fix(ses): missing native function markings

endojs · Jun 17, 2023 · 98b9698 · 98b9698
1 parent 4a501cf
commit 98b9698
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 7 deletions.
diff --git a/packages/ses/src/lockdown-shim.js b/packages/ses/src/lockdown-shim.js
@@ -250,6 +250,10 @@ export const repairIntrinsics = (options = {}) => {
 
   tameDomains(domainTaming);
 
+  // Replace Function.prototype.toString with one that recognizes
+  // shimmed functions as honorary native functions.
+  const markVirtualizedNativeFunction = tameFunctionToString();
+
   const { addIntrinsics, completePrototypes, finalIntrinsics } =
     makeIntrinsicsCollector();
 
@@ -304,10 +308,6 @@ export const repairIntrinsics = (options = {}) => {
   // Replace *Locale* methods with their non-locale equivalents
   tameLocaleMethods(intrinsics, localeTaming);
 
-  // Replace Function.prototype.toString with one that recognizes
-  // shimmed functions as honorary native functions.
-  const markVirtualizedNativeFunction = tameFunctionToString();
-
   /**
    * 2. WHITELIST to standardize the environment.
    */

diff --git a/packages/ses/src/permits-intrinsics.js b/packages/ses/src/permits-intrinsics.js
@@ -240,7 +240,6 @@ export default function whitelistIntrinsics(
     }
 
     if (typeof obj === 'function') {
-      markVirtualizedNativeFunction(obj);
       if (objectHasOwnProperty(FunctionInstance, permitProp)) {
         return FunctionInstance[permitProp];
       }
@@ -261,6 +260,10 @@ export default function whitelistIntrinsics(
     const protoName = permit['[[Proto]]'];
     visitPrototype(path, obj, protoName);
 
+    if (typeof obj === 'function') {
+      markVirtualizedNativeFunction(obj);
+    }
+
     for (const prop of ownKeys(obj)) {
       const propString = asStringPropertyName(path, prop);
       const subPath = `${path}.${propString}`;

diff --git a/packages/ses/src/permits.js b/packages/ses/src/permits.js
@@ -481,9 +481,9 @@ export const permitted = {
     constructor: '%InertFunction%',
     toString: fn,
     '@@hasInstance': fn,
-    // proposed but not yet std yet. To be removed if there
+    // proposed but not yet std. To be removed if there
     caller: false,
-    // proposed but not yet std yet. To be removed if there
+    // proposed but not yet std. To be removed if there
     arguments: false,
   },
 

diff --git a/packages/ses/test/test-evalTaming-default.js b/packages/ses/test/test-evalTaming-default.js
@@ -16,4 +16,6 @@ test('safe eval when evalTaming is undefined.', t => {
   compartment.evaluate('(1, eval)("1 + 1")');
   // eslint-disable-next-line no-eval
   t.is(eval.toString(), 'function eval() { [native code] }');
+  // eslint-disable-next-line no-eval
+  t.is(eval.toString.toString(), 'function toString() { [native code] }');
 });