Skip to content

Commit

Permalink
Add tests for past vulnerabilities
Browse files Browse the repository at this point in the history
  • Loading branch information
XmiliaH committed May 15, 2023
1 parent f5a129a commit 587bb13
Showing 1 changed file with 33 additions and 0 deletions.
33 changes: 33 additions & 0 deletions test/vm.js
Original file line number Diff line number Diff line change
Expand Up @@ -659,6 +659,22 @@ describe('VM', () => {
if (!(Object.keys(boom) instanceof Array)) throw new Error('Shouldnt be there.');
if (!(Reflect.ownKeys(boom) instanceof Array)) throw new Error('Shouldnt be there.');
`));

assert.throws(() => vm2.run(`
const proxiedErr = new Proxy({}, {
getPrototypeOf(target) {
(function stack() {
new Error().stack;
stack();
})();
}
});
try {
throw proxiedErr;
} catch ({constructor: c}) {
c.constructor('return process')();
}
`), /Maximum call stack size exceeded/, '#9');
});

it('internal state attack', () => {
Expand Down Expand Up @@ -1127,6 +1143,23 @@ describe('VM', () => {
});
});

it('transformer attack', () => {
const vm2 = new VM();

assert.throws(()=>vm2.run(`
aVM2_INTERNAL_TMPNAME = {};
function stack() {
new Error().stack;
stack();
}
try {
stack();
} catch (a$tmpname) {
a$tmpname.constructor.constructor('return process')();
}
`), /process is not defined/);
});

after(() => {
vm = null;
});
Expand Down

0 comments on commit 587bb13

Please sign in to comment.