fix: [#0] Adds warning for environemnt with unfrozen builtins (#1932)

Author: capricorn86

packages/@happy-dom/server-renderer/src/utilities/HelpPrinterRows.ts

@@ -133,7 +133,7 @@ export default [
 		'false'
 	],
 	[
-		'--browser.suppressCodeGenerationFromStringsWarning',
+		'--browser.suppressInsecureJavaScriptEnvironmentWarning',
 		'',
 		'boolean',
 		'Suppresses the warning that is printed when code generation from strings is enabled at process level',

packages/@happy-dom/server-renderer/src/utilities/ProcessArgumentsParser.ts

@@ -41,8 +41,8 @@ export default class ProcessArgumentsParser {
 					config.help = true;
 				} else if (arg === '--browser.disableJavaScriptEvaluation') {
 					config.browser.enableJavaScriptEvaluation = false;
-				} else if (arg === '--browser.suppressCodeGenerationFromStringsWarning') {
-					config.browser.suppressCodeGenerationFromStringsWarning = true;
+				} else if (arg === '--browser.suppressInsecureJavaScriptEnvironmentWarning') {
+					config.browser.suppressInsecureJavaScriptEnvironmentWarning = true;
 				} else if (arg === '--browser.disableJavaScriptFileLoading') {
 					config.browser.disableJavaScriptFileLoading = true;
 				} else if (arg === '--browser.disableCSSFileLoading') {

packages/@happy-dom/server-renderer/test/ServerRendererBrowser.test.ts

@@ -35,7 +35,7 @@ describe('ServerRendererBrowser', () => {
 			});
 			const browser = new ServerRendererBrowser(
 				ServerRendererConfigurationFactory.createConfiguration({
-					browser: { suppressCodeGenerationFromStringsWarning: true }
+					browser: { suppressInsecureJavaScriptEnvironmentWarning: true }
 				})
 			);
 			const results = await browser.render([{ url: 'https://example.com/gb/en/' }]);
@@ -73,7 +73,7 @@ describe('ServerRendererBrowser', () => {
 			});
 			const browser = new ServerRendererBrowser(
 				ServerRendererConfigurationFactory.createConfiguration({
-					browser: { suppressCodeGenerationFromStringsWarning: true }
+					browser: { suppressInsecureJavaScriptEnvironmentWarning: true }
 				})
 			);
 			const results = await browser.render(MockedURLList.slice(0, 15).map((url) => ({ url })));
@@ -136,7 +136,7 @@ describe('ServerRendererBrowser', () => {
 
 			const browser = new ServerRendererBrowser(
 				ServerRendererConfigurationFactory.createConfiguration({
-					browser: { suppressCodeGenerationFromStringsWarning: true }
+					browser: { suppressInsecureJavaScriptEnvironmentWarning: true }
 				})
 			);
 			const results = await browser.render(
@@ -200,7 +200,7 @@ describe('ServerRendererBrowser', () => {
 			});
 			const browser = new ServerRendererBrowser(
 				ServerRendererConfigurationFactory.createConfiguration({
-					browser: { suppressCodeGenerationFromStringsWarning: true }
+					browser: { suppressInsecureJavaScriptEnvironmentWarning: true }
 				})
 			);
 			const results = await browser.render([{ url: 'https://example.com/gb/en/' }]);
@@ -233,7 +233,7 @@ describe('ServerRendererBrowser', () => {
 
 			const browser = new ServerRendererBrowser(
 				ServerRendererConfigurationFactory.createConfiguration({
-					browser: { suppressCodeGenerationFromStringsWarning: true },
+					browser: { suppressInsecureJavaScriptEnvironmentWarning: true },
 					render: {
 						timeout: 100
 					}
@@ -273,7 +273,7 @@ The page may contain scripts with timer loops that prevent it from completing. Y
 
 			const browser = new ServerRendererBrowser(
 				ServerRendererConfigurationFactory.createConfiguration({
-					browser: { suppressCodeGenerationFromStringsWarning: true },
+					browser: { suppressInsecureJavaScriptEnvironmentWarning: true },
 					render: {
 						timeout: 100
 					},
@@ -332,7 +332,7 @@ Timer #1
 
 			const browser = new ServerRendererBrowser(
 				ServerRendererConfigurationFactory.createConfiguration({
-					browser: { suppressCodeGenerationFromStringsWarning: true }
+					browser: { suppressInsecureJavaScriptEnvironmentWarning: true }
 				})
 			);
 			const results = await browser.render([{ url: 'https://example.com/gb/en/' }]);
@@ -395,7 +395,7 @@ Timer #1
 
 			const browser = new ServerRendererBrowser(
 				ServerRendererConfigurationFactory.createConfiguration({
-					browser: { suppressCodeGenerationFromStringsWarning: true },
+					browser: { suppressInsecureJavaScriptEnvironmentWarning: true },
 					render: {
 						allShadowRoots: true
 					}
@@ -466,7 +466,7 @@ Timer #1
 
 			const browser = new ServerRendererBrowser(
 				ServerRendererConfigurationFactory.createConfiguration({
-					browser: { suppressCodeGenerationFromStringsWarning: true },
+					browser: { suppressInsecureJavaScriptEnvironmentWarning: true },
 					render: {
 						serializableShadowRoots: true
 					}
@@ -547,7 +547,7 @@ Timer #1
 
 			const browser = new ServerRendererBrowser(
 				ServerRendererConfigurationFactory.createConfiguration({
-					browser: { suppressCodeGenerationFromStringsWarning: true },
+					browser: { suppressInsecureJavaScriptEnvironmentWarning: true },
 					render: {
 						allShadowRoots: true,
 						excludeShadowRootTags: ['custom-element']
@@ -616,7 +616,7 @@ Timer #1
 			);
 			const browser = new ServerRendererBrowser(
 				ServerRendererConfigurationFactory.createConfiguration({
-					browser: { suppressCodeGenerationFromStringsWarning: true },
+					browser: { suppressInsecureJavaScriptEnvironmentWarning: true },
 					cache: {
 						disable: true
 					}

packages/@happy-dom/server-renderer/test/utilities/MockedConfiguration.ts

@@ -6,7 +6,8 @@ export default <IServerRendererConfiguration>{
 	browser: {
 		disableJavaScriptEvaluation: false,
 		enableJavaScriptEvaluation: false,
-		suppressCodeGenerationFromStringsWarning: true,
+		suppressCodeGenerationFromStringsWarning: false,
+		suppressInsecureJavaScriptEnvironmentWarning: true,
 		disableJavaScriptFileLoading: true,
 		disableCSSFileLoading: true,
 		disableIframePageLoading: false,

packages/@happy-dom/server-renderer/test/utilities/ProcessArgumentsParser.test.ts

@@ -325,19 +325,19 @@ describe('ProcessArgumentsParser', () => {
 			).toEqual(expectedConfig);
 		});
 
-		it('Returns configuration with suppressed code generation warning.', async () => {
+		it('Returns configuration with suppressed JavaScript environment warning.', async () => {
 			const expectedConfig = {
 				...DefaultServerRendererConfiguration,
 				browser: {
 					...DefaultServerRendererConfiguration.browser,
-					suppressCodeGenerationFromStringsWarning: true
+					suppressInsecureJavaScriptEnvironmentWarning: true
 				}
 			};
 			expect(
 				await ProcessArgumentsParser.getConfiguration([
 					'node',
 					'script.js',
-					'--browser.suppressCodeGenerationFromStringsWarning'
+					'--browser.suppressInsecureJavaScriptEnvironmentWarning'
 				])
 			).toEqual(expectedConfig);
 		});
@@ -349,6 +349,7 @@ describe('ProcessArgumentsParser', () => {
 				'browser.enableFileSystemHttpRequests',
 				'browser.disableIframePageLoading',
 				'browser.disableJavaScriptEvaluation',
+				'browser.suppressCodeGenerationFromStringsWarning',
 				// Special handling
 				'browser.enableJavaScriptEvaluation',
 				'browser.fetch.requestHeaders',

packages/happy-dom/src/PropertySymbol.ts

@@ -405,3 +405,6 @@ export const rulePrefix = Symbol('rulePrefix');
 export const virtualServerFile = Symbol('virtualServerFile');
 export const frames = Symbol('frames');
 export const disableEvaluation = Symbol('disableEvaluation');
+export const validateJavaScriptExecutionEnvironment = Symbol(
+	'validateJavaScriptExecutionEnvironment'
+);

packages/happy-dom/src/browser/DefaultBrowserSettings.ts

@@ -15,6 +15,7 @@ export default <IBrowserSettings>{
 	errorCapture: BrowserErrorCaptureEnum.tryAndCatch,
 	enableFileSystemHttpRequests: false,
 	suppressCodeGenerationFromStringsWarning: false,
+	suppressInsecureJavaScriptEnvironmentWarning: false,
 	timer: {
 		maxTimeout: -1,
 		maxIntervalTime: -1,

packages/happy-dom/src/browser/types/IBrowserSettings.ts

@@ -40,9 +40,16 @@ export default interface IBrowserSettings {
 	/** Handle disabled resource loading as success */
 	handleDisabledFileLoadingAsSuccess: boolean;
 
-	/** Suppresses the warning that is printed when code generation from strings is enabled at process level. */
+	/**
+	 * Suppresses the warning that is printed when code generation from strings is enabled at process level.
+	 *
+	 * @deprecated Use "suppressInsecureJavaScriptEnvironmentWarning" instead.
+	 */
 	suppressCodeGenerationFromStringsWarning: boolean;
 
+	/** Suppresses the warning that is printed when the JavaScript execution environment is insecure. */
+	suppressInsecureJavaScriptEnvironmentWarning: boolean;
+
 	/**
 	 * Settings for timers
 	 */

packages/happy-dom/src/browser/types/IOptionalBrowserSettings.ts

@@ -37,9 +37,16 @@ export default interface IOptionalBrowserSettings {
 	/** Handle disabled file loading as success */
 	handleDisabledFileLoadingAsSuccess?: boolean;
 
-	/** Suppresses the warning that is printed when code generation from strings is enabled at process level. */
+	/**
+	 * Suppresses the warning that is printed when code generation from strings is enabled at process level.
+	 *
+	 * @deprecated Use "suppressInsecureJavaScriptEnvironmentWarning" instead.
+	 */
 	suppressCodeGenerationFromStringsWarning?: boolean;
 
+	/** Suppresses the warning that is printed when the JavaScript execution environment is insecure. */
+	suppressInsecureJavaScriptEnvironmentWarning?: boolean;
+
 	/** Settings for timers */
 	timer?: {
 		maxTimeout?: number;

packages/happy-dom/src/window/BrowserWindow.ts

@@ -331,7 +331,7 @@ const TIMER = {
 
 const IS_NODE_JS_TIMEOUT_ENVIRONMENT = setTimeout.toString().includes('new Timeout');
 
-const IS_PROCESS_LEVEL_CODE_GENERATION_FROM_STRINGS_ALLOWED = (() => {
+const IS_CODE_GENERATION_FROM_STRINGS_ENVIRONMENT = (() => {
 	try {
 		// eslint-disable-next-line no-new-func
 		new Function('return true;')();
@@ -341,6 +341,16 @@ const IS_PROCESS_LEVEL_CODE_GENERATION_FROM_STRINGS_ALLOWED = (() => {
 	}
 })();
 
+const IS_UNFROZEN_INTRINSICS_ENVIRONMENT = (() => {
+	try {
+		(<any>globalThis.Function)['$UNFROZEN$'] = true;
+		delete (<any>globalThis.Function)['$UNFROZEN$'];
+		return true;
+	} catch {
+		return false;
+	}
+})();
+
 /**
  * Class for PerformanceObserverEntryList as it is only available as an interface from Node.js.
  */
@@ -858,23 +868,10 @@ export default class BrowserWindow extends EventTarget implements INodeJSGlobal
 	constructor(browserFrame: IBrowserFrame, options?: { url?: string }) {
 		super();
 
-		if (
-			IS_PROCESS_LEVEL_CODE_GENERATION_FROM_STRINGS_ALLOWED &&
-			browserFrame.page.context.browser.settings.enableJavaScriptEvaluation &&
-			!browserFrame.page.context.browser.settings.suppressCodeGenerationFromStringsWarning
-		) {
-			// eslint-disable-next-line no-console
-			console.warn(
-				'\nWarning! Happy DOM has JavaScript evaluation enabled and is running in an environment with code generation from strings (eval) enabled at process level.' +
-					'\n\nA VM Context is not an isolated environment, and if you run untrusted code you are at risk of RCE (Remote Code Execution) attacks. The attacker can use code generation to escape the VM and run code at process level.' +
-					'\n\nIt is recommended to disable code generation at process level by running node with the "--disallow-code-generation-from-strings" flag enabled when Javascript evaluation is enabled in Happy DOM.' +
-					' You can suppress this warning by setting "suppressCodeGenerationFromStringsWarning" to "true" at your own risk.' +
-					'\n\nFor more information, see https://github.com/capricorn86/happy-dom/wiki/Code-Generation-From-Strings-Warning\n\n'
-			);
-		}
-
 		this.#browserFrame = browserFrame;
 
+		this[PropertySymbol.validateJavaScriptExecutionEnvironment]();
+
 		this.console = browserFrame.page.console;
 
 		this[PropertySymbol.readyStateManager] = new DocumentReadyStateManager(browserFrame);
@@ -1857,6 +1854,28 @@ export default class BrowserWindow extends EventTarget implements INodeJSGlobal
 		}
 	}
 
+	/**
+	 * Checks if the JavaScript execution environment is secure and outputs a warning if not.
+	 */
+	protected [PropertySymbol.validateJavaScriptExecutionEnvironment](): void {
+		const browserFrame = this.#browserFrame;
+		if (
+			(IS_CODE_GENERATION_FROM_STRINGS_ENVIRONMENT || IS_UNFROZEN_INTRINSICS_ENVIRONMENT) &&
+			browserFrame.page.context.browser.settings.enableJavaScriptEvaluation &&
+			!browserFrame.page.context.browser.settings.suppressInsecureJavaScriptEnvironmentWarning &&
+			!browserFrame.page.context.browser.settings.suppressCodeGenerationFromStringsWarning
+		) {
+			// eslint-disable-next-line no-console
+			console.warn(
+				'\nWarning! Happy DOM has JavaScript evaluation enabled and is running in an insecure environment.' +
+					'\n\nA VM Context is not an isolated environment, and if you run untrusted code you are at risk of RCE (Remote Code Execution) attacks. The attacker can escape the VM and run code at process level.' +
+					'\n\nIt is recommended to disable code generation and freeze all builtins at process level by running node with the flags "--disallow-code-generation-from-strings" and "--frozen-intrinsics".' +
+					' You can suppress this warning by setting "suppressInsecureJavaScriptEnvironmentWarning" to "true" at your own risk.' +
+					'\n\nFor more information, see https://github.com/capricorn86/happy-dom/wiki/JavaScript-Evaluation-Warning\n\n'
+			);
+		}
+	}
+
 	/**
 	 * Destroys the window.
 	 */