feat(core): add overrideTaming: 'severe' for improved developer exper…

…ience under lavamoat
LavaMoat · Sep 26, 2023 · 6a5bdbb · 6a5bdbb
1 parent 80a2272
commit 6a5bdbb
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 22 deletions.
diff --git a/packages/browserify/test/globals.spec.js b/packages/browserify/test/globals.spec.js
@@ -1,11 +1,6 @@
 const test = require('ava')
-const {
-  runScenario,
-  createBrowserifyScenarioFromScaffold,
-} = require('./util')
-const {
-  runAndTestScenario,
-} = require('lavamoat-core/test/util.js')
+const { runScenario, createBrowserifyScenarioFromScaffold } = require('./util')
+const { runAndTestScenario } = require('lavamoat-core/test/util.js')
 
 // TODO: this should be resolving to a browserify dependency
 // eslint-disable-next-line ava/no-skip-test
@@ -27,3 +22,14 @@ test('globals - process is properly injected', async (t) => {
   })
   await runAndTestScenario(t, scenario, runScenario)
 })
+
+test('globals - basic override mistake taming is on', async (t) => {
+  const scenario = createBrowserifyScenarioFromScaffold({
+    defineOne: () => {
+      Object.assign({}, { constructor: () => 1 })
+      module.exports = 1
+    },
+    expectedResult: 1,
+  })
+  await runAndTestScenario(t, scenario, runScenario)
+})
diff --git a/packages/core/src/kernelTemplate.js b/packages/core/src/kernelTemplate.js
@@ -60,6 +60,8 @@
       errorTaming: 'unsafe',
       // shows the full call stack
       stackFiltering: 'verbose',
+      // prevents most common override mistake cases from triping up users
+      overrideTaming: 'severe',
     }
 
     lockdown(lockdownOptions)

diff --git a/packages/node/test/globals.spec.js b/packages/node/test/globals.spec.js
@@ -5,17 +5,13 @@ const { createScenarioFromScaffold } = require('lavamoat-core/test/util')
 test('globals - has only the expected global circular refs', async (t) => {
   const scenario = createScenarioFromScaffold({
     defineOne: () => {
-      const circularKeys = Reflect.ownKeys(globalThis)
-        .filter(key => {
-          const value = globalThis[key]
-          return value === globalThis
-        })
+      const circularKeys = Reflect.ownKeys(globalThis).filter((key) => {
+        const value = globalThis[key]
+        return value === globalThis
+      })
       module.exports = circularKeys
     },
-    expectedResult: [
-      'global',
-      'globalThis',
-    ],
+    expectedResult: ['global', 'globalThis'],
   })
   const testResult = await runScenario({ scenario })
   t.is(Array.isArray(testResult), true)
@@ -29,14 +25,14 @@ test('globalRef - globalRef - check default containment', async (t) => {
     defineOne: () => {
       const testResults = {}
       try {
-        testResults.objCheckThis = this.Object === Object 
-      } catch (_) { }
+        testResults.objCheckThis = this.Object === Object
+      } catch (_) {}
       try {
-        testResults.objCheckGlobal = global.Object === Object 
-      } catch (_) { }
+        testResults.objCheckGlobal = global.Object === Object
+      } catch (_) {}
       try {
-        testResults.thisIsExports = exports === this 
-      } catch (_) { }
+        testResults.thisIsExports = exports === this
+      } catch (_) {}
       module.exports = testResults
     },
     expectedResult: {
@@ -48,3 +44,15 @@ test('globalRef - globalRef - check default containment', async (t) => {
   const testResult = await runScenario({ scenario })
   scenario.checkResult(t, testResult, scenario)
 })
+
+test('globals - basic override mistake taming is on', async (t) => {
+  const scenario = createScenarioFromScaffold({
+    defineOne: () => {
+      Object.assign({}, { constructor: () => 1 })
+      module.exports = 1
+    },
+    expectedResult: 1,
+  })
+  const testResult = await runScenario({ scenario })
+  scenario.checkResult(t, testResult, scenario)
+})