[njs] QuickJS: disabling eval() and Function() in qjs_new_context().

noreply at nginx.com noreply at nginx.com
Wed Sep 4 00:59:02 UTC 2024


details:   https://github.com/nginx/njs/commit/8e02600da88bd70a2a4aff88e9bb38fbd849f9f3
branches:  master
commit:    8e02600da88bd70a2a4aff88e9bb38fbd849f9f3
user:      Dmitry Volyntsev <xeioex at nginx.com>
date:      Wed, 24 Jul 2024 16:30:10 -0700
description:
QuickJS: disabling eval() and Function() in qjs_new_context().

This properly disables eval() after previous attempt in c773ebcaad
(0.8.5).  In QuickJS buint-in C level eval API, which is used by njs, is
linked to eval() in JS code. To disable only the JS function
manual modification of global object is required.

---
 external/njs_shell.c |  2 +-
 src/qjs.c            | 31 ++++++++++++++++++++++++++-----
 src/qjs.h            |  2 +-
 3 files changed, 28 insertions(+), 7 deletions(-)

diff --git a/external/njs_shell.c b/external/njs_shell.c
index 80693634..30d4d8c6 100644
--- a/external/njs_shell.c
+++ b/external/njs_shell.c
@@ -2731,7 +2731,7 @@ njs_engine_qjs_init(njs_engine_t *engine, njs_opts_t *opts)
         return NJS_ERROR;
     }
 
-    engine->u.qjs.ctx = qjs_new_context(engine->u.qjs.rt, NULL, 1);
+    engine->u.qjs.ctx = qjs_new_context(engine->u.qjs.rt, NULL);
     if (engine->u.qjs.ctx == NULL) {
         njs_stderror("JS_NewContext() failed\n");
         return NJS_ERROR;
diff --git a/src/qjs.c b/src/qjs.c
index 71aeab64..e7653569 100644
--- a/src/qjs.c
+++ b/src/qjs.c
@@ -17,8 +17,10 @@ static const JSCFunctionListEntry qjs_global_proto[] = {
 
 
 JSContext *
-qjs_new_context(JSRuntime *rt, qjs_module_t **addons, _Bool eval)
+qjs_new_context(JSRuntime *rt, qjs_module_t **addons)
 {
+    int           ret;
+    JSAtom        prop;
     JSValue       global_obj;
     JSContext     *ctx;
     qjs_module_t  **module;
@@ -37,10 +39,7 @@ qjs_new_context(JSRuntime *rt, qjs_module_t **addons, _Bool eval)
     JS_AddIntrinsicTypedArrays(ctx);
     JS_AddIntrinsicPromise(ctx);
     JS_AddIntrinsicBigInt(ctx);
-
-    if (eval) {
-        JS_AddIntrinsicEval(ctx);
-    }
+    JS_AddIntrinsicEval(ctx);
 
     for (module = qjs_modules; *module != NULL; module++) {
         if ((*module)->init(ctx, (*module)->name) == NULL) {
@@ -61,6 +60,28 @@ qjs_new_context(JSRuntime *rt, qjs_module_t **addons, _Bool eval)
     JS_SetPropertyFunctionList(ctx, global_obj, qjs_global_proto,
                                njs_nitems(qjs_global_proto));
 
+    prop = JS_NewAtom(ctx, "eval");
+    if (prop == JS_ATOM_NULL) {
+        return NULL;
+    }
+
+    ret = JS_DeleteProperty(ctx, global_obj, prop, 0);
+    JS_FreeAtom(ctx, prop);
+    if (ret < 0) {
+        return NULL;
+    }
+
+    prop = JS_NewAtom(ctx, "Function");
+    if (prop == JS_ATOM_NULL) {
+        return NULL;
+    }
+
+    ret = JS_DeleteProperty(ctx, global_obj, prop, 0);
+    JS_FreeAtom(ctx, prop);
+    if (ret < 0) {
+        return NULL;
+    }
+
     JS_FreeValue(ctx, global_obj);
 
     return ctx;
diff --git a/src/qjs.h b/src/qjs.h
index 516fea96..dff5919b 100644
--- a/src/qjs.h
+++ b/src/qjs.h
@@ -41,7 +41,7 @@ typedef struct {
 } qjs_module_t;
 
 
-JSContext *qjs_new_context(JSRuntime *rt, qjs_module_t **addons, _Bool eval);
+JSContext *qjs_new_context(JSRuntime *rt, qjs_module_t **addons);
 
 
 JSValue qjs_buffer_alloc(JSContext *ctx, size_t size);


More information about the nginx-devel mailing list