UNPKG

@doodad-js/safeeval

Version:

doodad-js SafeEval (beta)

github.com/doodadjs/

doodadjs/doodad-js-safeeval

2 lines • 17.8 kB

JavaScript

// Copyright 2015-2018 Claude Petit, licensed under Apache License version 2.0 ;exports.add=function add(modules){modules=(modules||{});modules['Doodad.Test.Tools.SafeEval']={version:'4.1.9b',type:'TestModule',dependencies:['Doodad.Test.Tools'],priority:null,proto:{run:function run(root,options){"use strict";const doodad=root.Doodad,types=doodad.Types,tools=doodad.Tools,namespaces=doodad.Namespaces,test=doodad.Test,unit=test.Tools.SafeEval,io=doodad.IO,safeEval=tools.SafeEval;if(!options){options={}};test.runCommand(safeEval.eval,"Doodad.Tools.SafeEval.eval",function(command,options){const hasA=types.has(global,'a'),oldA=global.a,hasB=types.has(global,'b'),oldB=global.b;global.a=1;global.b=2;command.runGroup("Allowed",function(group,options){group.runStep(1,{},"1");group.runStep(0.1,{},"0.1");group.runStep(0.1,{},".1");group.runStep(1,{},"+1");group.runStep(-1,{},"-1");group.runStep(-1,{},"+-1");group.runStep(-1,{},"-+1");group.runStep('hello',{},"'hello'");group.runStep("hello 'sir'",{},"'hello \\'sir\\''");group.runStep('a=1',{},"'a=1'");group.runStep("a=1,'b=2'",{},"'a=1,\\'b=2\\''");group.runStep(1,{},"a",null,['a']);group.runStep(1,{},"(a)",null,['a']);group.runStep(true,{},"a==1",null,['a']);group.runStep(true,{},"a == 1",null,['a']);group.runStep(true,{},"a== 1",null,['a']);group.runStep(true,{},"a ==1",null,['a']);group.runStep(true,{},"a ==1",null,['a']);group.runStep(true,{},"a == 1",null,['a']);group.runStep(false,{},"a!=1",null,['a']);group.runStep(true,{},"a===1",null,['a']);group.runStep(false,{},"a!==1",null,['a']);group.runStep(2,{},"a+1",null,['a']);group.runStep(2,{},"1+1");group.runStep(2,{},"1 + 1");group.runStep(2,{},"1 +1");group.runStep(2,{},"1+ 1");group.runStep(2,{},"1+(1)");group.runStep(2,{},"(1+1)");group.runStep(true,{},"(1+1)==2");group.runStep(true,{},"(1+1)===2");group.runStep(true,{},"true");group.runStep(false,{},"!true");group.runStep(true,{},"true && !false");group.runStep('hello;',{},"'hello;'");group.runStep('var',{},"'var'");group.runStep(Date,{mode:'is'},"new Date",null,['Date'],{allowNew:true});group.runStep(Date,{mode:'is'},"new Date()",null,['Date'],{allowNew:true});group.runStep(1,{},"value",{value:1});group.runStep(16,{},"0x10");group.runStep(17,{},"0x10+1");group.runStep(17,{},"0x10 + 1");group.runStep(2,{note:"May fail under MS Internet Explorer, Safari and Nodejs because binary number constants are not supported."},"0b10");group.runStep(8,{note:"May fail under MS Internet Explorer, Safari and Nodejs because octal number constants are not supported."},"0o10");group.runStep(1,{},"/*eval*/a",null,['a']);group.runStep(1,{},"/*a=1*/a",null,['a']);group.runStep(1,{},"a/*a=1*/",null,['a']);group.runStep(1,{},"a//a=1",null,['a']);group.runStep(global.RegExp,{mode:'isinstance'},"/hello/",null,null,{allowRegExp:true});group.runStep(global.RegExp,{mode:'isinstance'},"/hello/g",null,null,{allowRegExp:true});group.runStep(global.RegExp,{mode:'isinstance'},"/\\./g",null,null,{allowRegExp:true});group.runStep(global.RegExp,{mode:'isinstance'},"/\\//g",null,null,{allowRegExp:true});group.runStep(NaN,{},"/hello/*/*hello*/1",null,null,{allowRegExp:true});group.runStep(NaN,{},"/\\//*/*hello*/1",null,null,{allowRegExp:true});group.runStep([1],{},"[1]");group.runStep([1,2],{},"[1,2]");group.runStep(0,{},"[1,2].indexOf(1)");group.runStep(0,{},"[1,2].indexOf(x)",{x:1});group.runStep(0,{},"[1,2].indexOf(x.y)",{x:{y:1}});group.runStep(0,{},"([1,2]).indexOf(1)");group.runStep(true,{},"([1,2].indexOf(1) >= 0)");group.runStep(0,{},"a.indexOf(x.y)",{a:[1,2],x:{y:1}});group.runStep(true,{},"(a.indexOf(x.y) >= 0)",{a:[1,2],x:{y:1}});group.runStep(2,{},"(function(a){return a+1})(1)",null,null,{allowFunctions:true});group.runStep(3,{},"(function(a,b){return a+b})(1,2)",null,null,{allowFunctions:true});group.runStep(2,{},"(a=>a+1)(1)",null,null,{allowFunctions:true});group.runStep(2,{},"(a=>{return a+1})(1)",null,null,{allowFunctions:true});group.runStep(2,{},"((a)=>a+1)(1)",null,null,{allowFunctions:true});group.runStep(3,{},"((a,b)=>a+b)(1,2)",null,null,{allowFunctions:true});group.runStep(2,{},"((a)=>{return a+1})(1)",null,null,{allowFunctions:true});group.runStep(3,{},"((a,b)=>{return a+b})(1,2)",null,null,{allowFunctions:true});group.runStep(1,{},"({a() {return 1}}).a()",null,null,{allowFunctions:true});group.runStep(1,{},"({['a']() {return 1}}).a()",null,null,{allowFunctions:true})});command.runGroup("Denied",function(group,options){group.runStep(types.AccessDenied,{mode:'isinstance'},"a=1",null,['a']);group.runStep(types.AccessDenied,{mode:'isinstance'},"a='hello'",null,['a']);group.runStep(types.AccessDenied,{mode:'isinstance'},"a=+1",null,['a']);group.runStep(types.AccessDenied,{mode:'isinstance'},"a=-1",null,['a']);group.runStep(types.AccessDenied,{mode:'isinstance'},"a=b",null,['a','b']);group.runStep(types.AccessDenied,{mode:'isinstance'},"a=1;",null,['a']);group.runStep(types.AccessDenied,{mode:'isinstance'},"(a)=1",null,['a']);group.runStep(types.AccessDenied,{mode:'isinstance'},"a = 1",null,['a']);group.runStep(types.AccessDenied,{mode:'isinstance'},"a= 1",null,['a']);group.runStep(types.AccessDenied,{mode:'isinstance'},"a =1",null,['a']);group.runStep(types.AccessDenied,{mode:'isinstance'},"a= 1",null,['a']);group.runStep(types.AccessDenied,{mode:'isinstance'},"a =1",null,['a']);group.runStep(types.AccessDenied,{mode:'isinstance'},"a+=1",null,['a']);group.runStep(types.AccessDenied,{mode:'isinstance'},"a+='hello'",null,['a']);group.runStep(types.AccessDenied,{mode:'isinstance'},"a++",null,['a']);group.runStep(types.AccessDenied,{mode:'isinstance'},"a--",null,['a']);group.runStep(types.AccessDenied,{mode:'isinstance'},"a ++",null,['a']);group.runStep(types.AccessDenied,{mode:'isinstance'},"++a",null,['a']);group.runStep(types.AccessDenied,{mode:'isinstance'},"--a",null,['a']);group.runStep(types.AccessDenied,{mode:'isinstance'},"++ a",null,['a']);group.runStep(types.AccessDenied,{mode:'isinstance'},"this");group.runStep(types.AccessDenied,{mode:'isinstance'},"expression");group.runStep(types.AccessDenied,{mode:'isinstance'},"eval('1')");group.runStep(types.AccessDenied,{mode:'isinstance'},"window");group.runStep(types.AccessDenied,{mode:'isinstance'},"a");group.runStep(types.AccessDenied,{mode:'isinstance'},"document");group.runStep(types.AccessDenied,{mode:'isinstance'},"`Hi !`");group.runStep(types.AccessDenied,{mode:'isinstance'},"`Hi ${'you'} !`");group.runStep(types.AccessDenied,{mode:'isinstance'},"/*comment*/eval");group.runStep(types.AccessDenied,{mode:'isinstance'},"eval/*comment*/");group.runStep(types.AccessDenied,{mode:'isinstance'},"eval//comment");group.runStep(types.AccessDenied,{mode:'isinstance'},"//\neval('1')");group.runStep(types.AccessDenied,{mode:'isinstance'},"//\reval('1')");group.runStep(types.AccessDenied,{mode:'isinstance'},"//\n\reval('1')");group.runStep(types.AccessDenied,{mode:'isinstance'},"//\u2028eval('1')");group.runStep(types.AccessDenied,{mode:'isinstance'},"//\u2029eval('1')");group.runStep(types.AccessDenied,{mode:'isinstance'},"//\u2028\u2029eval('1')");group.runStep(types.AccessDenied,{mode:'isinstance'},"/hello/");group.runStep(types.AccessDenied,{mode:'isinstance'},"/hello/*/*hello*/a",null,null,{allowRegExp:true});group.runStep(types.AccessDenied,{mode:'isinstance'},"a=/hello/",null,['a'],{allowRegExp:true});group.runStep(types.AccessDenied,{mode:'isinstance'},"var a");group.runStep(types.AccessDenied,{mode:'isinstance'},"const a");group.runStep(types.AccessDenied,{mode:'isinstance'},"let a");group.runStep(types.AccessDenied,{mode:'isinstance'},"var a, b = [1, 2]");group.runStep(types.AccessDenied,{mode:'isinstance'},"const a, b = [1, 2]");group.runStep(types.AccessDenied,{mode:'isinstance'},"let a, b = [1, 2]");group.runStep(types.AccessDenied,{mode:'isinstance'},"(function(a){return a+eval('1')})(1)",null,null,{allowFunctions:true});group.runStep(types.AccessDenied,{mode:'isinstance'},"(a=>a+eval('1'))(1)",null,null,{allowFunctions:true});group.runStep(types.AccessDenied,{mode:'isinstance'},"((a)=>a+eval('1'))(1)",null,null,{allowFunctions:true});group.runStep(types.AccessDenied,{mode:'isinstance'},"(a=>{return a+eval('1')})(1)",null,null,{allowFunctions:true});group.runStep(types.AccessDenied,{mode:'isinstance'},"((a)=>{return a+eval('1')})(1)",null,null,{allowFunctions:true});group.runStep(types.AccessDenied,{mode:'isinstance'},"(a,b=>a+b)(1,2)",null,null,{allowFunctions:true});group.runStep(types.AccessDenied,{mode:'isinstance'},"(a,b=>{return a+b})(1,2)",null,null,{allowFunctions:true});group.runStep(types.AccessDenied,{mode:'isinstance'},"![]");group.runStep(types.AccessDenied,{mode:'isinstance'},"![ ]");group.runStep(types.AccessDenied,{mode:'isinstance'},"! [ ]");group.runStep(types.AccessDenied,{mode:'isinstance'},"!\n[\n]");group.runStep(types.AccessDenied,{mode:'isinstance'},"!![]");group.runStep(types.AccessDenied,{mode:'isinstance'},"!![ ]");group.runStep(types.AccessDenied,{mode:'isinstance'},"! ! []");group.runStep(types.AccessDenied,{mode:'isinstance'},"!\n!\n[\n]");group.runStep(types.AccessDenied,{mode:'isinstance'},"[][[]]");group.runStep(types.AccessDenied,{mode:'isinstance'},"[ ] [ [ ] ]");group.runStep(types.AccessDenied,{mode:'isinstance'},"[ ][[ ]]");group.runStep(types.AccessDenied,{mode:'isinstance'},"[\n]\n[\n[\n]\n]");group.runStep(types.AccessDenied,{mode:'isinstance'},"+[![]]");group.runStep(types.AccessDenied,{mode:'isinstance'},"+[]");group.runStep(types.AccessDenied,{mode:'isinstance'},"+!+[]");group.runStep(types.AccessDenied,{mode:'isinstance'},"!+[]+!+[]");group.runStep(types.AccessDenied,{mode:'isinstance'},"+[[+!+[]]+[+[]]]");group.runStep(types.AccessDenied,{mode:'isinstance'},"+[]");group.runStep(types.AccessDenied,{mode:'isinstance'},"[]+[]");group.runStep(types.AccessDenied,{mode:'isinstance'},"[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]+(![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[!+[]+!+[]+[+[]]]+[+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[!+[]+!+[]+[+[]]])()");group.runStep(types.AccessDenied,{mode:'isinstance'},"!([])");group.runStep(types.AccessDenied,{mode:'isinstance'},"!(([]))");group.runStep(types.AccessDenied,{mode:'isinstance'},"!([ ])");group.runStep(types.AccessDenied,{mode:'isinstance'},"! ( [ ] )");group.runStep(types.AccessDenied,{mode:'isinstance'},"([])+([])");group.runStep(types.AccessDenied,{mode:'isinstance'},"constructor.constructor('return eval')()('1')");group.runStep(types.AccessDenied,{mode:'isinstance'},"x.constructor.constructor('return eval')()('1')",{x:0});group.runStep(types.AccessDenied,{mode:'isinstance'},"[].constructor.constructor('return eval')()('1')");group.runStep(types.AccessDenied,{mode:'isinstance'},"0.constructor.constructor('return eval')()('1')");group.runStep(types.AccessDenied,{mode:'isinstance'},"0..constructor.constructor('return eval')()('1')");group.runStep(types.AccessDenied,{mode:'isinstance'},"\"hello\".constructor.constructor('return eval')()('1')");group.runStep(types.AccessDenied,{mode:'isinstance'},"'hello'.constructor.constructor('return eval')()('1')");group.runStep(types.AccessDenied,{mode:'isinstance'},"`hello`.constructor.constructor('return eval')()('1')");group.runStep(types.AccessDenied,{mode:'isinstance'},"x['constructor']['constructor']('return eval')()('1')",{x:0});group.runStep(types.AccessDenied,{mode:'isinstance'},"({})['constructor']['constructor']('return eval')()('1')");group.runStep(types.AccessDenied,{mode:'isinstance'},"[]['constructor']['constructor']('return eval')()('1')");group.runStep(types.AccessDenied,{mode:'isinstance'},"[0]['constructor']['constructor']('return eval')()('1')");group.runStep(types.AccessDenied,{mode:'isinstance'},"0['constructor']['constructor']('return eval')()('1')");group.runStep(types.AccessDenied,{mode:'isinstance'},"0.['constructor']['constructor']('return eval')()('1')");group.runStep(types.AccessDenied,{mode:'isinstance'},"0.1['constructor']['constructor']('return eval')()('1')");group.runStep(types.AccessDenied,{mode:'isinstance'},"0x0['constructor']['constructor']('return eval')()('1')");group.runStep(types.AccessDenied,{mode:'isinstance'},"0x00['constructor']['constructor']('return eval')()('1')");group.runStep(types.AccessDenied,{mode:'isinstance'},"0b0['constructor']['constructor']('return eval')()('1')");group.runStep(types.AccessDenied,{mode:'isinstance'},"0o0['constructor']['constructor']('return eval')()('1')");group.runStep(types.AccessDenied,{mode:'isinstance'},"NaN['constructor']['constructor']('return eval')()('1')");group.runStep(types.AccessDenied,{mode:'isinstance'},"0 [ 'constructor' ] [ 'constructor' ] ( ' return eval ') ( )( ' 1 ' )");group.runStep(types.AccessDenied,{mode:'isinstance'},"Infinity['constructor']['constructor']('return eval')()('1')");group.runStep(types.AccessDenied,{mode:'isinstance'},"true['constructor']['constructor']('return eval')()('1')");group.runStep(types.AccessDenied,{mode:'isinstance'},"false['constructor']['constructor']('return eval')()('1')");group.runStep(types.AccessDenied,{mode:'isinstance'},"\"hello\"[\"constructor\"]['constructor']('return eval')()('1')");group.runStep(types.AccessDenied,{mode:'isinstance'},"'hello'['constructor']['constructor']('return eval')()('1')");group.runStep(types.AccessDenied,{mode:'isinstance'},"`hello`['constructor']['constructor']('return eval')()('1')");group.runStep(types.AccessDenied,{mode:'isinstance'},"a['constructor']['constructor']('return eval')()('1')",{a:0});group.runStep(types.AccessDenied,{mode:'isinstance'},"a['\\x63onstructor']['constructor']('return eval')()('1')",{a:0});group.runStep(types.AccessDenied,{mode:'isinstance'},"a['\\u0063onstructor']['constructor']('return eval')()('1')",{a:0});group.runStep(types.AccessDenied,{mode:'isinstance'},"a['\\u{00000063}onstructor']['constructor']('return eval')()('1')",{a:0});group.runStep(types.AccessDenied,{mode:'isinstance'},"0[x][x]('return eval')()('1')",{x:'constructor'});group.runStep(types.AccessDenied,{mode:'isinstance'},"y[x][x]('return eval')()('1')",{x:'constructor',y:0});group.runStep(types.AccessDenied,{mode:'isinstance'},"const x='constructor';0[x][x]('return eval')()('1')");group.runStep(types.AccessDenied,{mode:'isinstance'},"const x='constructor',y=0;y[x][x]('return eval')()('1')");group.runStep(types.AccessDenied,{mode:'isinstance'},"a[['c','o','n','s','t','r','u','c','t','o','r'].join('')][['c','o','n','s','t','r','u','c','t','o','r'].join('')]('return eval')()('1')",{a:0});group.runStep(types.AccessDenied,{mode:'isinstance'},"[].indexOf['constructor']('return eval')()('1')");group.runStep(types.AccessDenied,{mode:'isinstance'},"0['constructor']");group.runStep(types.AccessDenied,{mode:'isinstance'},"(0)['constructor']");group.runStep(types.AccessDenied,{mode:'isinstance'},"((0))['constructor']");group.runStep(types.AccessDenied,{mode:'isinstance'},"(-0)['constructor']");group.runStep(types.AccessDenied,{mode:'isinstance'},"((-0))['constructor']");group.runStep(types.AccessDenied,{mode:'isinstance'},"(+0)['constructor']");group.runStep(types.AccessDenied,{mode:'isinstance'},"((+0))['constructor']");group.runStep(types.AccessDenied,{mode:'isinstance'},"(0+1)['constructor']");group.runStep(types.AccessDenied,{mode:'isinstance'},"((0+1))['constructor']");group.runStep(types.AccessDenied,{mode:'isinstance'},"0,0['constructor']");group.runStep(types.AccessDenied,{mode:'isinstance'},";0['constructor']");group.runStep(types.AccessDenied,{mode:'isinstance'},"'';0['constructor']");group.runStep(types.AccessDenied,{mode:'isinstance'},"[]['constructor']");group.runStep(types.AccessDenied,{mode:'isinstance'},"([])['constructor']");group.runStep(types.AccessDenied,{mode:'isinstance'},"(([]))['constructor']");group.runStep(types.AccessDenied,{mode:'isinstance'},"({})['constructor']");group.runStep(types.AccessDenied,{mode:'isinstance'},"(({}))['constructor']");group.runStep(types.AccessDenied,{mode:'isinstance'},"[].indexOf['constructor']");group.runStep(types.AccessDenied,{mode:'isinstance'},"class Monkey");group.runStep(types.AccessDenied,{mode:'isinstance'},"(class Monkey)");group.runStep(types.AccessDenied,{mode:'isinstance'},"(new (class Monkey {hack() {return eval('1')}})).hack()",null,null,{allowNew:true});group.runStep(types.AccessDenied,{mode:'isinstance'},"({a() {return 1}}).a()");group.runStep(types.AccessDenied,{mode:'isinstance'},"({['a']() {return 1}}).a()");group.runStep(types.AccessDenied,{mode:'isinstance'},"({a() {return eval('1')}}).a()",null,null,{allowFunctions:true});group.runStep(types.AccessDenied,{mode:'isinstance'},"({['a']() {return eval('1')}}).a()",null,null,{allowFunctions:true})});command.finalize(function(err,dummy){if(hasA){global.a=oldA}else{delete global.a};if(hasB){global.b=oldB}else{delete global.b}})})},},};return modules};