throw when sandbox escape attempt is detected

n8n-io · Oct 6, 2023 · 748082d · 748082d
1 parent 5b2e81f
commit 748082d
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 4 deletions.
diff --git a/lib/setup-sandbox.js b/lib/setup-sandbox.js
@@ -33,7 +33,7 @@ const PromiseCtor = Promise;
 const speciesSymbol = Symbol.species;
 const localReflectApply = (target, thisArg, args) => {
 	if (thisArg instanceof PromiseCtor && thisArg.constructor[speciesSymbol] !== PromiseCtor) {
-		Object.defineProperty(thisArg.constructor, speciesSymbol, { value: PromiseCtor });
+		throw new Error('Sandbox escape attempt blocked');
 	}
 	return apply(target, thisArg, args);
 };

diff --git a/test/vm.js b/test/vm.js
@@ -1162,7 +1162,7 @@ describe('VM', () => {
 
 	it('[Symbol.species] attack', async () => {
 		const vm2 = new VM();
-		const promise = vm2.run(`
+		assert.throws(()=> vm2.run(`
 		class WrappedPromise extends Promise {
 			constructor(executor) {
 				super((resolve) => resolve(42));
@@ -1172,8 +1172,7 @@ describe('VM', () => {
 		const promise = new Promise((resolve, reject) => resolve(41));
 		promise.constructor = { [Symbol.species]: WrappedPromise };
 		promise.then();
-		`);
-		assert.strictEqual(await promise, 41);
+		`), /Sandbox escape attempt blocked/);
 	});
 
 	after(() => {