Avoid property override hazard #70

FUDCo · 2022-09-28T21:07:19Z

Hi! 👋

Firstly, thanks for your work on this project! 🙂

Today I used patch-package to patch stack-utils@2.0.5 for the project I'm working on.

Assignments to res.constructor trip over the JavaScript property override mistake, causing Ava test assertion failure results in some environments to become unable to be output. The problem can be reproduced if you freeze Object.prototype.

Here is the diff that solved my problem:

diff --git a/node_modules/stack-utils/index.js b/node_modules/stack-utils/index.js
index ed14bd3..ad9eeb1 100644
--- a/node_modules/stack-utils/index.js
+++ b/node_modules/stack-utils/index.js
@@ -161,7 +161,7 @@ class StackUtils {
     setFile(res, site.getFileName(), this._cwd);
 
     if (site.isConstructor()) {
-      res.constructor = true;
+      Object.defineProperty(res, 'constructor', { value: true });
     }
 
     if (site.isEval()) {
@@ -260,7 +260,7 @@ class StackUtils {
     setFile(res, file, this._cwd);
 
     if (ctor) {
-      res.constructor = true;
+      Object.defineProperty(res, 'constructor', { value: true });
     }
 
     if (evalOrigin) {

This issue body was partially generated by patch-package.

The text was updated successfully, but these errors were encountered:

Lockdown breaks Ava under certain versions of NodeJS. It turns out to be due to a bug in the `stack-utils` npm package with trips over the override mistake. I've filed an issue with the maintainer of that package, but in the meantime this patch deals with the problem. See tapjs/stack-utils#70

JavaScript has a misfeature often called the "override mistake". In an assignment such as ```js res.constructor = true; ``` if `res` does not yet have its own `constructor` property, but inherits one that this assignment would override (as is the intention here), but the property that would be overridden is a non-writable data property, then the assignment fails. Hardened JS and similar frameworks for securing JS routinely freeze all the primordial objects, which causes their data properties to become non-configurable, non-writable. Also, the TC53 JS standard for embedded devices standardizes on Hardened JS, which will also cause this problem. The XS JS engine for embedded devices use the Hardened JS configuration by default on embedded devices. Object literals and classes override inherited properties without problem because they use JS's "define" semantics rather than JS's peculiar "assign" semantics. You can also do so manually via `Object.defineProperty`, as this PR does to repair this issue. See also tapjs#70 Agoric/agoric-sdk#6451

erights · 2022-10-13T23:37:48Z

PR now at #71
Please review

Lockdown breaks Ava under certain versions of NodeJS. It turns out to be due to a bug in the `stack-utils` npm package with trips over the override mistake. I've filed an issue with the maintainer of that package, but in the meantime this patch deals with the problem. See tapjs/stack-utils#70

FUDCo mentioned this issue Sep 28, 2022

StackUtils parseLine method chokes on stack traces containing constructor calls #69

Closed

FUDCo mentioned this issue Oct 13, 2022

Patch bug in stack-utils npm package Agoric/agoric-sdk#6451

Merged

erights mentioned this issue Oct 13, 2022

Tracking issue for getting 3rd party packages more SES friendly endojs/endo#576

Closed

erights mentioned this issue Oct 13, 2022

fix: Fix to be compat with the JS override mistake #71

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Avoid property override hazard #70

Avoid property override hazard #70

FUDCo commented Sep 28, 2022

erights commented Oct 13, 2022

Avoid property override hazard #70

Avoid property override hazard #70

Comments

FUDCo commented Sep 28, 2022

erights commented Oct 13, 2022