Merge pull request #286 from XmiliaH/fix-279

Fix false positive async errors

Author: XmiliaH

lib/contextify.js

@@ -983,5 +983,6 @@ exportsMap.Contextify = Contextify;
 exportsMap.Decontextify = Decontextify;
 exportsMap.Buffer = LocalBuffer;
 exportsMap.sandbox = Decontextify.value(global);
+exportsMap.Function = Function;
 
 return exportsMap;

lib/fixasync.js

@@ -1,109 +1,79 @@
 'use strict';
 
 // eslint-disable-next-line no-invalid-this, no-shadow
-const {GeneratorFunction, AsyncFunction, AsyncGeneratorFunction, global, Contextify, host} = this;
+const {GeneratorFunction, AsyncFunction, AsyncGeneratorFunction, global, internal, host, hook} = this;
+const {Contextify, Decontextify} = internal;
 // eslint-disable-next-line no-shadow
-const {Function, eval: eval_, Promise, Object, Reflect, RegExp, VMError} = global;
-const {setPrototypeOf, getOwnPropertyDescriptor, defineProperty} = Object;
+const {Function, eval: eval_, Promise, Object, Reflect} = global;
+const {getOwnPropertyDescriptor, defineProperty, assign} = Object;
 const {apply: rApply, construct: rConstruct} = Reflect;
-const {test} = RegExp.prototype;
 
-function rejectAsync() {
-	throw new VMError('Async not available');
-}
-
-const testAsync = setPrototypeOf(/\basync\b/, null);
-
-function checkAsync(source) {
-	// Filter async functions, await can only be in them.
-	if (rApply(test, testAsync, [source])) {
-		throw rejectAsync();
-	}
-	return source;
-}
-
-const AsyncCheckHandler = {
+const FunctionHandler = {
 	__proto__: null,
 	apply(target, thiz, args) {
-		let i;
-		for (i=0; i<args.length; i++) {
-			// We want a exception here if args[i] is a Symbol
-			// since Function does the same thing
-			args[i] = checkAsync('' + args[i]);
+		const type = this.type;
+		args = Decontextify.arguments(args);
+		try {
+			args = Contextify.value(hook(type, args));
+		} catch (e) {
+			throw Contextify.value(e);
 		}
-		return rApply(target, undefined, args);
+		return rApply(target, thiz, args);
 	},
 	construct(target, args, newTarget) {
-		let i;
-		for (i=0; i<args.length; i++) {
-			// We want a exception here if args[i] is a Symbol
-			// since Function does the same thing
-			args[i] = checkAsync('' + args[i]);
+		const type = this.type;
+		args = Decontextify.arguments(args);
+		try {
+			args = Contextify.value(hook(type, args));
+		} catch (e) {
+			throw Contextify.value(e);
 		}
-		return rConstruct(target, args);
+		return rConstruct(target, args, newTarget);
 	}
 };
 
-const AsyncEvalHandler = {
-	__proto__: null,
-	apply(target, thiz, args) {
-		if (args.length === 0) return undefined;
-		const script = args[0];
-		if (typeof script !== 'string') {
-			// Eval does the same thing
-			return script;
-		}
-		checkAsync(script);
-		return eval_(script);
-	}
-};
+function makeCheckFunction(type) {
+	return assign({
+		__proto__: null,
+		type
+	}, FunctionHandler);
+}
 
 function override(obj, prop, value) {
 	const desc = getOwnPropertyDescriptor(obj, prop);
 	desc.value = value;
 	defineProperty(obj, prop, desc);
 }
 
-const proxiedFunction = new host.Proxy(Function, AsyncCheckHandler);
+const proxiedFunction = new host.Proxy(Function, makeCheckFunction('function'));
 override(Function.prototype, 'constructor', proxiedFunction);
 if (GeneratorFunction) {
 	Object.setPrototypeOf(GeneratorFunction, proxiedFunction);
-	override(GeneratorFunction.prototype, 'constructor', new host.Proxy(GeneratorFunction, AsyncCheckHandler));
+	override(GeneratorFunction.prototype, 'constructor', new host.Proxy(GeneratorFunction, makeCheckFunction('generator_function')));
 }
-if (AsyncFunction || AsyncGeneratorFunction) {
-	const AsyncFunctionRejectHandler = {
-		__proto__: null,
-		apply: rejectAsync,
-		construct: rejectAsync
-	};
-	if (AsyncFunction) {
-		Object.setPrototypeOf(AsyncFunction, proxiedFunction);
-		override(AsyncFunction.prototype, 'constructor', new host.Proxy(AsyncFunction, AsyncFunctionRejectHandler));
-	}
-	if (AsyncGeneratorFunction) {
-		Object.setPrototypeOf(AsyncGeneratorFunction, proxiedFunction);
-		override(AsyncGeneratorFunction.prototype, 'constructor', new host.Proxy(AsyncGeneratorFunction, AsyncFunctionRejectHandler));
-	}
+if (AsyncFunction) {
+	Object.setPrototypeOf(AsyncFunction, proxiedFunction);
+	override(AsyncFunction.prototype, 'constructor', new host.Proxy(AsyncFunction, makeCheckFunction('async_function')));
+}
+if (AsyncGeneratorFunction) {
+	Object.setPrototypeOf(AsyncGeneratorFunction, proxiedFunction);
+	override(AsyncGeneratorFunction.prototype, 'constructor', new host.Proxy(AsyncGeneratorFunction, makeCheckFunction('async_generator_function')));
 }
 
-global.Function = Function.prototype.constructor;
-global.eval = new host.Proxy(eval_, AsyncEvalHandler);
+global.Function = proxiedFunction;
+global.eval = new host.Proxy(eval_, makeCheckFunction('eval'));
 
 if (Promise) {
-	const AsyncRejectHandler = {
-		__proto__: null,
-		apply: rejectAsync
-	};
 
-	Promise.prototype.then = new host.Proxy(Promise.prototype.then, AsyncRejectHandler);
+	Promise.prototype.then = new host.Proxy(Promise.prototype.then, makeCheckFunction('promise_then'));
 	Contextify.connect(host.Promise.prototype.then, Promise.prototype.then);
 
 	if (Promise.prototype.finally) {
-		Promise.prototype.finally = new host.Proxy(Promise.prototype.finally, AsyncRejectHandler);
+		Promise.prototype.finally = new host.Proxy(Promise.prototype.finally, makeCheckFunction('promise_finally'));
 		Contextify.connect(host.Promise.prototype.finally, Promise.prototype.finally);
 	}
 	if (Promise.prototype.catch) {
-		Promise.prototype.catch = new host.Proxy(Promise.prototype.catch, AsyncRejectHandler);
+		Promise.prototype.catch = new host.Proxy(Promise.prototype.catch, makeCheckFunction('promise_catch'));
 		Contextify.connect(host.Promise.prototype.catch, Promise.prototype.catch);
 	}
 

lib/main.js

@@ -60,7 +60,7 @@ const CACHE = {
 	timeoutScript: null,
 	contextifyScript: loadAndCompileScript(`${__dirname}/contextify.js`, '(function(require, host) { ', '\n})'),
 	sandboxScript: null,
-	fixAsyncScript: null,
+	hookScript: null,
 	getGlobalScript: null,
 	getGeneratorFunctionScript: null,
 	getAsyncFunctionScript: null,
@@ -468,6 +468,43 @@ function doWithTimeout(fn, timeout) {
 	}
 }
 
+function makeCheckAsync(internal) {
+	return (hook, args) => {
+		if (hook === 'function' || hook === 'generator_function' || hook === 'eval' || hook === 'run') {
+			const funcConstructor = internal.Function;
+			if (hook === 'eval') {
+				const script = args[0];
+				args = [script];
+				if (typeof(script) !== 'string') return args;
+			} else {
+				// Next line throws on Symbol, this is the same behavior as function constructor calls
+				args = args.map(arg => `${arg}`);
+			}
+			if (args.findIndex(arg => /\basync\b/.test(arg)) === -1) return args;
+			const asyncMapped = args.map(arg => arg.replace(/async/g, 'a\\u0073ync'));
+			try {
+				// Note: funcConstructor is a Sandbox object, however, asyncMapped are only strings.
+				funcConstructor(...asyncMapped);
+			} catch (u) {
+				// u is a sandbox object
+				// Some random syntax error or error because of async.
+
+				// First report real syntax errors
+				try {
+					// Note: funcConstructor is a Sandbox object, however, args are only strings.
+					funcConstructor(...args);
+				} catch (e) {
+					throw internal.Decontextify.value(e);
+				}
+				// Then async error
+				throw new VMError('Async not available');
+			}
+			return args;
+		}
+		throw new VMError('Async not available');
+	};
+}
+
 /**
  * Class VM.
  *
@@ -578,6 +615,8 @@ class VM extends EventEmitter {
 		// Create the bridge between the host and the sandbox.
 		const _internal = CACHE.contextifyScript.runInContext(_context, DEFAULT_RUN_OPTIONS).call(_context, require, HOST);
 
+		const hook = fixAsync ? makeCheckAsync(_internal) : null;
+
 		// Define the properties of this object.
 		// Use Object.defineProperties here to be able to
 		// hide and set properties write only.
@@ -598,12 +637,12 @@ class VM extends EventEmitter {
 			_context: {value: _context},
 			_internal: {value: _internal},
 			_compiler: {value: resolvedCompiler},
-			_fixAsync: {value: fixAsync}
+			_hook: {value: hook}
 		});
 
-		if (fixAsync) {
-			if (!CACHE.fixAsyncScript) {
-				CACHE.fixAsyncScript = loadAndCompileScript(`${__dirname}/fixasync.js`, '(function() { ', '\n})');
+		if (hook) {
+			if (!CACHE.hookScript) {
+				CACHE.hookScript = loadAndCompileScript(`${__dirname}/fixasync.js`, '(function() { ', '\n})');
 				CACHE.getGlobalScript = new vm.Script('this', {
 					filename: 'get_global.js',
 					displayErrors: false
@@ -629,26 +668,27 @@ class VM extends EventEmitter {
 			}
 			const internal = {
 				__proto__: null,
-				global: CACHE.getGlobalScript.runInContext(this._context, DEFAULT_RUN_OPTIONS),
-				Contextify: this._internal.Contextify,
-				host: HOST
+				global: CACHE.getGlobalScript.runInContext(_context, DEFAULT_RUN_OPTIONS),
+				internal: _internal,
+				host: HOST,
+				hook
 			};
 			if (CACHE.getGeneratorFunctionScript) {
 				try {
-					internal.GeneratorFunction = CACHE.getGeneratorFunctionScript.runInContext(this._context, DEFAULT_RUN_OPTIONS);
+					internal.GeneratorFunction = CACHE.getGeneratorFunctionScript.runInContext(_context, DEFAULT_RUN_OPTIONS);
 				} catch (ex) {}
 			}
 			if (CACHE.getAsyncFunctionScript) {
 				try {
-					internal.AsyncFunction = CACHE.getAsyncFunctionScript.runInContext(this._context, DEFAULT_RUN_OPTIONS);
+					internal.AsyncFunction = CACHE.getAsyncFunctionScript.runInContext(_context, DEFAULT_RUN_OPTIONS);
 				} catch (ex) {}
 			}
 			if (CACHE.getAsyncGeneratorFunctionScript) {
 				try {
-					internal.AsyncGeneratorFunction = CACHE.getAsyncGeneratorFunctionScript.runInContext(this._context, DEFAULT_RUN_OPTIONS);
+					internal.AsyncGeneratorFunction = CACHE.getAsyncGeneratorFunctionScript.runInContext(_context, DEFAULT_RUN_OPTIONS);
 				} catch (ex) {}
 			}
-			CACHE.fixAsyncScript.runInContext(this._context, DEFAULT_RUN_OPTIONS).call(internal);
+			CACHE.hookScript.runInContext(_context, DEFAULT_RUN_OPTIONS).call(internal);
 		}
 
 		// prepare global sandbox
@@ -748,17 +788,28 @@ class VM extends EventEmitter {
 	run(code, filename) {
 		let script;
 		if (code instanceof VMScript) {
-			if (this._fixAsync && /\basync\b/.test(code.code)) {
-				throw new VMError('Async not available');
+			if (this._hook) {
+				const scriptCode = code.code;
+				const changed = this._hook('run', [scriptCode])[0];
+				if (changed === scriptCode) {
+					script = code._compileVM();
+				} else {
+					script = new vm.Script(changed, {
+						filename: code.filename,
+						displayErrors: false
+					});
+				}
+			} else {
+				script = code._compileVM();
 			}
-			script = code._compileVM();
 		} else {
-			if (this._fixAsync && /\basync\b/.test(code)) {
-				throw new VMError('Async not available');
-			}
 			const useFileName = filename || 'vm.js';
+			let scriptCode = this._compiler(code, useFileName);
+			if (this._hook) {
+				scriptCode = this._hook('run', [scriptCode])[0];
+			}
 			// Compile the script here so that we don't need to create a instance of VMScript.
-			script = new vm.Script(this._compiler(code, useFileName), {
+			script = new vm.Script(scriptCode, {
 				filename: useFileName,
 				displayErrors: false
 			});

test/vm.js

@@ -363,18 +363,21 @@ describe('VM', () => {
 		});
 	}
 
-	it('async', () => {
-		const vm2 = new VM({fixAsync: true});
-		assert.throws(() => vm2.run('(async function(){})'), /Async not available/, '#1');
-		assert.throws(() => vm2.run('new Function("as"+"ync function(){}")'), /Async not available/, '#2');
-		assert.throws(() => vm2.run('new (function*(){}).constructor("as"+"ync function(){}")'), /Async not available/, '#3');
-		assert.throws(() => vm2.run('Promise.resolve().then(function(){})'), /Async not available/, '#4');
-		if (Promise.prototype.finally) assert.throws(() => vm2.run('Promise.resolve().finally(function(){})'), /Async not available/, '#5');
-		if (Promise.prototype.catch) assert.throws(() => vm2.run('Promise.resolve().catch(function(){})'), /Async not available/, '#6');
-		assert.throws(() => vm2.run('eval("as"+"ync function(){}")'), /Async not available/, '#7');
-		assert.strictEqual(vm2.run('Object.getPrototypeOf((function*(){}).constructor)'), vm2.run('Function'), '#8');
-		assert.throws(() => vm2.run('Function')('async function(){}'), /Async not available/, '#9');
-	});
+	if (NODE_VERSION > 7) {
+		// Node until 7 had no async, see https://node.green/
+		it('async', () => {
+			const vm2 = new VM({fixAsync: true});
+			assert.throws(() => vm2.run('(async function(){})'), /Async not available/, '#1');
+			assert.strictEqual(vm2.run('Object.getPrototypeOf((function*(){}).constructor)'), vm2.run('Function'), '#2');
+			assert.throws(() => vm2.run('new Function("(as"+"ync function(){})")'), /Async not available/, '#3');
+			assert.throws(() => vm2.run('new (function*(){}).constructor("(as"+"ync function(){})")'), /Async not available/, '#4');
+			assert.throws(() => vm2.run('Promise.resolve().then(function(){})'), /Async not available/, '#5');
+			if (Promise.prototype.finally) assert.throws(() => vm2.run('Promise.resolve().finally(function(){})'), /Async not available/, '#6');
+			if (Promise.prototype.catch) assert.throws(() => vm2.run('Promise.resolve().catch(function(){})'), /Async not available/, '#7');
+			assert.throws(() => vm2.run('eval("(as"+"ync function(){})")'), /Async not available/, '#8');
+			assert.throws(() => vm2.run('Function')('(async function(){})'), /Async not available/, '#9');
+		});
+	}
 
 	it('frozen unconfigurable access', () => {
 		const vm2 = new VM();