From a26274da92e3e0e7d2d00c431752f2a875c9216e Mon Sep 17 00:00:00 2001 From: Sahil Kandhare Date: Tue, 11 Jul 2023 18:59:29 +0530 Subject: [PATCH 1/3] =?UTF-8?q?=F0=9F=90=9E=20Fix:=20Added=20strict=20equa?= =?UTF-8?q?lity=20(=3D=3D=3D)=20wherever=20req.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Expressions/Binary_expression.ts | 42 +++++++++---------- .../Expressions/Boolean_expression.ts | 6 +-- .../Expressions/Comparison_expression.ts | 24 +++++------ .../Interpreter/Expressions/Expressions.ts | 12 +++--- .../Conditional_Jump/Switch_case.ts | 4 +- .../Interpreter/Statements/Loop/For_loop.ts | 2 +- BackEnd/Scope/environment.ts | 2 +- FrontEnd/Parser.ts | 25 +++++------ FrontEnd/lexer.ts | 2 +- 9 files changed, 60 insertions(+), 59 deletions(-) diff --git a/BackEnd/Interpreter/Expressions/Binary_expression.ts b/BackEnd/Interpreter/Expressions/Binary_expression.ts index 93a3824..3b39f59 100644 --- a/BackEnd/Interpreter/Expressions/Binary_expression.ts +++ b/BackEnd/Interpreter/Expressions/Binary_expression.ts @@ -16,16 +16,16 @@ export const evaluate_numeric_binary_expression = ( operator: string, ): NumberVal => { let result: number; - if (operator == "+") { + if (operator === "+") { result = lhs.value + rhs.value; - } else if (operator == "-") { + } else if (operator === "-") { result = lhs.value - rhs.value; - } else if (operator == "*") { + } else if (operator === "*") { result = lhs.value * rhs.value; - } else if (operator == "/") { + } else if (operator === "/") { // TODO: Division by zero check result = lhs.value / rhs.value; - } else if (operator == "^") { + } else if (operator === "^") { result = Math.pow(lhs.value, rhs.value); } else { result = lhs.value % rhs.value; @@ -46,16 +46,16 @@ export const evaluate_numeric_string_binary_expression = ( operator: string, ): StringVal => { let result: string; - if (operator == "+") { + if (operator === "+") { result = lhs.value + rhs.value; - } else if (operator == "-") { + } else if (operator === "-") { result = "NaN"; - } else if (operator == "*") { + } else if (operator === "*") { result = rhs.value; while (--lhs.value) { result += rhs.value; } - } else if (operator == "/") { + } else if (operator === "/") { result = "NaN"; } else { result = "NaN"; @@ -76,16 +76,16 @@ export const evaluate_string_numeric_binary_expression = ( operator: string, ): StringVal => { let result: string; - if (operator == "+") { + if (operator === "+") { result = lhs.value + rhs.value; - } else if (operator == "-") { + } else if (operator === "-") { result = "NaN"; - } else if (operator == "*") { + } else if (operator === "*") { result = lhs.value; while (--rhs.value) { result += lhs.value; } - } else if (operator == "/") { + } else if (operator === "/") { result = "NaN"; } else { result = "NaN"; @@ -106,13 +106,13 @@ export const evaluate_string_binary_expression = ( operator: string, ): StringVal => { let result: string; - if (operator == "+") { + if (operator === "+") { result = lhs.value + rhs.value; - } else if (operator == "-") { + } else if (operator === "-") { result = "NaN"; - } else if (operator == "*") { + } else if (operator === "*") { result = "NaN"; - } else if (operator == "/") { + } else if (operator === "/") { result = "NaN"; } else { result = "NaN"; @@ -132,25 +132,25 @@ export const evaluate_binary_expression = ( const LHS = evaluate(binop.left, env); const RHS = evaluate(binop.right, env); - if (LHS.type == "number" && RHS.type == "number") { + if (LHS.type === "number" && RHS.type === "number") { return evaluate_numeric_binary_expression( LHS as NumberVal, RHS as NumberVal, binop.operator, ); - } else if (LHS.type == "number" && RHS.type == "string") { + } else if (LHS.type === "number" && RHS.type === "string") { return evaluate_numeric_string_binary_expression( LHS as NumberVal, RHS as StringVal, binop.operator, ); - } else if (LHS.type == "string" && RHS.type == "number") { + } else if (LHS.type === "string" && RHS.type === "number") { return evaluate_string_numeric_binary_expression( LHS as StringVal, RHS as NumberVal, binop.operator, ); - } else if (LHS.type == "string" && RHS.type == "string") { + } else if (LHS.type === "string" && RHS.type === "string") { return evaluate_string_binary_expression( LHS as StringVal, RHS as StringVal, diff --git a/BackEnd/Interpreter/Expressions/Boolean_expression.ts b/BackEnd/Interpreter/Expressions/Boolean_expression.ts index a45f273..bca8ed7 100644 --- a/BackEnd/Interpreter/Expressions/Boolean_expression.ts +++ b/BackEnd/Interpreter/Expressions/Boolean_expression.ts @@ -16,7 +16,7 @@ export const evaluate_boolean_logical_expression = ( operator: string, ): BooleanVal => { let result: boolean; - if (operator == "&&" || operator == "and") { + if (operator === "&&" || operator === "and") { result = lhs.value && rhs.value; } else { result = lhs.value || rhs.value; @@ -36,7 +36,7 @@ export const evaluate_logical_expression = ( const LHS = evaluate(logic.left, env); const RHS = evaluate(logic.right, env); - if (LHS.type == "boolean" && RHS.type == "boolean") { + if (LHS.type === "boolean" && RHS.type === "boolean") { return evaluate_boolean_logical_expression( LHS as BooleanVal, RHS as BooleanVal, @@ -69,7 +69,7 @@ export const evaluate_unary_expr = ( env: Environment, ): RuntimeVal => { const expression = evaluate(expr.argument, env); - if (expression.type == "boolean") { + if (expression.type === "boolean") { return evaluate_boolean_unary_expression( expression as BooleanVal, ); diff --git a/BackEnd/Interpreter/Expressions/Comparison_expression.ts b/BackEnd/Interpreter/Expressions/Comparison_expression.ts index 423fb71..2064b7a 100644 --- a/BackEnd/Interpreter/Expressions/Comparison_expression.ts +++ b/BackEnd/Interpreter/Expressions/Comparison_expression.ts @@ -22,15 +22,15 @@ export const evaluate_numeric_comparison_expression = ( operator: string, ): BooleanVal => { let result: boolean; - if (operator == "==") { + if (operator === "==") { result = lhs.value === rhs.value; - } else if (operator == "!=") { + } else if (operator === "!=") { result = lhs.value !== rhs.value; - } else if (operator == "<") { + } else if (operator === "<") { result = lhs.value < rhs.value; - } else if (operator == ">") { + } else if (operator === ">") { result = lhs.value > rhs.value; - } else if (operator == "<=") { + } else if (operator === "<=") { result = lhs.value <= rhs.value; } else { result = lhs.value >= rhs.value; @@ -51,15 +51,15 @@ export const evaluate_string_comparison_expression = ( operator: string, ): BooleanVal => { let result: boolean; - if (operator == "==") { + if (operator === "==") { result = lhs.value === rhs.value; - } else if (operator == "!=") { + } else if (operator === "!=") { result = lhs.value !== rhs.value; - } else if (operator == "<") { + } else if (operator === "<") { result = lhs.value < rhs.value; - } else if (operator == ">") { + } else if (operator === ">") { result = lhs.value > rhs.value; - } else if (operator == "<=") { + } else if (operator === "<=") { result = lhs.value <= rhs.value; } else { result = lhs.value >= rhs.value; @@ -79,7 +79,7 @@ export const evaluate_comparison_expression = ( const LHS = evaluate(comp.left, env); const RHS = evaluate(comp.right, env); - if (LHS.type == "number" && RHS.type == "number") { + if (LHS.type === "number" && RHS.type === "number") { return evaluate_numeric_comparison_expression( LHS as NumberVal, RHS as NumberVal, @@ -87,7 +87,7 @@ export const evaluate_comparison_expression = ( ); } - if (LHS.type == "string" && RHS.type == "string") { + if (LHS.type === "string" && RHS.type === "string") { return evaluate_string_comparison_expression( LHS as StringVal, RHS as StringVal, diff --git a/BackEnd/Interpreter/Expressions/Expressions.ts b/BackEnd/Interpreter/Expressions/Expressions.ts index 7197424..d4c00fc 100644 --- a/BackEnd/Interpreter/Expressions/Expressions.ts +++ b/BackEnd/Interpreter/Expressions/Expressions.ts @@ -30,7 +30,7 @@ export const evaluate_call_expression = ( const args = expr.args.map((arg) => evaluate(arg, env)); const fn = evaluate(expr.caller, env); - if (fn.type == "native-fn") { + if (fn.type === "native-fn") { const result = (fn as NativeFnVal).call(args, env); return result; } @@ -47,17 +47,17 @@ export const evaluate_assignment_expression = ( node: AssignmentExpression, env: Environment, ): RuntimeVal => { - if (node.assignee.kind == "Identifier") { + if (node.assignee.kind === "Identifier") { const varname = (node.assignee as Identifier).symbol; const value = evaluate(node.val, env); return env.assignVar(varname, value); } - if (node.assignee.kind == "MemberExpr") { + if (node.assignee.kind === "MemberExpr") { const rhs = evaluate(node.val, env) as RuntimeVal; let rhs_value; - if (rhs.type == "number") { + if (rhs.type === "number") { rhs_value = (rhs as NumberVal).value; - } else if (rhs.type == "string") { + } else if (rhs.type === "string") { rhs_value = (rhs as StringVal).value; } const assigner = (node.assignee) as MemberExpr; @@ -71,7 +71,7 @@ export const evaluate_assignment_expression = ( const object = evaluate(assigner.object, env) as ArrayVal; if (object.type === "array") { const array = object.values; - if (rhs.type == "number") { + if (rhs.type === "number") { array[index_val] = { kind: "NumericLiteral", value: rhs_value } as Expr; } else { array[index_val] = { kind: "StringLiteral", value: rhs_value } as Expr; diff --git a/BackEnd/Interpreter/Statements/Conditional_Jump/Switch_case.ts b/BackEnd/Interpreter/Statements/Conditional_Jump/Switch_case.ts index 3b68e4a..beef031 100644 --- a/BackEnd/Interpreter/Statements/Conditional_Jump/Switch_case.ts +++ b/BackEnd/Interpreter/Statements/Conditional_Jump/Switch_case.ts @@ -24,7 +24,7 @@ export const evaluate_switch_statement = ( if (discriminant.type === "number") { for (const switchCase of switchStmt.cases) { const test = evaluate(switchCase.test, env); - if (test.type == "number") { + if (test.type === "number") { const value = (test as NumberVal).value; const discriminant_val = (discriminant as NumberVal).value; if (value === discriminant_val) { @@ -59,7 +59,7 @@ export const evaluate_switch_statement = ( } else if (discriminant.type === "string") { for (const switchCase of switchStmt.cases) { const test = evaluate(switchCase.test, env); - if (test.type == "string") { + if (test.type === "string") { const value = (test as StringVal).value; const discriminant_val = (discriminant as StringVal).value; if (value === discriminant_val) { diff --git a/BackEnd/Interpreter/Statements/Loop/For_loop.ts b/BackEnd/Interpreter/Statements/Loop/For_loop.ts index be0103a..f3419de 100644 --- a/BackEnd/Interpreter/Statements/Loop/For_loop.ts +++ b/BackEnd/Interpreter/Statements/Loop/For_loop.ts @@ -17,7 +17,7 @@ export const evaluate_for_loop_statement = ( const start = evaluate(stmt.start, env) as NumberVal; const end = evaluate(stmt.end, env) as NumberVal; let step: NumberVal; - if (stmt.step == undefined) { + if (stmt.step === undefined) { step = { value: 1, type: "number" }; } else { step = evaluate(stmt.step as NumericLiteral, env) as NumberVal; diff --git a/BackEnd/Scope/environment.ts b/BackEnd/Scope/environment.ts index 2fcccd8..55ae711 100644 --- a/BackEnd/Scope/environment.ts +++ b/BackEnd/Scope/environment.ts @@ -80,7 +80,7 @@ export default class Environment { if (this.variables.has(varname)) { return this; } - if (this.parent == undefined) { + if (this.parent === undefined) { throw `cannot resolve ${varname} in the scope.`; } return this.parent.resolveScope(varname); diff --git a/FrontEnd/Parser.ts b/FrontEnd/Parser.ts index 935aeda..befc780 100644 --- a/FrontEnd/Parser.ts +++ b/FrontEnd/Parser.ts @@ -497,13 +497,13 @@ export default class Parser { * @throws {Error} If there are syntax errors or missing tokens in the statement. */ private parse_var_declaration(): Stmt { - const isConstant = this.eat().type == TokenType.NewEternal; + const isConstant = this.eat().type === TokenType.NewEternal; const identifier = this.expect( TokenType.Identifier, "Expected identifier name while declaration", ).value; - if (this.at().type == TokenType.Semicolon) { + if (this.at().type === TokenType.Semicolon) { // Consume semicolon this.eat(); if (isConstant) { @@ -557,7 +557,7 @@ export default class Parser { */ private parse_assignment_expr(): Expr { const left = this.parse_logical_expr(); - if (this.at().type == TokenType.Equals) { + if (this.at().type === TokenType.Equals) { // Consume the equals token we just found this.eat(); @@ -588,7 +588,7 @@ export default class Parser { private parse_logical_expr(): Expr { let left = this.parse_comparison_expr(); - while (this.at().type == TokenType.LogicalOperator) { + while (this.at().type === TokenType.LogicalOperator) { const operator = this.eat().value; const right = this.parse_comparison_expr(); @@ -611,7 +611,7 @@ export default class Parser { let left = this.parse_additive_expr(); while ( - this.at().type == TokenType.ComparisonOperator + this.at().type === TokenType.ComparisonOperator ) { const operator = this.eat().value; // Consume the comparison operator token const right = this.parse_additive_expr(); // Parse the right-hand side of the comparison @@ -638,7 +638,7 @@ export default class Parser { let left = this.parse_multiplicative_expr(); // Pase operator - while (this.at().value == "+" || this.at().value == "-") { + while (this.at().value === "+" || this.at().value === "-") { const operator = this.eat().value; const right = this.parse_multiplicative_expr(); @@ -661,7 +661,8 @@ export default class Parser { // Pase operator while ( - this.at().value == "*" || this.at().value == "/" || this.at().value == "%" + this.at().value === "*" || this.at().value === "/" || + this.at().value === "%" ) { const operator = this.eat().value; const right = this.parse_exponential_expr(); @@ -685,7 +686,7 @@ export default class Parser { // Pase operator while ( - this.at().value == "^" + this.at().value === "^" ) { const operator = this.eat().value; const right = this.parse_call_member_expr(); @@ -709,7 +710,7 @@ export default class Parser { private parse_call_member_expr(): Expr { const member = this.parse_member_expr(); - if (this.at().type == TokenType.OpenParen) { + if (this.at().type === TokenType.OpenParen) { return this.parse_call_expr(member); } return member; @@ -729,7 +730,7 @@ export default class Parser { args: this.parse_args(), } as CallExpr; - if (this.at().type == TokenType.OpenParen) { + if (this.at().type === TokenType.OpenParen) { call_expr = this.parse_call_expr(call_expr); } @@ -744,7 +745,7 @@ export default class Parser { */ private parse_args(): Expr[] { this.expect(TokenType.OpenParen, `Expected open parenthesis`); - const args = this.at().type == TokenType.CloseParen + const args = this.at().type === TokenType.CloseParen ? [] : this.parse_arguments_list(); @@ -761,7 +762,7 @@ export default class Parser { private parse_arguments_list(): Expr[] { const args = [this.parse_assignment_expr()]; - while (this.at().type == TokenType.Comma && this.eat()) { + while (this.at().type === TokenType.Comma && this.eat()) { args.push(this.parse_assignment_expr()); } diff --git a/FrontEnd/lexer.ts b/FrontEnd/lexer.ts index db8cc4c..b081e2d 100644 --- a/FrontEnd/lexer.ts +++ b/FrontEnd/lexer.ts @@ -239,7 +239,7 @@ export function tokenize(sourceCode: string): Token[] { } // Check for keywords const reserved: TokenType = KEYWORDS[id]; - if (typeof reserved == "number") { + if (typeof reserved === "number") { tokens.push(getToken(id, reserved)); } else { // unreserved means user defined identifier From 96d3b87431af7ddd2e80bd43a22f59a7a0cb7b23 Mon Sep 17 00:00:00 2001 From: Sahil Kandhare Date: Tue, 11 Jul 2023 19:08:31 +0530 Subject: [PATCH 2/3] =?UTF-8?q?=F0=9F=90=9E=20Fix:=20Added=20strict=20ineq?= =?UTF-8?q?uality=20(!=3D=3D)=20check?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- FrontEnd/Parser.ts | 4 ++-- FrontEnd/lexer.ts | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/FrontEnd/Parser.ts b/FrontEnd/Parser.ts index befc780..1ca2d50 100644 --- a/FrontEnd/Parser.ts +++ b/FrontEnd/Parser.ts @@ -50,7 +50,7 @@ export default class Parser { * @returns A boolean indicating if there are more tokens. */ private not_eof(): boolean { - return this.tokens[0].type != TokenType.EOF; + return this.tokens[0].type !== TokenType.EOF; } /** @@ -79,7 +79,7 @@ export default class Parser { */ private expect(type: TokenType, err: string) { const prev = this.tokens.shift() as Token; - if (!prev || prev.type != type) { + if (!prev || prev.type !== type) { console.error("Parser Error: \n", err, prev, "- Expecting: ", type); Deno.exit(1); } diff --git a/FrontEnd/lexer.ts b/FrontEnd/lexer.ts index b081e2d..c345382 100644 --- a/FrontEnd/lexer.ts +++ b/FrontEnd/lexer.ts @@ -111,7 +111,7 @@ function isAlphabet(src: string): boolean { const c = src.charCodeAt(0); const underscore = "_".charCodeAt(0); return ( - src.toUpperCase() != src.toLowerCase() || + src.toUpperCase() !== src.toLowerCase() || c === underscore ); } From 308ab22d79ffe355ca8a89562179c45a94cf7623 Mon Sep 17 00:00:00 2001 From: Sahil Kandhare Date: Tue, 11 Jul 2023 19:33:38 +0530 Subject: [PATCH 3/3] =?UTF-8?q?=F0=9F=94=90=20Updated=20Security=20Policy?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- SECURITY.md | 39 ++++++++++++++++++++++++++------------- 1 file changed, 26 insertions(+), 13 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index d906fed..921dccf 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,20 +1,33 @@ # Security Policy -## Supported Versions +## Security considerations -Use this section to tell people about which versions of your project are -currently being supported with security updates. +When writing AssembleScript scripts, it is important to be aware of the +following security considerations: -| Version | Supported | -| ------- | ------------------ | -| 5.1.x | :white_check_mark: | -| 5.0.x | :x: | -| 4.0.x | :white_check_mark: | -| < 4.0 | :x: | +- Do not use AssembleScript to execute code that you do not trust. +- Use caution when importing modules from third-party sources. +- Be aware of the potential for AssembleScript scripts to be used for malicious + purposes. -## Reporting a Vulnerability +## Reporting security vulnerabilities -Use this section to tell people how to report a vulnerability. +If you believe that you have found a security vulnerability in AssembleScript, +please report it to the project maintainers by opening an issue on the GitHub +repository. -Tell them where to go, how often they can expect to get an update on a reported -vulnerability, what to expect if the vulnerability is accepted or declined, etc. +## Security updates + +The AssembleScript project will periodically release security updates to address +known vulnerabilities. It is important to keep your AssembleScript installation +up to date to ensure that you are protected against the latest threats. + +## Reporting security vulnerabilities + +If you believe that you have found a security vulnerability in AssembleScript, +please report it to the project's team via discussions. + +The security team will investigate your report and take appropriate action to +address the vulnerability. + +Thank you for helping to keep AssembleScript secure.