From 20126264c3de58ca1bfaee68ff626e26fa70540d Mon Sep 17 00:00:00 2001 From: kumavis Date: Fri, 11 Oct 2024 11:38:55 -1000 Subject: [PATCH] fix(ses): reject unsupported lockdownOptions mathTaming + dateTaming --- packages/ses/NEWS.md | 4 ++++ packages/ses/src/lockdown.js | 6 ++---- packages/ses/src/tame-date-constructor.js | 5 +---- packages/ses/src/tame-math-object.js | 5 +---- packages/ses/test/_lockdown-unsafe.js | 2 -- packages/ses/test/lockdown-options.test.js | 14 ++++++++++++-- packages/ses/types.d.ts | 2 -- packages/ses/types.test-d.ts | 2 -- 8 files changed, 20 insertions(+), 20 deletions(-) diff --git a/packages/ses/NEWS.md b/packages/ses/NEWS.md index 0949ed7339..c5df1922dc 100644 --- a/packages/ses/NEWS.md +++ b/packages/ses/NEWS.md @@ -1,5 +1,9 @@ User-visible changes in `ses`: +# Unreleased + +- Specifying the long discontinued `mathTaming` or `dateTaming` options throws an Error. + # v1.9.0 (2024-10-10) - On platforms without diff --git a/packages/ses/src/lockdown.js b/packages/ses/src/lockdown.js index 56f5bcad0d..54870c21f2 100644 --- a/packages/ses/src/lockdown.js +++ b/packages/ses/src/lockdown.js @@ -188,8 +188,6 @@ export const repairIntrinsics = (options = {}) => { 'safe', ), __hardenTaming__ = getenv('LOCKDOWN_HARDEN_TAMING', 'safe'), - dateTaming = 'safe', // deprecated - mathTaming = 'safe', // deprecated ...extraOptions } = options; @@ -281,9 +279,9 @@ export const repairIntrinsics = (options = {}) => { addIntrinsics(tameFunctionConstructors()); - addIntrinsics(tameDateConstructor(dateTaming)); + addIntrinsics(tameDateConstructor()); addIntrinsics(tameErrorConstructor(errorTaming, stackFiltering)); - addIntrinsics(tameMathObject(mathTaming)); + addIntrinsics(tameMathObject()); addIntrinsics(tameRegExpConstructor(regExpTaming)); addIntrinsics(tameSymbolConstructor()); addIntrinsics(shimArrayBufferTransfer()); diff --git a/packages/ses/src/tame-date-constructor.js b/packages/ses/src/tame-date-constructor.js index 0b756d8b71..2dfbc14738 100644 --- a/packages/ses/src/tame-date-constructor.js +++ b/packages/ses/src/tame-date-constructor.js @@ -8,10 +8,7 @@ import { defineProperties, } from './commons.js'; -export default function tameDateConstructor(dateTaming = 'safe') { - if (dateTaming !== 'safe' && dateTaming !== 'unsafe') { - throw TypeError(`unrecognized dateTaming ${dateTaming}`); - } +export default function tameDateConstructor() { const OriginalDate = Date; const DatePrototype = OriginalDate.prototype; diff --git a/packages/ses/src/tame-math-object.js b/packages/ses/src/tame-math-object.js index 0e175ea97f..678bcbd5df 100644 --- a/packages/ses/src/tame-math-object.js +++ b/packages/ses/src/tame-math-object.js @@ -6,10 +6,7 @@ import { objectPrototype, } from './commons.js'; -export default function tameMathObject(mathTaming = 'safe') { - if (mathTaming !== 'safe' && mathTaming !== 'unsafe') { - throw TypeError(`unrecognized mathTaming ${mathTaming}`); - } +export default function tameMathObject() { const originalMath = Math; const initialMath = originalMath; // to follow the naming pattern diff --git a/packages/ses/test/_lockdown-unsafe.js b/packages/ses/test/_lockdown-unsafe.js index 7a6d6fc347..0d9c444954 100644 --- a/packages/ses/test/_lockdown-unsafe.js +++ b/packages/ses/test/_lockdown-unsafe.js @@ -1,5 +1,3 @@ lockdown({ - dateTaming: 'unsafe', - mathTaming: 'unsafe', errorTaming: 'unsafe', }); diff --git a/packages/ses/test/lockdown-options.test.js b/packages/ses/test/lockdown-options.test.js index 53754c69fe..0b3dd3bf27 100644 --- a/packages/ses/test/lockdown-options.test.js +++ b/packages/ses/test/lockdown-options.test.js @@ -3,13 +3,23 @@ import { repairIntrinsics } from '../src/lockdown.js'; test('repairIntrinsics throws with non-recognized options', t => { t.throws( - () => repairIntrinsics({ mathTaming: 'unsafe', abc: true }), + () => repairIntrinsics({ abc: true }), undefined, 'throws with value true', ); t.throws( - () => repairIntrinsics({ mathTaming: 'unsafe', abc: false }), + () => repairIntrinsics({ abc: false }), undefined, 'throws with value false', ); + t.throws( + () => repairIntrinsics({ mathTaming: 'unsafe' }), + undefined, + 'throws with deprecated option mathTaming', + ); + t.throws( + () => repairIntrinsics({ dateTaming: 'unsafe' }), + undefined, + 'throws with deprecated option dateTaming', + ); }); diff --git a/packages/ses/types.d.ts b/packages/ses/types.d.ts index 1cd2f57702..6e260914e9 100644 --- a/packages/ses/types.d.ts +++ b/packages/ses/types.d.ts @@ -26,8 +26,6 @@ export interface RepairOptions { errorTrapping?: 'platform' | 'exit' | 'abort' | 'report' | 'none'; unhandledRejectionTrapping?: 'report' | 'none'; errorTaming?: 'safe' | 'unsafe' | 'unsafe-debug'; - dateTaming?: 'safe' | 'unsafe'; // deprecated - mathTaming?: 'safe' | 'unsafe'; // deprecated evalTaming?: 'safeEval' | 'unsafeEval' | 'noEval'; stackFiltering?: 'concise' | 'verbose'; overrideTaming?: 'moderate' | 'min' | 'severe'; diff --git a/packages/ses/types.test-d.ts b/packages/ses/types.test-d.ts index dbb7ec7c22..c26f05682a 100644 --- a/packages/ses/types.test-d.ts +++ b/packages/ses/types.test-d.ts @@ -12,8 +12,6 @@ lockdown(); lockdown({}); lockdown({ errorTaming: 'unsafe' }); lockdown({ - mathTaming: 'unsafe', - dateTaming: 'unsafe', errorTaming: 'unsafe', localeTaming: 'unsafe', consoleTaming: 'unsafe',