Document how-to-harden console

[warner]

[edit @kriskowal 2020-08-13]

Somewhere, document that the console object in Node.js can be hardened by:

harden(console.__proto__);
harden(console);

---

This program:

import { lockdown } from 'ses';
lockdown();
console.log(`about to harden(console)`);
harden(console);
console.log(`successfully did harden(console)`);

when run under SES-0.7.7, fails as it tries to harden the console:

$ node -r esm fail-harden-console.js
about to harden(console)
/home/warner/stuff/agoric/agoric-sdk/packages/SwingSet/node_modules/ses/dist/ses.cjs:1
TypeError: prototype [object Object] of unknown is not already in the fringeSet
    at /home/warner/stuff/agoric/agoric-sdk/packages/SwingSet/node_modules/ses/dist/ses.cjs:171:19
    at Map.forEach (<anonymous>)
    at checkPrototypes (/home/warner/stuff/agoric/agoric-sdk/packages/SwingSet/node_modules/ses/dist/ses.cjs:153:20)
    at harden (/home/warner/stuff/agoric/agoric-sdk/packages/SwingSet/node_modules/ses/dist/ses.cjs:189:7)
    at Object.<anonymous> (/home/warner/stuff/agoric/agoric-sdk/packages/SwingSet/fail-harden-console.js:4:1)
    at Generator.next (<anonymous>)

I'm guessing that console's prototype is still pointing at the original Object, not the tamed one, and we replace Object with a tamed version, and the tamed Object's prototype is in the fringe.

I need this to create new Compartments, give them a console endowment, and then harden their globals:

const c = new Compartment({ console }, {}, {});
harden(c.global);
c.evaluate(confinedCodeThatUsesConsole);

I can work around this by wrapping console in a new object, which I used to do under old-SES to prevent Realm leakage, but it'd be nice if we didn't have to do that now.

[erights]

Experimenting just now, in Node, Chrome, Firefox, and Safari, I see agreement on a common behavior that I did not expect.

On all, the methods on console are own properties directly on the console object. Doesn't affect this issue, but surprising.

On all, console.__proto__ is an empty object that inherits from Object.prototype. I have no idea why that empty object appears on the prototype chain between console and Object.prototype nor why all browsers would precisely agree on this arrangement.

These symptoms look like they are about that empty object. Before you harden(console) above, first harden(console.__proto__). Does that solve the problem?

[warner]

Yep, that seems to fix it, at least within Node. Thanks!

Sounds like we don't need any changes in SES to accomodate this, but if we're building up some usage documentation, this would go nicely in a "How Do I Make x.. Work Under SES?" section.

[kriskowal]

Is there a reason harden doesn’t walk __proto__, at least in this case? My intuition is that this is a harden defect.

[erights]

Yes. Originally it did but we changed it. Let's talk tomorrow.

[michaelfig]

Is there a reason harden doesn’t walk __proto__, at least in this case? My intuition is that this is a harden defect.

@erights and @kriskowal, please attend to this, it may have fallen off your task list.

It is breaking SyntaxError error reporting in the REPL. Here's me typing in a single close-paren:

command[0] )
history[0]
working on eval())

which never produces a result.

The error reported in the agoric start console is:

web: POST inbound error: prototype [object Object] of unknown.args.1.loc is not already in the fringeSet from {
  "type": "doEval",
  "number": 0,
  "body": ")",
  "meta": {
    "origin": "http://127.0.0.1:8000",
    "query": {
      "isQuery": true
    },
    "url": "/private/repl",
    "date": 1611255331772
  }
}

[kriskowal]

It looks like the fix is sitting on main/master and ready to release. I’ll float that to the top of my tasks today.

[kriskowal]

This has been addressed and the fix released.