Skip to content

Commit 24c724d

Browse files
XmiliaHXmiliaH
committed
Release 3.9.16
1 parent 115d164 commit 24c724d

File tree

3 files changed

+12
-8
lines changed

3 files changed

+12
-8
lines changed

Diff for: CHANGELOG.md

+4
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,7 @@
1+
v3.9.16 (2023-04-11)
2+
--------------------
3+
[fix] Security fix (see https://github.com/patriksimek/vm2/issues/516).
4+
15
v3.9.15 (2023-04-06)
26
--------------------
37
[fix] Security fix (see https://github.com/patriksimek/vm2/issues/515).

Diff for: lib/transformer.js

+7-7
Original file line numberDiff line numberDiff line change
@@ -118,13 +118,13 @@ function transformer(args, body, isAsync, isGenerator, filename) {
118118
__proto__: null,
119119
pos: node.start,
120120
order: TO_RIGHT,
121-
code: `catch($tmpname){try{throw ${INTERNAL_STATE_NAME}.handleException($tmpname);}`
121+
coder: () => `catch(${tmpname}){try{throw(${tmpname}=${INTERNAL_STATE_NAME}.handleException(${tmpname}));}`
122122
});
123123
insertions.push({
124124
__proto__: null,
125125
pos: node.body.end,
126126
order: TO_LEFT,
127-
code: `}`
127+
coder: () => `}`
128128
});
129129
} else {
130130
const name = assertType(param, 'Identifier').name;
@@ -134,7 +134,7 @@ function transformer(args, body, isAsync, isGenerator, filename) {
134134
__proto__: null,
135135
pos: cBody.body[0].start,
136136
order: TO_LEFT,
137-
code: `${name}=${INTERNAL_STATE_NAME}.handleException(${name});`
137+
coder: () => `${name}=${INTERNAL_STATE_NAME}.handleException(${name});`
138138
});
139139
}
140140
}
@@ -144,13 +144,13 @@ function transformer(args, body, isAsync, isGenerator, filename) {
144144
__proto__: null,
145145
pos: node.object.start,
146146
order: TO_LEFT,
147-
code: INTERNAL_STATE_NAME + '.wrapWith('
147+
coder: () => INTERNAL_STATE_NAME + '.wrapWith('
148148
});
149149
insertions.push({
150150
__proto__: null,
151151
pos: node.object.end,
152152
order: TO_RIGHT,
153-
code: ')'
153+
coder: () => ')'
154154
});
155155
} else if (nodeType === 'Identifier') {
156156
if (node.name === INTERNAL_STATE_NAME) {
@@ -165,7 +165,7 @@ function transformer(args, body, isAsync, isGenerator, filename) {
165165
__proto__: null,
166166
pos: node.start,
167167
order: TO_RIGHT,
168-
code: INTERNAL_STATE_NAME + '.'
168+
coder: () => INTERNAL_STATE_NAME + '.'
169169
});
170170
}
171171
});
@@ -186,7 +186,7 @@ function transformer(args, body, isAsync, isGenerator, filename) {
186186
let curr = 0;
187187
for (let i = 0; i < insertions.length; i++) {
188188
const change = insertions[i];
189-
ncode += code.substring(curr, change.pos) + change.code.replace(/\$tmpname/g, tmpname);
189+
ncode += code.substring(curr, change.pos) + change.coder();
190190
curr = change.pos;
191191
}
192192
ncode += code.substring(curr);

Diff for: package.json

+1-1
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313
"alcatraz",
1414
"contextify"
1515
],
16-
"version": "3.9.15",
16+
"version": "3.9.16",
1717
"main": "index.js",
1818
"sideEffects": false,
1919
"repository": "github:patriksimek/vm2",

0 commit comments

Comments
 (0)