feat(plugin): Throw when calling illegal process functions (#83)

* add reading umask

Author: billyvg

.eslintignore

@@ -1 +1 @@
-__tests__/integration/rplugin/node/test
+__tests__/integration/rplugin/node/

__tests__/integration/rplugin/node/test_2/src/index.js

@@ -45,6 +45,16 @@ class Test {
   getGlobal(name) {
     return global[name];
   }
+
+  @NvimFunction('Illegal', { sync: true })
+  illegalProcessCall() {
+    process.chdir();
+  }
+
+  @NvimFunction('Umask', { sync: true })
+  umask(arg) {
+    return process.umask(arg);
+  }
 }
 
 module.exports = Test;

src/host/factory.test.ts

@@ -100,8 +100,9 @@ describe('Plugin Factory (decorator api)', () => {
       },
       { type: 'function', name: 'Func', sync: true, opts: {} },
       { type: 'function', name: 'Global', sync: true, opts: {} },
+      { type: 'function', name: 'Illegal', sync: true, opts: {} },
     ];
-    expect(pluginObj.specs).toEqual(expected);
+    expect(pluginObj.specs).toEqual(expect.arrayContaining(expected));
   });
 
   it('should collect the handlers from a plugin', async () => {
@@ -135,4 +136,23 @@ describe('Plugin Factory (decorator api)', () => {
     const plugin = loadPlugin(path.join(PLUGIN_PATH, 'test_2'), nvim, {});
     expect(plugin.nvim).toBe(nvim);
   });
+
+  it('cannot call illegal process functions', () => {
+    const nvim = {};
+    const plugin = loadPlugin(path.join(PLUGIN_PATH, 'test_2'), nvim, {});
+    expect(plugin.functions.Illegal.fn).toThrow();
+  });
+
+  it('cannot write to process.umask', () => {
+    const nvim = {};
+    const plugin = loadPlugin(path.join(PLUGIN_PATH, 'test_2'), nvim, {});
+    expect(() => plugin.functions.Umask.fn(123)).toThrow();
+  });
+
+  it('can read process.umask()', () => {
+    const nvim = {};
+    const plugin = loadPlugin(path.join(PLUGIN_PATH, 'test_2'), nvim, {});
+    expect(() => plugin.functions.Umask.fn()).not.toThrow();
+    expect(plugin.functions.Umask.fn()).toBeDefined();
+  });
 });

src/host/factory.ts

@@ -28,7 +28,7 @@ export type LoadPluginOptions = {
 
 const Module: IModule = require('module');
 
-const BLACKLISTED_GLOBALS = [
+const REMOVED_GLOBALS = [
   'reallyExit',
   'abort',
   'chdir',
@@ -44,6 +44,12 @@ const BLACKLISTED_GLOBALS = [
   'kill',
 ];
 
+function removedGlobalStub(name: string) {
+  return () => {
+    throw new Error(`process.${name}() is not allowed in Plugin sandbox`);
+  };
+}
+
 // @see node/lib/internal/module.js
 function makeRequireFunction() {
   const require: any = (p: string) => this.require(p);
@@ -116,9 +122,22 @@ function createSandbox(filename: string): ISandbox {
 
   // patch `require` in sandbox to run loaded module in sandbox context
   // if you need any of these, it might be worth discussing spawning separate processes
-  sandbox.process = <NodeJS.Process>omit(process, BLACKLISTED_GLOBALS);
+  sandbox.process = <NodeJS.Process>omit(process, REMOVED_GLOBALS);
+
+  REMOVED_GLOBALS.forEach(name => {
+    sandbox.process[name] = removedGlobalStub(name);
+  });
 
   const devNull = new DevNull();
+
+  // read-only umask
+  sandbox.process.umask = (mask: number) => {
+    if (typeof mask !== 'undefined') {
+      throw new Error('Cannot use process.umask() to change mask (read-only)');
+    }
+    return process.umask();
+  };
+
   sandbox.process.stdin = devNull;
   sandbox.process.stdout = devNull;
   sandbox.process.stderr = devNull;