Fix javacript runs
This commit is contained in:
parent
2cde033783
commit
7aee57eb6a
|
@ -1,149 +1,170 @@
|
||||||
const { processStringSync, encodeJSBinding } = require("../src/index.js")
|
const vm = require("vm")
|
||||||
|
|
||||||
|
const {
|
||||||
|
processStringSync,
|
||||||
|
encodeJSBinding,
|
||||||
|
setJSRunner,
|
||||||
|
} = require("../src/index.js")
|
||||||
const { UUID_REGEX } = require("./constants")
|
const { UUID_REGEX } = require("./constants")
|
||||||
|
|
||||||
const processJS = (js, context) => {
|
const processJS = (js, context) => {
|
||||||
return processStringSync(encodeJSBinding(js), context)
|
return processStringSync(encodeJSBinding(js), context)
|
||||||
}
|
}
|
||||||
|
|
||||||
describe("Test the JavaScript helper", () => {
|
describe("Javascript", () => {
|
||||||
it("should execute a simple expression", () => {
|
beforeAll(() => {
|
||||||
const output = processJS(`return 1 + 2`)
|
setJSRunner((js, context) => {
|
||||||
expect(output).toBe(3)
|
context = {
|
||||||
})
|
...context,
|
||||||
|
alert: undefined,
|
||||||
it("should be able to use primitive bindings", () => {
|
setInterval: undefined,
|
||||||
const output = processJS(`return $("foo")`, {
|
setTimeout: undefined,
|
||||||
foo: "bar",
|
}
|
||||||
|
vm.createContext(context)
|
||||||
|
return vm.runInNewContext(js, context, { timeout: 1000 })
|
||||||
})
|
})
|
||||||
expect(output).toBe("bar")
|
|
||||||
})
|
})
|
||||||
|
|
||||||
it("should be able to use an object binding", () => {
|
describe("Test the JavaScript helper", () => {
|
||||||
const output = processJS(`return $("foo").bar`, {
|
it("should execute a simple expression", () => {
|
||||||
foo: {
|
const output = processJS(`return 1 + 2`)
|
||||||
bar: "baz",
|
expect(output).toBe(3)
|
||||||
},
|
|
||||||
})
|
})
|
||||||
expect(output).toBe("baz")
|
|
||||||
})
|
|
||||||
|
|
||||||
it("should be able to use a complex object binding", () => {
|
it("should be able to use primitive bindings", () => {
|
||||||
const output = processJS(`return $("foo").bar[0].baz`, {
|
const output = processJS(`return $("foo")`, {
|
||||||
foo: {
|
foo: "bar",
|
||||||
bar: [
|
})
|
||||||
{
|
expect(output).toBe("bar")
|
||||||
baz: "shazbat",
|
|
||||||
},
|
|
||||||
],
|
|
||||||
},
|
|
||||||
})
|
})
|
||||||
expect(output).toBe("shazbat")
|
|
||||||
})
|
|
||||||
|
|
||||||
it("should be able to use a deep binding", () => {
|
it("should be able to use an object binding", () => {
|
||||||
const output = processJS(`return $("foo.bar.baz")`, {
|
const output = processJS(`return $("foo").bar`, {
|
||||||
foo: {
|
foo: {
|
||||||
bar: {
|
|
||||||
baz: "shazbat",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
})
|
|
||||||
expect(output).toBe("shazbat")
|
|
||||||
})
|
|
||||||
|
|
||||||
it("should be able to return an object", () => {
|
|
||||||
const output = processJS(`return $("foo")`, {
|
|
||||||
foo: {
|
|
||||||
bar: {
|
|
||||||
baz: "shazbat",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
})
|
|
||||||
expect(output.bar.baz).toBe("shazbat")
|
|
||||||
})
|
|
||||||
|
|
||||||
it("should be able to return an array", () => {
|
|
||||||
const output = processJS(`return $("foo")`, {
|
|
||||||
foo: ["a", "b", "c"],
|
|
||||||
})
|
|
||||||
expect(output[2]).toBe("c")
|
|
||||||
})
|
|
||||||
|
|
||||||
it("should be able to return null", () => {
|
|
||||||
const output = processJS(`return $("foo")`, {
|
|
||||||
foo: null,
|
|
||||||
})
|
|
||||||
expect(output).toBe(null)
|
|
||||||
})
|
|
||||||
|
|
||||||
it("should be able to return undefined", () => {
|
|
||||||
const output = processJS(`return $("foo")`, {
|
|
||||||
foo: undefined,
|
|
||||||
})
|
|
||||||
expect(output).toBe(undefined)
|
|
||||||
})
|
|
||||||
|
|
||||||
it("should be able to return 0", () => {
|
|
||||||
const output = processJS(`return $("foo")`, {
|
|
||||||
foo: 0,
|
|
||||||
})
|
|
||||||
expect(output).toBe(0)
|
|
||||||
})
|
|
||||||
|
|
||||||
it("should be able to return an empty string", () => {
|
|
||||||
const output = processJS(`return $("foo")`, {
|
|
||||||
foo: "",
|
|
||||||
})
|
|
||||||
expect(output).toBe("")
|
|
||||||
})
|
|
||||||
|
|
||||||
it("should be able to use a deep array binding", () => {
|
|
||||||
const output = processJS(`return $("foo.0.bar")`, {
|
|
||||||
foo: [
|
|
||||||
{
|
|
||||||
bar: "baz",
|
bar: "baz",
|
||||||
},
|
},
|
||||||
],
|
})
|
||||||
|
expect(output).toBe("baz")
|
||||||
|
})
|
||||||
|
|
||||||
|
it("should be able to use a complex object binding", () => {
|
||||||
|
const output = processJS(`return $("foo").bar[0].baz`, {
|
||||||
|
foo: {
|
||||||
|
bar: [
|
||||||
|
{
|
||||||
|
baz: "shazbat",
|
||||||
|
},
|
||||||
|
],
|
||||||
|
},
|
||||||
|
})
|
||||||
|
expect(output).toBe("shazbat")
|
||||||
|
})
|
||||||
|
|
||||||
|
it("should be able to use a deep binding", () => {
|
||||||
|
const output = processJS(`return $("foo.bar.baz")`, {
|
||||||
|
foo: {
|
||||||
|
bar: {
|
||||||
|
baz: "shazbat",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
})
|
||||||
|
expect(output).toBe("shazbat")
|
||||||
|
})
|
||||||
|
|
||||||
|
it("should be able to return an object", () => {
|
||||||
|
const output = processJS(`return $("foo")`, {
|
||||||
|
foo: {
|
||||||
|
bar: {
|
||||||
|
baz: "shazbat",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
})
|
||||||
|
expect(output.bar.baz).toBe("shazbat")
|
||||||
|
})
|
||||||
|
|
||||||
|
it("should be able to return an array", () => {
|
||||||
|
const output = processJS(`return $("foo")`, {
|
||||||
|
foo: ["a", "b", "c"],
|
||||||
|
})
|
||||||
|
expect(output[2]).toBe("c")
|
||||||
|
})
|
||||||
|
|
||||||
|
it("should be able to return null", () => {
|
||||||
|
const output = processJS(`return $("foo")`, {
|
||||||
|
foo: null,
|
||||||
|
})
|
||||||
|
expect(output).toBe(null)
|
||||||
|
})
|
||||||
|
|
||||||
|
it("should be able to return undefined", () => {
|
||||||
|
const output = processJS(`return $("foo")`, {
|
||||||
|
foo: undefined,
|
||||||
|
})
|
||||||
|
expect(output).toBe(undefined)
|
||||||
|
})
|
||||||
|
|
||||||
|
it("should be able to return 0", () => {
|
||||||
|
const output = processJS(`return $("foo")`, {
|
||||||
|
foo: 0,
|
||||||
|
})
|
||||||
|
expect(output).toBe(0)
|
||||||
|
})
|
||||||
|
|
||||||
|
it("should be able to return an empty string", () => {
|
||||||
|
const output = processJS(`return $("foo")`, {
|
||||||
|
foo: "",
|
||||||
|
})
|
||||||
|
expect(output).toBe("")
|
||||||
|
})
|
||||||
|
|
||||||
|
it("should be able to use a deep array binding", () => {
|
||||||
|
const output = processJS(`return $("foo.0.bar")`, {
|
||||||
|
foo: [
|
||||||
|
{
|
||||||
|
bar: "baz",
|
||||||
|
},
|
||||||
|
],
|
||||||
|
})
|
||||||
|
expect(output).toBe("baz")
|
||||||
|
})
|
||||||
|
|
||||||
|
it("should handle errors", () => {
|
||||||
|
const output = processJS(`throw "Error"`)
|
||||||
|
expect(output).toBe("Error while executing JS")
|
||||||
|
})
|
||||||
|
|
||||||
|
it("should timeout after one second", () => {
|
||||||
|
const output = processJS(`while (true) {}`)
|
||||||
|
expect(output).toBe("Timed out while executing JS")
|
||||||
|
})
|
||||||
|
|
||||||
|
it("should prevent access to the process global", () => {
|
||||||
|
const output = processJS(`return process`)
|
||||||
|
expect(output).toBe("Error while executing JS")
|
||||||
|
})
|
||||||
|
|
||||||
|
it("should prevent sandbox escape", () => {
|
||||||
|
const output = processJS(
|
||||||
|
`return this.constructor.constructor("return process")()`
|
||||||
|
)
|
||||||
|
expect(output).toBe("Error while executing JS")
|
||||||
})
|
})
|
||||||
expect(output).toBe("baz")
|
|
||||||
})
|
})
|
||||||
|
|
||||||
it("should handle errors", () => {
|
describe("check JS helpers", () => {
|
||||||
const output = processJS(`throw "Error"`)
|
it("should error if using the format helper. not helpers.", () => {
|
||||||
expect(output).toBe("Error while executing JS")
|
const output = processJS(`return helper.toInt(4.3)`)
|
||||||
})
|
expect(output).toBe("Error while executing JS")
|
||||||
|
})
|
||||||
|
|
||||||
it("should timeout after one second", () => {
|
it("should be able to use toInt", () => {
|
||||||
const output = processJS(`while (true) {}`)
|
const output = processJS(`return helpers.toInt(4.3)`)
|
||||||
expect(output).toBe("Timed out while executing JS")
|
expect(output).toBe(4)
|
||||||
})
|
})
|
||||||
|
|
||||||
it("should prevent access to the process global", () => {
|
it("should be able to use uuid", () => {
|
||||||
const output = processJS(`return process`)
|
const output = processJS(`return helpers.uuid()`)
|
||||||
expect(output).toBe("Error while executing JS")
|
expect(output).toMatch(UUID_REGEX)
|
||||||
})
|
})
|
||||||
|
|
||||||
it("should prevent sandbox escape", () => {
|
|
||||||
const output = processJS(
|
|
||||||
`return this.constructor.constructor("return process")()`
|
|
||||||
)
|
|
||||||
expect(output).toBe("Error while executing JS")
|
|
||||||
})
|
|
||||||
})
|
|
||||||
|
|
||||||
describe("check JS helpers", () => {
|
|
||||||
it("should error if using the format helper. not helpers.", () => {
|
|
||||||
const output = processJS(`return helper.toInt(4.3)`)
|
|
||||||
expect(output).toBe("Error while executing JS")
|
|
||||||
})
|
|
||||||
|
|
||||||
it("should be able to use toInt", () => {
|
|
||||||
const output = processJS(`return helpers.toInt(4.3)`)
|
|
||||||
expect(output).toBe(4)
|
|
||||||
})
|
|
||||||
|
|
||||||
it("should be able to use uuid", () => {
|
|
||||||
const output = processJS(`return helpers.uuid()`)
|
|
||||||
expect(output).toMatch(UUID_REGEX)
|
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
Loading…
Reference in New Issue