File tree 1 file changed +33
-0
lines changed
1 file changed +33
-0
lines changed Original file line number Diff line number Diff line change @@ -659,6 +659,22 @@ describe('VM', () => {
659659 if (!(Object.keys(boom) instanceof Array)) throw new Error('Shouldnt be there.');
660660 if (!(Reflect.ownKeys(boom) instanceof Array)) throw new Error('Shouldnt be there.');
661661 ` ) ) ;
662+
663+ assert . throws ( ( ) => vm2 . run ( `
664+ const proxiedErr = new Proxy({}, {
665+ getPrototypeOf(target) {
666+ (function stack() {
667+ new Error().stack;
668+ stack();
669+ })();
670+ }
671+ });
672+ try {
673+ throw proxiedErr;
674+ } catch ({constructor: c}) {
675+ c.constructor('return process')();
676+ }
677+ ` ) , / M a x i m u m c a l l s t a c k s i z e e x c e e d e d / , '#9' ) ;
662678 } ) ;
663679
664680 it ( 'internal state attack' , ( ) => {
@@ -1127,6 +1143,23 @@ describe('VM', () => {
11271143 } ) ;
11281144 } ) ;
11291145
1146+ it ( 'transformer attack' , ( ) => {
1147+ const vm2 = new VM ( ) ;
1148+
1149+ assert . throws ( ( ) => vm2 . run ( `
1150+ aVM2_INTERNAL_TMPNAME = {};
1151+ function stack() {
1152+ new Error().stack;
1153+ stack();
1154+ }
1155+ try {
1156+ stack();
1157+ } catch (a$tmpname) {
1158+ a$tmpname.constructor.constructor('return process')();
1159+ }
1160+ ` ) , / p r o c e s s i s n o t d e f i n e d / ) ;
1161+ } ) ;
1162+
11301163 after ( ( ) => {
11311164 vm = null ;
11321165 } ) ;
You can’t perform that action at this time.
0 commit comments