@cuxt/sandboxjs 0.1.1 → 0.1.4

package/build/utils.js

@@ -1,362 +0,0 @@
-// Reusable AsyncFunction constructor reference
-export const AsyncFunction = Object.getPrototypeOf(async function () { }).constructor;
-export const GeneratorFunction = Object.getPrototypeOf(function* () { }).constructor;
-export const AsyncGeneratorFunction = Object.getPrototypeOf(async function* () { }).constructor;
-export const SandboxGlobal = function SandboxGlobal(globals) {
-    for (const i in globals) {
-        this[i] = globals[i];
-    }
-};
-export class ExecContext {
-    constructor(ctx, constants, tree, getSubscriptions, setSubscriptions, changeSubscriptions, setSubscriptionsGlobal, changeSubscriptionsGlobal, evals, registerSandboxFunction, allowJit, evalContext) {
-        this.ctx = ctx;
-        this.constants = constants;
-        this.tree = tree;
-        this.getSubscriptions = getSubscriptions;
-        this.setSubscriptions = setSubscriptions;
-        this.changeSubscriptions = changeSubscriptions;
-        this.setSubscriptionsGlobal = setSubscriptionsGlobal;
-        this.changeSubscriptionsGlobal = changeSubscriptionsGlobal;
-        this.evals = evals;
-        this.registerSandboxFunction = registerSandboxFunction;
-        this.allowJit = allowJit;
-        this.evalContext = evalContext;
-    }
-}
-export function createContext(sandbox, options) {
-    const sandboxGlobal = new SandboxGlobal(options.globals);
-    const context = {
-        sandbox: sandbox,
-        globalsWhitelist: new Set(Object.values(options.globals)),
-        prototypeWhitelist: new Map([...options.prototypeWhitelist].map((a) => [a[0].prototype, a[1]])),
-        options,
-        globalScope: new Scope(null, options.globals, sandboxGlobal),
-        sandboxGlobal,
-        ticks: { ticks: 0n, tickLimit: options.executionQuota },
-        sandboxedFunctions: new WeakSet(),
-    };
-    context.prototypeWhitelist.set(Object.getPrototypeOf([][Symbol.iterator]()), new Set());
-    // Fetch API 构造函数本身（静态方法如 Response.json）也加白名单
-    if (typeof Response !== 'undefined')
-        context.prototypeWhitelist.set(Response.prototype, new Set());
-    if (typeof Request !== 'undefined')
-        context.prototypeWhitelist.set(Request.prototype, new Set());
-    if (typeof Headers !== 'undefined')
-        context.prototypeWhitelist.set(Headers.prototype, new Set());
-    if (typeof FormData !== 'undefined')
-        context.prototypeWhitelist.set(FormData.prototype, new Set());
-    if (typeof Blob !== 'undefined')
-        context.prototypeWhitelist.set(Blob.prototype, new Set());
-    if (typeof URLSearchParams !== 'undefined')
-        context.prototypeWhitelist.set(URLSearchParams.prototype, new Set());
-    if (typeof AbortController !== 'undefined')
-        context.prototypeWhitelist.set(AbortController.prototype, new Set());
-    if (typeof ReadableStream !== 'undefined')
-        context.prototypeWhitelist.set(ReadableStream.prototype, new Set());
-    if (typeof TransformStream !== 'undefined')
-        context.prototypeWhitelist.set(TransformStream.prototype, new Set());
-    if (typeof WritableStream !== 'undefined')
-        context.prototypeWhitelist.set(WritableStream.prototype, new Set());
-    if (typeof TextEncoder !== 'undefined')
-        context.prototypeWhitelist.set(TextEncoder.prototype, new Set());
-    if (typeof TextDecoder !== 'undefined')
-        context.prototypeWhitelist.set(TextDecoder.prototype, new Set());
-    return context;
-}
-export function createExecContext(sandbox, executionTree, evalContext) {
-    const evals = new Map();
-    const execContext = new ExecContext(sandbox.context, executionTree.constants, executionTree.tree, new Set(), new WeakMap(), new WeakMap(), sandbox.setSubscriptions, sandbox.changeSubscriptions, evals, (fn) => sandbox.sandboxFunctions.set(fn, execContext), !!evalContext, evalContext);
-    if (evalContext) {
-        const func = evalContext.sandboxFunction(execContext);
-        const asyncFunc = evalContext.sandboxAsyncFunction(execContext);
-        evals.set(Function, func);
-        evals.set(AsyncFunction, asyncFunc);
-        evals.set(GeneratorFunction, func);
-        evals.set(AsyncGeneratorFunction, asyncFunc);
-        evals.set(eval, evalContext.sandboxedEval(func, execContext));
-        evals.set(setTimeout, evalContext.sandboxedSetTimeout(func, execContext));
-        evals.set(setInterval, evalContext.sandboxedSetInterval(func, execContext));
-        evals.set(clearTimeout, evalContext.sandboxedClearTimeout(execContext));
-        evals.set(clearInterval, evalContext.sandboxedClearInterval(execContext));
-        for (const [key, value] of evals) {
-            sandbox.context.prototypeWhitelist.set(value.prototype, new Set());
-            sandbox.context.prototypeWhitelist.set(key.prototype, new Set());
-        }
-    }
-    return execContext;
-}
-export class CodeString {
-    constructor(str) {
-        this.ref = { str: '' };
-        if (str instanceof CodeString) {
-            this.ref = str.ref;
-            this.start = str.start;
-            this.end = str.end;
-        }
-        else {
-            this.ref.str = str;
-            this.start = 0;
-            this.end = str.length;
-        }
-    }
-    substring(start, end) {
-        if (!this.length)
-            return this;
-        start = this.start + start;
-        if (start < 0) {
-            start = 0;
-        }
-        if (start > this.end) {
-            start = this.end;
-        }
-        end = end === undefined ? this.end : this.start + end;
-        if (end < 0) {
-            end = 0;
-        }
-        if (end > this.end) {
-            end = this.end;
-        }
-        const code = new CodeString(this);
-        code.start = start;
-        code.end = end;
-        return code;
-    }
-    get length() {
-        const len = this.end - this.start;
-        return len < 0 ? 0 : len;
-    }
-    char(i) {
-        if (this.start === this.end)
-            return undefined;
-        return this.ref.str[this.start + i];
-    }
-    toString() {
-        return this.ref.str.substring(this.start, this.end);
-    }
-    trimStart() {
-        const found = /^\s+/.exec(this.toString());
-        const code = new CodeString(this);
-        if (found) {
-            code.start += found[0].length;
-        }
-        return code;
-    }
-    slice(start, end) {
-        if (start < 0) {
-            start = this.end - this.start + start;
-        }
-        if (start < 0) {
-            start = 0;
-        }
-        if (end === undefined) {
-            end = this.end - this.start;
-        }
-        if (end < 0) {
-            end = this.end - this.start + end;
-        }
-        if (end < 0) {
-            end = 0;
-        }
-        return this.substring(start, end);
-    }
-    trim() {
-        const code = this.trimStart();
-        const found = /\s+$/.exec(code.toString());
-        if (found) {
-            code.end -= found[0].length;
-        }
-        return code;
-    }
-    valueOf() {
-        return this.toString();
-    }
-}
-function keysOnly(obj) {
-    const ret = Object.assign({}, obj);
-    for (const key in ret) {
-        ret[key] = true;
-    }
-    return ret;
-}
-export const reservedWords = new Set([
-    'await',
-    'break',
-    'case',
-    'catch',
-    'class',
-    'const',
-    'continue',
-    'debugger',
-    'default',
-    'delete',
-    'do',
-    'else',
-    'enum',
-    'export',
-    'extends',
-    'false',
-    'finally',
-    'for',
-    'function',
-    'if',
-    'implements',
-    'import',
-    'in',
-    'instanceof',
-    'let',
-    'new',
-    'null',
-    'return',
-    'super',
-    'switch',
-    'this',
-    'throw',
-    'true',
-    'try',
-    'typeof',
-    'var',
-    'void',
-    'while',
-    'with',
-]);
-export class Scope {
-    constructor(parent, vars = {}, functionThis) {
-        this.const = {};
-        this.let = {};
-        this.var = {};
-        const isFuncScope = functionThis !== undefined || parent === null;
-        this.parent = parent;
-        this.allVars = vars;
-        this.let = isFuncScope ? this.let : keysOnly(vars);
-        this.var = isFuncScope ? keysOnly(vars) : this.var;
-        this.globals = parent === null ? keysOnly(vars) : {};
-        this.functionThis = functionThis;
-    }
-    get(key) {
-        const isThis = key === 'this';
-        const scope = this.getWhereValScope(key, isThis);
-        if (scope && isThis) {
-            return new Prop({ this: scope.functionThis }, key, false, false, true);
-        }
-        if (!scope) {
-            return new Prop(undefined, key);
-        }
-        return new Prop(scope.allVars, key, key in scope.const, key in scope.globals, true);
-    }
-    set(key, val) {
-        if (key === 'this')
-            throw new SyntaxError('"this" cannot be assigned');
-        if (reservedWords.has(key))
-            throw new SyntaxError("Unexepected token '" + key + "'");
-        const prop = this.get(key);
-        if (prop.context === undefined) {
-            throw new ReferenceError(`Variable '${key}' was not declared.`);
-        }
-        if (prop.context === null) {
-            throw new TypeError(`Cannot set properties of null, (setting '${key}')`);
-        }
-        if (prop.isConst) {
-            throw new TypeError(`Assignment to constant variable`);
-        }
-        if (prop.isGlobal) {
-            throw new SandboxError(`Cannot override global variable '${key}'`);
-        }
-        prop.context[prop.prop] = val;
-        return prop;
-    }
-    getWhereValScope(key, isThis) {
-        if (isThis) {
-            if (this.functionThis !== undefined) {
-                return this;
-            }
-            else {
-                return this.parent?.getWhereValScope(key, isThis) || null;
-            }
-        }
-        if (key in this.allVars && !(key in {} && !hasOwnProperty(this.allVars, key))) {
-            return this;
-        }
-        return this.parent?.getWhereValScope(key, isThis) || null;
-    }
-    getWhereVarScope(key, localScope = false) {
-        if (key in this.allVars && !(key in {} && !hasOwnProperty(this.allVars, key))) {
-            return this;
-        }
-        if (this.parent === null || localScope || this.functionThis !== undefined) {
-            return this;
-        }
-        return this.parent.getWhereVarScope(key, localScope);
-    }
-    declare(key, type, value = undefined, isGlobal = false) {
-        if (key === 'this')
-            throw new SyntaxError('"this" cannot be declared');
-        if (reservedWords.has(key))
-            throw new SyntaxError("Unexepected token '" + key + "'");
-        const existingScope = this.getWhereVarScope(key, type !== "var" /* VarType.var */);
-        if (type === "var" /* VarType.var */) {
-            if (existingScope.var[key]) {
-                existingScope.allVars[key] = value;
-                if (!isGlobal) {
-                    delete existingScope.globals[key];
-                }
-                else {
-                    existingScope.globals[key] = true;
-                }
-                return new Prop(existingScope.allVars, key, false, existingScope.globals[key], true);
-            }
-            else if (key in existingScope.allVars) {
-                throw new SyntaxError(`Identifier '${key}' has already been declared`);
-            }
-        }
-        if (key in existingScope.allVars) {
-            throw new SyntaxError(`Identifier '${key}' has already been declared`);
-        }
-        if (isGlobal) {
-            existingScope.globals[key] = true;
-        }
-        existingScope[type][key] = true;
-        existingScope.allVars[key] = value;
-        return new Prop(this.allVars, key, type === "const" /* VarType.const */, isGlobal, true);
-    }
-}
-export class FunctionScope {
-}
-export class LocalScope {
-}
-export class SandboxError extends Error {
-}
-export class SandboxExecutionQuotaExceededError extends SandboxError {
-}
-export class SandboxExecutionTreeError extends SandboxError {
-}
-export class SandboxCapabilityError extends SandboxError {
-}
-export class SandboxAccessError extends SandboxError {
-}
-export function isLisp(item) {
-    return (Array.isArray(item) &&
-        typeof item[0] === 'number' &&
-        item[0] !== 0 /* LispType.None */ &&
-        item[0] !== 88 /* LispType.True */);
-}
-export class Prop {
-    constructor(context, prop, isConst = false, isGlobal = false, isVariable = false) {
-        this.context = context;
-        this.prop = prop;
-        this.isConst = isConst;
-        this.isGlobal = isGlobal;
-        this.isVariable = isVariable;
-    }
-    get(context) {
-        const ctx = this.context;
-        if (ctx === undefined)
-            throw new ReferenceError(`${this.prop.toString()} is not defined`);
-        if (ctx === null)
-            throw new TypeError(`Cannot read properties of null, (reading '${this.prop.toString()}')`);
-        context.getSubscriptions.forEach((cb) => cb(ctx, this.prop.toString()));
-        return ctx[this.prop];
-    }
-}
-export function hasOwnProperty(obj, prop) {
-    return Object.prototype.hasOwnProperty.call(obj, prop);
-}

package/dist/Sandbox.d.ts

@@ -1,25 +0,0 @@
-import { IExecContext, IOptionParams, IScope } from './utils.js';
-import { ExecReturn } from './executor.js';
-import SandboxExec from './SandboxExec.js';
-export { LocalScope, SandboxExecutionTreeError, SandboxCapabilityError, SandboxAccessError, SandboxError, } from './utils.js';
-export default class Sandbox extends SandboxExec {
-    constructor(options?: IOptionParams);
-    static audit<T>(code: string, scopes?: IScope[]): ExecReturn<T>;
-    static parse(code: string): import("./parser.js").IExecutionTree;
-    compile<T>(code: string, optimize?: boolean): (...scopes: IScope[]) => {
-        context: IExecContext;
-        run: () => T;
-    };
-    compileAsync<T>(code: string, optimize?: boolean): (...scopes: IScope[]) => {
-        context: IExecContext;
-        run: () => Promise<T>;
-    };
-    compileExpression<T>(code: string, optimize?: boolean): (...scopes: IScope[]) => {
-        context: IExecContext;
-        run: () => T;
-    };
-    compileExpressionAsync<T>(code: string, optimize?: boolean): (...scopes: IScope[]) => {
-        context: IExecContext;
-        run: () => Promise<T>;
-    };
-}

package/dist/Sandbox.js

@@ -1,270 +0,0 @@
-import { createExecContext } from './utils.js';
-export { LocalScope, SandboxAccessError, SandboxCapabilityError, SandboxError, SandboxExecutionTreeError } from './utils.js';
-import { createFunction, createFunctionAsync } from './executor.js';
-import parse, { lispifyFunction } from './parser.js';
-import SandboxExec from './SandboxExec.js';
-
-function createEvalContext() {
-    return {
-        sandboxFunction,
-        sandboxAsyncFunction,
-        sandboxedEval,
-        sandboxedSetTimeout,
-        sandboxedSetInterval,
-        sandboxedClearTimeout,
-        sandboxedClearInterval,
-        lispifyFunction,
-    };
-}
-function SB() { }
-function sandboxFunction(context) {
-    SandboxFunction.prototype = SB.prototype;
-    return SandboxFunction;
-    function SandboxFunction(...params) {
-        const code = params.pop() || '';
-        const parsed = parse(code);
-        return createFunction(params, parsed.tree, context.ctx.ticks, {
-            ...context,
-            constants: parsed.constants,
-            tree: parsed.tree,
-        }, undefined, 'anonymous');
-    }
-}
-function SAF() { }
-function sandboxAsyncFunction(context) {
-    SandboxAsyncFunction.prototype = SAF.prototype;
-    return SandboxAsyncFunction;
-    function SandboxAsyncFunction(...params) {
-        const code = params.pop() || '';
-        const parsed = parse(code);
-        return createFunctionAsync(params, parsed.tree, context.ctx.ticks, {
-            ...context,
-            constants: parsed.constants,
-            tree: parsed.tree,
-        }, undefined, 'anonymous');
-    }
-}
-function SE() { }
-function sandboxedEval(func, context) {
-    sandboxEval.prototype = SE.prototype;
-    return sandboxEval;
-    function sandboxEval(code) {
-        // Parse the code and wrap last statement in return for completion value
-        const parsed = parse(code);
-        const tree = wrapLastStatementInReturn(parsed.tree);
-        // Create and execute function with modified tree
-        return createFunction([], tree, context.ctx.ticks, {
-            ...context,
-            constants: parsed.constants,
-            tree,
-        }, undefined, 'anonymous')();
-    }
-}
-function wrapLastStatementInReturn(tree) {
-    if (tree.length === 0)
-        return tree;
-    const newTree = [...tree];
-    const lastIndex = newTree.length - 1;
-    const lastStmt = newTree[lastIndex];
-    // Only wrap if it's not already a return or throw
-    if (Array.isArray(lastStmt) && lastStmt.length >= 1) {
-        const op = lastStmt[0];
-        // Don't wrap Return (8) or Throw (47) - they already control flow
-        if (op === 8 /* LispType.Return */ || op === 46 /* LispType.Throw */) {
-            return newTree;
-        }
-        // List of statement types that should have undefined completion value
-        // These match JavaScript semantics where declarations and control structures
-        // don't produce a completion value
-        const statementTypes = [
-            3 /* LispType.Let */, // 3
-            4 /* LispType.Const */, // 4
-            34 /* LispType.Var */, // 35
-            37 /* LispType.Function */, // 38
-            13 /* LispType.If */, // 14
-            38 /* LispType.Loop */, // 39
-            39 /* LispType.Try */, // 40
-            40 /* LispType.Switch */, // 41
-            42 /* LispType.Block */, // 43
-            43 /* LispType.Expression */, // 44
-        ];
-        // If the last statement is a declaration or control structure,
-        // don't wrap it (it will naturally return undefined)
-        if (statementTypes.includes(op)) {
-            return newTree;
-        }
-        // For all other types (expressions, operators, etc.),
-        // wrap in return to capture the completion value
-        newTree[lastIndex] = [8 /* LispType.Return */, 0 /* LispType.None */, lastStmt];
-    }
-    return newTree;
-}
-function sST() { }
-function sandboxedSetTimeout(func, context) {
-    sandboxSetTimeout.prototype = sST.prototype;
-    return sandboxSetTimeout;
-    function sandboxSetTimeout(handler, timeout, ...args) {
-        const sandbox = context.ctx.sandbox;
-        const exec = (...a) => {
-            const h = typeof handler === 'string' ? func(handler) : handler;
-            haltsub.unsubscribe();
-            contsub.unsubscribe();
-            sandbox.setTimeoutHandles.delete(sandBoxhandle);
-            return h(...a);
-        };
-        const sandBoxhandle = ++sandbox.timeoutHandleCounter;
-        let start = Date.now();
-        let handle = setTimeout(exec, timeout, ...args);
-        let elapsed = 0;
-        const haltsub = sandbox.subscribeHalt(() => {
-            elapsed = Date.now() - start + elapsed;
-            clearTimeout(handle);
-        });
-        const contsub = sandbox.subscribeResume(() => {
-            start = Date.now();
-            const remaining = Math.floor((timeout || 0) - elapsed);
-            handle = setTimeout(exec, remaining, ...args);
-            sandbox.setTimeoutHandles.set(sandBoxhandle, {
-                handle,
-                haltsub,
-                contsub,
-            });
-        });
-        sandbox.setTimeoutHandles.set(sandBoxhandle, {
-            handle,
-            haltsub,
-            contsub,
-        });
-        return sandBoxhandle;
-    }
-}
-function sCT() { }
-function sandboxedClearTimeout(context) {
-    sandboxClearTimeout.prototype = sCT.prototype;
-    return sandboxClearTimeout;
-    function sandboxClearTimeout(handle) {
-        const sandbox = context.ctx.sandbox;
-        const timeoutHandle = sandbox.setTimeoutHandles.get(handle);
-        if (timeoutHandle) {
-            clearTimeout(timeoutHandle.handle);
-            timeoutHandle.haltsub.unsubscribe();
-            timeoutHandle.contsub.unsubscribe();
-            sandbox.setTimeoutHandles.delete(handle);
-        }
-    }
-}
-function sCI() { }
-function sandboxedClearInterval(context) {
-    sandboxClearInterval.prototype = sCI.prototype;
-    return sandboxClearInterval;
-    function sandboxClearInterval(handle) {
-        const sandbox = context.ctx.sandbox;
-        const intervalHandle = sandbox.setIntervalHandles.get(handle);
-        if (intervalHandle) {
-            clearInterval(intervalHandle.handle);
-            intervalHandle.haltsub.unsubscribe();
-            intervalHandle.contsub.unsubscribe();
-            sandbox.setIntervalHandles.delete(handle);
-        }
-    }
-}
-function sSI() { }
-function sandboxedSetInterval(func, context) {
-    sandboxSetInterval.prototype = sSI.prototype;
-    return sandboxSetInterval;
-    function sandboxSetInterval(handler, timeout, ...args) {
-        const sandbox = context.ctx.sandbox;
-        const h = typeof handler === 'string' ? func(handler) : handler;
-        const exec = (...a) => {
-            start = Date.now();
-            elapsed = 0;
-            return h(...a);
-        };
-        const sandBoxhandle = ++sandbox.timeoutHandleCounter;
-        let start = Date.now();
-        let handle = setInterval(exec, timeout, ...args);
-        let elapsed = 0;
-        const haltsub = sandbox.subscribeHalt(() => {
-            elapsed = Date.now() - start + elapsed;
-            clearInterval(handle);
-        });
-        const contsub = sandbox.subscribeResume(() => {
-            start = Date.now();
-            handle = setTimeout(() => {
-                start = Date.now();
-                elapsed = 0;
-                handle = setInterval(exec, timeout, ...args);
-                exec(...args);
-            }, Math.floor((timeout || 0) - elapsed), ...args);
-            handlObj.handle = handle;
-        });
-        const handlObj = {
-            handle,
-            haltsub,
-            contsub,
-        };
-        sandbox.setIntervalHandles.set(sandBoxhandle, handlObj);
-        return sandBoxhandle;
-    }
-}
-
-class Sandbox extends SandboxExec {
-    constructor(options) {
-        super(options, createEvalContext());
-    }
-    static audit(code, scopes = []) {
-        const globals = {};
-        for (const i of Object.getOwnPropertyNames(globalThis)) {
-            globals[i] = globalThis[i];
-        }
-        const sandbox = new SandboxExec({
-            globals,
-            audit: true,
-        });
-        return sandbox.executeTree(createExecContext(sandbox, parse(code, true), createEvalContext()), scopes);
-    }
-    static parse(code) {
-        return parse(code);
-    }
-    compile(code, optimize = false) {
-        const parsed = parse(code, optimize);
-        const exec = (...scopes) => {
-            const context = createExecContext(this, parsed, this.evalContext);
-            return { context, run: () => this.executeTree(context, [...scopes]).result };
-        };
-        return exec;
-    }
-    compileAsync(code, optimize = false) {
-        const parsed = parse(code, optimize);
-        const exec = (...scopes) => {
-            const context = createExecContext(this, parsed, this.evalContext);
-            return {
-                context,
-                run: () => this.executeTreeAsync(context, [...scopes]).then((ret) => ret.result),
-            };
-        };
-        return exec;
-    }
-    compileExpression(code, optimize = false) {
-        const parsed = parse(code, optimize, true);
-        const exec = (...scopes) => {
-            const context = createExecContext(this, parsed, this.evalContext);
-            return { context, run: () => this.executeTree(context, [...scopes]).result };
-        };
-        return exec;
-    }
-    compileExpressionAsync(code, optimize = false) {
-        const parsed = parse(code, optimize, true);
-        const exec = (...scopes) => {
-            const context = createExecContext(this, parsed, this.evalContext);
-            return {
-                context,
-                run: () => this.executeTreeAsync(context, [...scopes]).then((ret) => ret.result),
-            };
-        };
-        return exec;
-    }
-}
-
-export { Sandbox as default };
-//# sourceMappingURL=Sandbox.js.map