Finalizing v3.9.2

CHANGELOG.md

@@ -1,3 +1,9 @@
+v3.9.2 (2020-04-29)
+-------------------
+[new] Added NodeVM options to pass argv & env to process object (XmiliaH)
+[fix] Fixed breakouts in NodeVM (XmiliaH)
+[fix] Made async check more robust (XmiliaH)
+
 v3.9.1 (2020-03-29)
 -------------------
 [fix] Require helpers statically in main (XmiliaH)

LICENSE.md

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2014-2019 Patrik Simek and contributors
+Copyright (c) 2014-2020 Patrik Simek and contributors
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 

README.md

@@ -95,6 +95,7 @@ VM is a simple sandbox, without `require` feature, to synchronously run an untru
 * `compiler` - `javascript` (default) or `coffeescript` or custom compiler function. The library expects you to have coffee-script pre-installed if the compiler is set to `coffeescript`.
 * `eval` - If set to `false` any calls to `eval` or function constructors (`Function`, `GeneratorFunction`, etc) will throw an `EvalError` (default: `true`).
 * `wasm` -  If set to `false` any attempt to compile a WebAssembly module will throw a `WebAssembly.CompileError` (default: `true`).
+* `fixAsync` - If set to `true` any attempt to run code using async will throw a `VMError` (default: `false`).
 
 **IMPORTANT**: Timeout is only effective on synchronous code you run through `run`. Timeout is NOT effective on any method returned by VM. There're some situations when timeout doesn't work - see [#244](https://github.com/patriksimek/vm2/pull/244).
 
@@ -141,6 +142,8 @@ Unlike `VM`, `NodeVM` lets you require modules same way like in regular Node's c
 * `require.resolve` - An additional lookup function in case a module wasn't found in one of the traditional node lookup paths.
 * `nesting` - `true` to enable VMs nesting (default: `false`).
 * `wrapper` - `commonjs` (default) to wrap script into CommonJS wrapper, `none` to retrieve value returned by the script.
+* `argv` - Array to be passed to `process.argv`.
+* `env` - Object to be passed to `process.env`.
 
 **IMPORTANT**: Timeout is not effective for NodeVM so it is not immune to `while (true) {}` or similar evil.
 

index.d.ts

@@ -51,9 +51,13 @@ export interface VMOptions {
    */
   eval?: boolean;
   /**
-   * - If set to `false` any attempt to compile a WebAssembly module will throw a `WebAssembly.CompileError` (default: `true`).
+   * If set to `false` any attempt to compile a WebAssembly module will throw a `WebAssembly.CompileError` (default: `true`).
    */
   wasm?: boolean;
+  /**
+   * If set to `true` any attempt to run code using async will throw a `VMError` (default: `false`).
+   */
+  fixAsync?: boolean;
 }
 
 /**

lib/main.js

@@ -53,6 +53,11 @@ function loadAndCompileScript(filename, prefix, suffix) {
  * @property {?vm.Script} timeoutScript - The compiled script used for the timeout functionality of null if not yet used.
  * @property {vm.Script} contextifyScript - The compiled script used to setup a sandbox.
  * @property {?vm.Script} sandboxScript - The compiled script used to setup the NodeVM require mechanism of null if not yet used.
+ * @property {?vm.Script} hookScript - The compiled script used to setup the async hooking functionality.
+ * @property {?vm.Script} getGlobalScript - The compiled script used to get the global sandbox object.
+ * @property {?vm.Script} getGeneratorFunctionScript - The compiled script used to get the generator function constructor.
+ * @property {?vm.Script} getAsyncFunctionScript - The compiled script used to get the async function constructor.
+ * @property {?vm.Script} getAsyncGeneratorFunctionScript - The compiled script used to get the async generator function constructor.
  */
 const CACHE = {
 	coffeeScriptCompiler: null,
@@ -157,7 +162,7 @@ class VMScript {
 	 * 
 	 * @public
 	 * @readonly
-	 * @since v3.8.5
+	 * @since v3.9.0
 	 * @member {string} filename
 	 * @memberOf VMScript#
 	 */
@@ -167,7 +172,7 @@ class VMScript {
 	 * 
 	 * @public
 	 * @readonly
-	 * @since v3.8.5
+	 * @since v3.9.0
 	 * @member {number} lineOffset
 	 * @memberOf VMScript#
 	 */
@@ -177,7 +182,7 @@ class VMScript {
 	 * 
 	 * @public
 	 * @readonly
-	 * @since v3.8.5
+	 * @since v3.9.0
 	 * @member {number} columnOffset
 	 * @memberOf VMScript#
 	 */
@@ -187,7 +192,7 @@ class VMScript {
 	 * 
 	 * @public
 	 * @readonly
-	 * @since v3.8.5
+	 * @since v3.9.0
 	 * @member {(string|compileCallback)} compiler
 	 * @memberOf VMScript#
 	 */
@@ -346,7 +351,7 @@ class VMScript {
 	 * Will invalidate the code cache.
 	 *
 	 * @public
-	 * @deprecated Since v3.8.5. Wrap your code before passing it into the VMScript object.
+	 * @deprecated Since v3.9.0. Wrap your code before passing it into the VMScript object.
 	 * @param {string} prefix - String that will be appended before the script code.
 	 * @param {script} suffix - String that will be appended behind the script code.
 	 * @return {this} This for chaining.
@@ -468,6 +473,13 @@ function doWithTimeout(fn, timeout) {
 	}
 }
 
+/**
+ * Creates the hook to check for the use of async.
+ * 
+ * @private
+ * @param {*} internal - The interal vm object.
+ * @return {*} The hook function
+ */
 function makeCheckAsync(internal) {
 	return (hook, args) => {
 		if (hook === 'function' || hook === 'generator_function' || hook === 'eval' || hook === 'run') {
@@ -516,7 +528,7 @@ class VM extends EventEmitter {
 	 * The timeout for {@link VM#run} calls.
 	 *
 	 * @public
-	 * @since v3.8.5
+	 * @since v3.9.0
 	 * @member {number} timeout
 	 * @memberOf VM#
 	 */
@@ -526,7 +538,7 @@ class VM extends EventEmitter {
 	 *
 	 * @public
 	 * @readonly
-	 * @since v3.8.5
+	 * @since v3.9.0
 	 * @member {Object} sandbox
 	 * @memberOf VM#
 	 */
@@ -536,7 +548,7 @@ class VM extends EventEmitter {
 	 * 
 	 * @public
 	 * @readonly
-	 * @since v3.8.5
+	 * @since v3.9.0
 	 * @member {(string|compileCallback)} compiler
 	 * @memberOf VM#
 	 */
@@ -568,6 +580,16 @@ class VM extends EventEmitter {
 	 * @memberOf VM#
 	 */
 
+	/**
+	 * The hook called when some events occurs.
+	 * 
+	 * @private
+	 * @readonly
+	 * @since v3.9.2
+	 * @member {Function} _hook
+	 * @memberOf VM#
+	 */
+
 	/**
 	 * Create a new VM instance.
 	 *
@@ -701,7 +723,7 @@ class VM extends EventEmitter {
 	 * Adds all the values to the globals.
 	 * 
 	 * @public
-	 * @since v3.8.5
+	 * @since v3.9.0
 	 * @param {Object} values - All values that will be added to the globals.
 	 * @return {this} This for chaining.
 	 * @throws {*} If the setter of a global throws an exception it is propagated. And the remaining globals will not be written.
@@ -719,7 +741,7 @@ class VM extends EventEmitter {
 	 * Set a global value.
 	 * 
 	 * @public
-	 * @since v3.8.5
+	 * @since v3.9.0
 	 * @param {string} name - The name of the global.
 	 * @param {*} value - The value of the global.
 	 * @return {this} This for chaining.
@@ -734,7 +756,7 @@ class VM extends EventEmitter {
 	 * Get a global value.
 	 * 
 	 * @public
-	 * @since v3.8.5
+	 * @since v3.9.0
 	 * @param {string} name - The name of the global.
 	 * @return {*} The value of the global.
 	 * @throws {*} If the getter of the global throws an exception it is propagated.
@@ -837,7 +859,7 @@ class VM extends EventEmitter {
 	 * Run the code in VM.
 	 *
 	 * @public
-	 * @since v3.8.5
+	 * @since v3.9.0
 	 * @param {string} filename - Filename of file to load and execute in a NodeVM.
 	 * @return {*} Result of executed code.
 	 * @throws {Error} If filename is not a valid filename.

package.json

@@ -13,7 +13,7 @@
     "alcatraz",
     "contextify"
   ],
-  "version": "3.9.1",
+  "version": "3.9.2",
   "main": "index.js",
   "repository": "github:patriksimek/vm2",
   "license": "MIT",