refactor(ses): hostEvaluators assertions to failures

leotm · leotm · commit 8f0c31aa07c4 · 2025-03-06T14:35:25.000Z
diff --git a/packages/ses/src/lockdown.js b/packages/ses/src/lockdown.js
@@ -279,22 +279,16 @@ export const repairIntrinsics = (options = {}) => {
   const noEvaluators = !evalAllowed && !functionAllowed; // eval() itself and the Function() constructor are not allowed to execute.
 
   hostEvaluators === 'all' &&
-    assert(
-      !noEvaluators,
-      "'hostEvaluators' was set to 'all', but the Function() constructor and eval() are not allowed to execute (SES_DIRECT_EVAL)",
-    );
+    noEvaluators &&
+    Fail`'hostEvaluators' was set to 'all', but the Function() constructor and eval() are not allowed to execute (SES_DIRECT_EVAL)`;
 
   hostEvaluators === 'none' &&
-    assert(
-      noEvaluators,
-      "'hostEvaluators' was set to 'none', but the Function() constructor and eval() are allowed to execute (SES_DIRECT_EVAL)",
-    );
+    !noEvaluators &&
+    Fail`'hostEvaluators' was set to 'none', but the Function() constructor and eval() are allowed to execute (SES_DIRECT_EVAL)`;
 
   hostEvaluators === 'no-direct' &&
-    assert(
-      !directEvalAllowed,
-      `'hostEvaluators' was set to 'no-direct', but ${directEvalAllowed === true ? 'direct eval is functional' : 'the Function() constructor and eval() are not allowed to execute'} (SES_DIRECT_EVAL)`,
-    );
+    directEvalAllowed &&
+    Fail`'hostEvaluators' was set to 'no-direct', but ${directEvalAllowed === true ? 'direct eval is functional' : 'the Function() constructor and eval() are not allowed to execute'} (SES_DIRECT_EVAL)`;
 
   // TODO: Remove '_legacy' when 'all' introduced as the new default option (breaking change).
   // For backwards compatibility under '_legacy', we do not error with a strict CSP, since directEvalAllowed remains undefined.
