Function, Set<string>>;
+    globals: IGlobals;
+    executionQuota?: bigint;
+    haltOnSandboxError?: boolean;
+}
+export interface IContext {
+    sandbox: SandboxExec;
+    globalScope: Scope;
+    sandboxGlobal: ISandboxGlobal;
+    globalsWhitelist: Set<any>;
+    prototypeWhitelist: Map<any, Set<PropertyKey>>;
+    sandboxedFunctions: WeakSet<Function>;
+    options: IOptions;
+    auditReport?: IAuditReport;
+    ticks: Ticks;
+}
+export interface IAuditReport {
+    globalsAccess: Set<unknown>;
+    prototypeAccess: {
+        [name: string]: Set<PropertyKey>;
+    };
+}
+export interface Ticks {
+    ticks: bigint;
+    tickLimit?: bigint;
+}
+export type SubscriptionSubject = object;
+export interface IExecContext extends IExecutionTree {
+    ctx: IContext;
+    getSubscriptions: Set<(obj: SubscriptionSubject, name: string) => void>;
+    setSubscriptions: WeakMap<SubscriptionSubject, Map<string, Set<(modification: Change) => void>>>;
+    changeSubscriptions: WeakMap<SubscriptionSubject, Set<(modification: Change) => void>>;
+    setSubscriptionsGlobal: WeakMap<SubscriptionSubject, Map<string, Set<(modification: Change) => void>>>;
+    changeSubscriptionsGlobal: WeakMap<SubscriptionSubject, Set<(modification: Change) => void>>;
+    registerSandboxFunction: (fn: (...args: any[]) => any) => void;
+    evals: Map<Function, Function>;
+    allowJit: boolean;
+    evalContext?: IEvalContext;
+}
+export interface ISandboxGlobal {
+    [key: string]: unknown;
+}
+interface SandboxGlobalConstructor {
+    new (globals: IGlobals): ISandboxGlobal;
+}
+export declare const SandboxGlobal: SandboxGlobalConstructor;
+export type IGlobals = ISandboxGlobal;
+export declare class ExecContext implements IExecContext {
+    ctx: IContext;
+    constants: IConstants;
+    tree: Lisp[];
+    getSubscriptions: Set<(obj: SubscriptionSubject, name: string) => void>;
+    setSubscriptions: WeakMap<SubscriptionSubject, Map<string, Set<(modification: Change) => void>>>;
+    changeSubscriptions: WeakMap<SubscriptionSubject, Set<(modification: Change) => void>>;
+    setSubscriptionsGlobal: WeakMap<SubscriptionSubject, Map<string, Set<(modification: Change) => void>>>;
+    changeSubscriptionsGlobal: WeakMap<SubscriptionSubject, Set<(modification: Change) => void>>;
+    evals: Map<any, any>;
+    registerSandboxFunction: (fn: (...args: any[]) => any) => void;
+    allowJit: boolean;
+    evalContext?: IEvalContext | undefined;
+    constructor(ctx: IContext, constants: IConstants, tree: Lisp[], getSubscriptions: Set<(obj: SubscriptionSubject, name: string) => void>, setSubscriptions: WeakMap<SubscriptionSubject, Map<string, Set<(modification: Change) => void>>>, changeSubscriptions: WeakMap<SubscriptionSubject, Set<(modification: Change) => void>>, setSubscriptionsGlobal: WeakMap<SubscriptionSubject, Map<string, Set<(modification: Change) => void>>>, changeSubscriptionsGlobal: WeakMap<SubscriptionSubject, Set<(modification: Change) => void>>, evals: Map<any, any>, registerSandboxFunction: (fn: (...args: any[]) => any) => void, allowJit: boolean, evalContext?: IEvalContext | undefined);
+}
+export declare function createContext(sandbox: SandboxExec, options: IOptions): IContext;
+export declare function createExecContext(sandbox: {
+    readonly setSubscriptions: WeakMap<SubscriptionSubject, Map<string, Set<(modification: Change) => void>>>;
+    readonly changeSubscriptions: WeakMap<SubscriptionSubject, Set<(modification: Change) => void>>;
+    readonly sandboxFunctions: WeakMap<(...args: any[]) => any, IExecContext>;
+    readonly context: IContext;
+}, executionTree: IExecutionTree, evalContext?: IEvalContext): IExecContext;
+export declare class CodeString {
+    start: number;
+    end: number;
+    ref: {
+        str: string;
+    };
+    constructor(str: string | CodeString);
+    substring(start: number, end?: number): CodeString;
+    get length(): number;
+    char(i: number): string | undefined;
+    toString(): string;
+    trimStart(): CodeString;
+    slice(start: number, end?: number): CodeString;
+    trim(): CodeString;
+    valueOf(): string;
+}
+export declare const reservedWords: Set<string>;
+export declare const enum VarType {
+    let = "let",
+    const = "const",
+    var = "var"
+}
+export declare class Scope {
+    parent: Scope | null;
+    const: {
+        [key: string]: true;
+    };
+    let: {
+        [key: string]: true;
+    };
+    var: {
+        [key: string]: true;
+    };
+    globals: {
+        [key: string]: true;
+    };
+    allVars: {
+        [key: string]: unknown;
+    } & object;
+    functionThis?: Unknown;
+    constructor(parent: Scope | null, vars?: {}, functionThis?: Unknown);
+    get(key: string): Prop;
+    set(key: string, val: unknown): Prop<unknown>;
+    getWhereValScope(key: string, isThis: boolean): Scope | null;
+    getWhereVarScope(key: string, localScope?: boolean): Scope;
+    declare(key: string, type: VarType, value?: unknown, isGlobal?: boolean): Prop;
+}
+export interface IScope {
+    [key: string]: any;
+}
+export declare class FunctionScope implements IScope {
+}
+export declare class LocalScope implements IScope {
+}
+export declare class SandboxError extends Error {
+}
+export declare class SandboxExecutionQuotaExceededError extends SandboxError {
+}
+export declare class SandboxExecutionTreeError extends SandboxError {
+}
+export declare class SandboxCapabilityError extends SandboxError {
+}
+export declare class SandboxAccessError extends SandboxError {
+}
+export declare function isLisp<Type extends Lisp = Lisp>(item: LispItem | LispItem): item is Type;
+export declare const enum LispType {
+    None = 0,
+    Prop = 1,
+    StringIndex = 2,
+    Let = 3,
+    Const = 4,
+    Call = 5,
+    KeyVal = 6,
+    Number = 7,
+    Return = 8,
+    Assign = 9,
+    InlineFunction = 10,
+    ArrowFunction = 11,
+    CreateArray = 12,
+    If = 13,
+    IfCase = 14,
+    InlineIf = 15,
+    InlineIfCase = 16,
+    SpreadObject = 17,
+    SpreadArray = 18,
+    ArrayProp = 19,
+    PropOptional = 20,
+    CallOptional = 21,
+    CreateObject = 22,
+    Group = 23,
+    Not = 24,
+    IncrementBefore = 25,
+    IncrementAfter = 26,
+    DecrementBefore = 27,
+    DecrementAfter = 28,
+    And = 29,
+    Or = 30,
+    StrictNotEqual = 31,
+    StrictEqual = 32,
+    Plus = 33,
+    Var = 34,
+    GlobalSymbol = 35,
+    Literal = 36,
+    Function = 37,
+    Loop = 38,
+    Try = 39,
+    Switch = 40,
+    SwitchCase = 41,
+    Block = 42,
+    Expression = 43,
+    Await = 44,
+    New = 45,
+    Throw = 46,
+    Minus = 47,
+    Divide = 48,
+    Power = 49,
+    Multiply = 50,
+    Modulus = 51,
+    Equal = 52,
+    NotEqual = 53,
+    SmallerEqualThan = 54,
+    LargerEqualThan = 55,
+    SmallerThan = 56,
+    LargerThan = 57,
+    Negative = 58,
+    Positive = 59,
+    Typeof = 60,
+    Delete = 61,
+    Instanceof = 62,
+    In = 63,
+    Inverse = 64,
+    SubractEquals = 65,
+    AddEquals = 66,
+    DivideEquals = 67,
+    PowerEquals = 68,
+    MultiplyEquals = 69,
+    ModulusEquals = 70,
+    BitNegateEquals = 71,
+    BitAndEquals = 72,
+    BitOrEquals = 73,
+    UnsignedShiftRightEquals = 74,
+    ShiftRightEquals = 75,
+    ShiftLeftEquals = 76,
+    BitAnd = 77,
+    BitOr = 78,
+    BitNegate = 79,
+    BitShiftLeft = 80,
+    BitShiftRight = 81,
+    BitUnsignedShiftRight = 82,
+    BigInt = 83,
+    LiteralIndex = 84,
+    RegexIndex = 85,
+    LoopAction = 86,
+    Void = 87,
+    True = 88,
+    NullishCoalescing = 89,
+    AndEquals = 90,
+    OrEquals = 91,
+    NullishCoalescingEquals = 92,
+    LispEnumSize = 93
+}
+export declare class Prop<T = unknown> {
+    context: T;
+    prop: PropertyKey;
+    isConst: boolean;
+    isGlobal: boolean;
+    isVariable: boolean;
+    constructor(context: T, prop: PropertyKey, isConst?: boolean, isGlobal?: boolean, isVariable?: boolean);
+    get<T = unknown>(context: IExecContext): T;
+}
+export declare function hasOwnProperty(obj: unknown, prop: PropertyKey): boolean;
+export {};

package/dist/node/utils.js

@@ -0,0 +1,385 @@
+'use strict';
+
+// Reusable AsyncFunction constructor reference
+const AsyncFunction = Object.getPrototypeOf(async function () { }).constructor;
+const GeneratorFunction = Object.getPrototypeOf(function* () { }).constructor;
+const AsyncGeneratorFunction = Object.getPrototypeOf(async function* () { }).constructor;
+const SandboxGlobal = function SandboxGlobal(globals) {
+    for (const i in globals) {
+        this[i] = globals[i];
+    }
+};
+class ExecContext {
+    constructor(ctx, constants, tree, getSubscriptions, setSubscriptions, changeSubscriptions, setSubscriptionsGlobal, changeSubscriptionsGlobal, evals, registerSandboxFunction, allowJit, evalContext) {
+        this.ctx = ctx;
+        this.constants = constants;
+        this.tree = tree;
+        this.getSubscriptions = getSubscriptions;
+        this.setSubscriptions = setSubscriptions;
+        this.changeSubscriptions = changeSubscriptions;
+        this.setSubscriptionsGlobal = setSubscriptionsGlobal;
+        this.changeSubscriptionsGlobal = changeSubscriptionsGlobal;
+        this.evals = evals;
+        this.registerSandboxFunction = registerSandboxFunction;
+        this.allowJit = allowJit;
+        this.evalContext = evalContext;
+    }
+}
+function createContext(sandbox, options) {
+    const sandboxGlobal = new SandboxGlobal(options.globals);
+    const context = {
+        sandbox: sandbox,
+        globalsWhitelist: new Set(Object.values(options.globals)),
+        prototypeWhitelist: new Map([...options.prototypeWhitelist].map((a) => [a[0].prototype, a[1]])),
+        options,
+        globalScope: new Scope(null, options.globals, sandboxGlobal),
+        sandboxGlobal,
+        ticks: { ticks: 0n, tickLimit: options.executionQuota },
+        sandboxedFunctions: new WeakSet(),
+    };
+    context.prototypeWhitelist.set(Object.getPrototypeOf([][Symbol.iterator]()), new Set());
+    // Fetch API 构造函数本身（静态方法如 Response.json）也加白名单
+    if (typeof Response !== 'undefined')
+        context.prototypeWhitelist.set(Response.prototype, new Set());
+    if (typeof Request !== 'undefined')
+        context.prototypeWhitelist.set(Request.prototype, new Set());
+    if (typeof Headers !== 'undefined')
+        context.prototypeWhitelist.set(Headers.prototype, new Set());
+    if (typeof FormData !== 'undefined')
+        context.prototypeWhitelist.set(FormData.prototype, new Set());
+    if (typeof Blob !== 'undefined')
+        context.prototypeWhitelist.set(Blob.prototype, new Set());
+    if (typeof URLSearchParams !== 'undefined')
+        context.prototypeWhitelist.set(URLSearchParams.prototype, new Set());
+    if (typeof AbortController !== 'undefined')
+        context.prototypeWhitelist.set(AbortController.prototype, new Set());
+    if (typeof ReadableStream !== 'undefined')
+        context.prototypeWhitelist.set(ReadableStream.prototype, new Set());
+    if (typeof TransformStream !== 'undefined')
+        context.prototypeWhitelist.set(TransformStream.prototype, new Set());
+    if (typeof WritableStream !== 'undefined')
+        context.prototypeWhitelist.set(WritableStream.prototype, new Set());
+    if (typeof TextEncoder !== 'undefined')
+        context.prototypeWhitelist.set(TextEncoder.prototype, new Set());
+    if (typeof TextDecoder !== 'undefined')
+        context.prototypeWhitelist.set(TextDecoder.prototype, new Set());
+    return context;
+}
+function createExecContext(sandbox, executionTree, evalContext) {
+    const evals = new Map();
+    const execContext = new ExecContext(sandbox.context, executionTree.constants, executionTree.tree, new Set(), new WeakMap(), new WeakMap(), sandbox.setSubscriptions, sandbox.changeSubscriptions, evals, (fn) => sandbox.sandboxFunctions.set(fn, execContext), !!evalContext, evalContext);
+    if (evalContext) {
+        const func = evalContext.sandboxFunction(execContext);
+        const asyncFunc = evalContext.sandboxAsyncFunction(execContext);
+        evals.set(Function, func);
+        evals.set(AsyncFunction, asyncFunc);
+        evals.set(GeneratorFunction, func);
+        evals.set(AsyncGeneratorFunction, asyncFunc);
+        evals.set(eval, evalContext.sandboxedEval(func, execContext));
+        evals.set(setTimeout, evalContext.sandboxedSetTimeout(func, execContext));
+        evals.set(setInterval, evalContext.sandboxedSetInterval(func, execContext));
+        evals.set(clearTimeout, evalContext.sandboxedClearTimeout(execContext));
+        evals.set(clearInterval, evalContext.sandboxedClearInterval(execContext));
+        for (const [key, value] of evals) {
+            sandbox.context.prototypeWhitelist.set(value.prototype, new Set());
+            sandbox.context.prototypeWhitelist.set(key.prototype, new Set());
+        }
+    }
+    return execContext;
+}
+class CodeString {
+    constructor(str) {
+        this.ref = { str: '' };
+        if (str instanceof CodeString) {
+            this.ref = str.ref;
+            this.start = str.start;
+            this.end = str.end;
+        }
+        else {
+            this.ref.str = str;
+            this.start = 0;
+            this.end = str.length;
+        }
+    }
+    substring(start, end) {
+        if (!this.length)
+            return this;
+        start = this.start + start;
+        if (start < 0) {
+            start = 0;
+        }
+        if (start > this.end) {
+            start = this.end;
+        }
+        end = end === undefined ? this.end : this.start + end;
+        if (end < 0) {
+            end = 0;
+        }
+        if (end > this.end) {
+            end = this.end;
+        }
+        const code = new CodeString(this);
+        code.start = start;
+        code.end = end;
+        return code;
+    }
+    get length() {
+        const len = this.end - this.start;
+        return len < 0 ? 0 : len;
+    }
+    char(i) {
+        if (this.start === this.end)
+            return undefined;
+        return this.ref.str[this.start + i];
+    }
+    toString() {
+        return this.ref.str.substring(this.start, this.end);
+    }
+    trimStart() {
+        const found = /^\s+/.exec(this.toString());
+        const code = new CodeString(this);
+        if (found) {
+            code.start += found[0].length;
+        }
+        return code;
+    }
+    slice(start, end) {
+        if (start < 0) {
+            start = this.end - this.start + start;
+        }
+        if (start < 0) {
+            start = 0;
+        }
+        if (end === undefined) {
+            end = this.end - this.start;
+        }
+        if (end < 0) {
+            end = this.end - this.start + end;
+        }
+        if (end < 0) {
+            end = 0;
+        }
+        return this.substring(start, end);
+    }
+    trim() {
+        const code = this.trimStart();
+        const found = /\s+$/.exec(code.toString());
+        if (found) {
+            code.end -= found[0].length;
+        }
+        return code;
+    }
+    valueOf() {
+        return this.toString();
+    }
+}
+function keysOnly(obj) {
+    const ret = Object.assign({}, obj);
+    for (const key in ret) {
+        ret[key] = true;
+    }
+    return ret;
+}
+const reservedWords = new Set([
+    'await',
+    'break',
+    'case',
+    'catch',
+    'class',
+    'const',
+    'continue',
+    'debugger',
+    'default',
+    'delete',
+    'do',
+    'else',
+    'enum',
+    'export',
+    'extends',
+    'false',
+    'finally',
+    'for',
+    'function',
+    'if',
+    'implements',
+    'import',
+    'in',
+    'instanceof',
+    'let',
+    'new',
+    'null',
+    'return',
+    'super',
+    'switch',
+    'this',
+    'throw',
+    'true',
+    'try',
+    'typeof',
+    'var',
+    'void',
+    'while',
+    'with',
+]);
+class Scope {
+    constructor(parent, vars = {}, functionThis) {
+        this.const = {};
+        this.let = {};
+        this.var = {};
+        const isFuncScope = functionThis !== undefined || parent === null;
+        this.parent = parent;
+        this.allVars = vars;
+        this.let = isFuncScope ? this.let : keysOnly(vars);
+        this.var = isFuncScope ? keysOnly(vars) : this.var;
+        this.globals = parent === null ? keysOnly(vars) : {};
+        this.functionThis = functionThis;
+    }
+    get(key) {
+        const isThis = key === 'this';
+        const scope = this.getWhereValScope(key, isThis);
+        if (scope && isThis) {
+            return new Prop({ this: scope.functionThis }, key, false, false, true);
+        }
+        if (!scope) {
+            return new Prop(undefined, key);
+        }
+        return new Prop(scope.allVars, key, key in scope.const, key in scope.globals, true);
+    }
+    set(key, val) {
+        if (key === 'this')
+            throw new SyntaxError('"this" cannot be assigned');
+        if (reservedWords.has(key))
+            throw new SyntaxError("Unexepected token '" + key + "'");
+        const prop = this.get(key);
+        if (prop.context === undefined) {
+            throw new ReferenceError(`Variable '${key}' was not declared.`);
+        }
+        if (prop.context === null) {
+            throw new TypeError(`Cannot set properties of null, (setting '${key}')`);
+        }
+        if (prop.isConst) {
+            throw new TypeError(`Assignment to constant variable`);
+        }
+        if (prop.isGlobal) {
+            throw new SandboxError(`Cannot override global variable '${key}'`);
+        }
+        prop.context[prop.prop] = val;
+        return prop;
+    }
+    getWhereValScope(key, isThis) {
+        if (isThis) {
+            if (this.functionThis !== undefined) {
+                return this;
+            }
+            else {
+                return this.parent?.getWhereValScope(key, isThis) || null;
+            }
+        }
+        if (key in this.allVars && !(key in {} && !hasOwnProperty(this.allVars, key))) {
+            return this;
+        }
+        return this.parent?.getWhereValScope(key, isThis) || null;
+    }
+    getWhereVarScope(key, localScope = false) {
+        if (key in this.allVars && !(key in {} && !hasOwnProperty(this.allVars, key))) {
+            return this;
+        }
+        if (this.parent === null || localScope || this.functionThis !== undefined) {
+            return this;
+        }
+        return this.parent.getWhereVarScope(key, localScope);
+    }
+    declare(key, type, value = undefined, isGlobal = false) {
+        if (key === 'this')
+            throw new SyntaxError('"this" cannot be declared');
+        if (reservedWords.has(key))
+            throw new SyntaxError("Unexepected token '" + key + "'");
+        const existingScope = this.getWhereVarScope(key, type !== "var" /* VarType.var */);
+        if (type === "var" /* VarType.var */) {
+            if (existingScope.var[key]) {
+                existingScope.allVars[key] = value;
+                if (!isGlobal) {
+                    delete existingScope.globals[key];
+                }
+                else {
+                    existingScope.globals[key] = true;
+                }
+                return new Prop(existingScope.allVars, key, false, existingScope.globals[key], true);
+            }
+            else if (key in existingScope.allVars) {
+                throw new SyntaxError(`Identifier '${key}' has already been declared`);
+            }
+        }
+        if (key in existingScope.allVars) {
+            throw new SyntaxError(`Identifier '${key}' has already been declared`);
+        }
+        if (isGlobal) {
+            existingScope.globals[key] = true;
+        }
+        existingScope[type][key] = true;
+        existingScope.allVars[key] = value;
+        return new Prop(this.allVars, key, type === "const" /* VarType.const */, isGlobal, true);
+    }
+}
+class FunctionScope {
+}
+class LocalScope {
+}
+class SandboxError extends Error {
+}
+class SandboxExecutionQuotaExceededError extends SandboxError {
+}
+class SandboxExecutionTreeError extends SandboxError {
+}
+class SandboxCapabilityError extends SandboxError {
+}
+class SandboxAccessError extends SandboxError {
+}
+function isLisp(item) {
+    return (Array.isArray(item) &&
+        typeof item[0] === 'number' &&
+        item[0] !== 0 /* LispType.None */ &&
+        item[0] !== 88 /* LispType.True */);
+}
+class Prop {
+    constructor(context, prop, isConst = false, isGlobal = false, isVariable = false) {
+        this.context = context;
+        this.prop = prop;
+        this.isConst = isConst;
+        this.isGlobal = isGlobal;
+        this.isVariable = isVariable;
+    }
+    get(context) {
+        const ctx = this.context;
+        if (ctx === undefined)
+            throw new ReferenceError(`${this.prop.toString()} is not defined`);
+        if (ctx === null)
+            throw new TypeError(`Cannot read properties of null, (reading '${this.prop.toString()}')`);
+        context.getSubscriptions.forEach((cb) => cb(ctx, this.prop.toString()));
+        return ctx[this.prop];
+    }
+}
+function hasOwnProperty(obj, prop) {
+    return Object.prototype.hasOwnProperty.call(obj, prop);
+}
+
+exports.AsyncFunction = AsyncFunction;
+exports.AsyncGeneratorFunction = AsyncGeneratorFunction;
+exports.CodeString = CodeString;
+exports.ExecContext = ExecContext;
+exports.FunctionScope = FunctionScope;
+exports.GeneratorFunction = GeneratorFunction;
+exports.LocalScope = LocalScope;
+exports.Prop = Prop;
+exports.SandboxAccessError = SandboxAccessError;
+exports.SandboxCapabilityError = SandboxCapabilityError;
+exports.SandboxError = SandboxError;
+exports.SandboxExecutionQuotaExceededError = SandboxExecutionQuotaExceededError;
+exports.SandboxExecutionTreeError = SandboxExecutionTreeError;
+exports.SandboxGlobal = SandboxGlobal;
+exports.Scope = Scope;
+exports.createContext = createContext;
+exports.createExecContext = createExecContext;
+exports.hasOwnProperty = hasOwnProperty;
+exports.isLisp = isLisp;
+exports.reservedWords = reservedWords;