-
Notifications
You must be signed in to change notification settings - Fork 205
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(resolve): protect against reentrancy attack (#401)
* fix(resolve): protect against reentrancy attack Closes #9 * fix(resolve): harden argument to HandledPromise.resolve The harden calls in eventual-send already need an SES-like environment for proper security. Make HandledPromise.resolve simpler and prevent proxy trickery. * fix(HandledPromise): set prototype to Promise * fix(test-thenable): proper workaround of override mistake
- Loading branch information
1 parent
f3a760b
commit d1f25ef
Showing
4 changed files
with
77 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
* `HandledPromise.resolve(p)` (and therefore `E.resolve(p)`) now | ||
assimilate Promises that have been mutated to add a `.then` method. | ||
These are delayed to a future turn before calling their `.then` method. | ||
This protects against reentrancy attacks, but only when running | ||
under SES. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
import test from 'tape-promise/tape'; | ||
import { E, HandledPromise } from '../src/index'; | ||
|
||
test('E.resolve is always asynchronous', async t => { | ||
try { | ||
const p = new Promise(_ => {}); | ||
// Work around the override mistake on SES. | ||
Object.defineProperty(p, 'then', { value: (res, _rej) => res('done') }); | ||
let thened = false; | ||
const p2 = E.resolve(p).then(ret => (thened = ret)); | ||
t.is(thened, false, `p2 is not yet resolved`); | ||
t.equal(await p2, 'done', `p2 is resolved`); | ||
} catch (e) { | ||
t.isNot(e, e, 'unexpected exception'); | ||
} finally { | ||
t.end(); | ||
} | ||
}); | ||
|
||
test('HandledPromise.resolve is always asynchronous', async t => { | ||
try { | ||
const p = new Promise(_ => {}); | ||
// Work around the override mistake on SES. | ||
Object.defineProperty(p, 'then', { value: (res, _rej) => res('done') }); | ||
let thened = false; | ||
const p2 = HandledPromise.resolve(p).then(ret => (thened = ret)); | ||
t.is(thened, false, `p2 is not yet resolved`); | ||
t.equal(await p2, 'done', `p2 is resolved`); | ||
} catch (e) { | ||
t.isNot(e, e, 'unexpected exception'); | ||
} finally { | ||
t.end(); | ||
} | ||
}); |