compartment-mapper: makeSecureBundle with bundled runtime and no-eval

packages/compartment-mapper/bundle.js

@@ -1 +1 @@
-export { makeBundle, writeBundle } from './src/bundle.js';
+export { makeBundle, writeBundle } from './src/bundle-unsafe.js';

packages/compartment-mapper/index.js

@@ -14,4 +14,8 @@ export {
 } from './src/import-archive.js';
 export { search } from './src/search.js';
 export { compartmentMapForNodeModules } from './src/node-modules.js';
-export { makeBundle, writeBundle } from './src/bundle.js';
+export { makeBundle, writeBundle } from './src/bundle-unsafe.js';
+export {
+  makeSecureBundle,
+  makeSecureBundleFromArchive,
+} from './src/bundle-safe.js';

packages/compartment-mapper/src/archive.js

@@ -207,27 +207,38 @@ const renameSources = (sources, compartmentRenames) => {
 };
 
 /**
- * @param {ArchiveWriter} archive
  * @param {Sources} sources
  */
-const addSourcesToArchive = async (archive, sources) => {
+export const locationsForSources = function* locationsForSources(sources) {
   for (const compartment of keys(sources).sort()) {
     const modules = sources[compartment];
     const compartmentLocation = resolveLocation(`${compartment}/`, 'file:///');
     for (const specifier of keys(modules).sort()) {
-      const { bytes, location } = modules[specifier];
+      const module = modules[specifier];
+      const { location } = module;
       if (location !== undefined) {
         const moduleLocation = resolveLocation(location, compartmentLocation);
-        const path = new URL(moduleLocation).pathname.slice(1); // elide initial "/"
-        if (bytes !== undefined) {
-          // eslint-disable-next-line no-await-in-loop
-          await archive.write(path, bytes);
-        }
+        const path = new URL(moduleLocation).pathname.slice(1); // skip initial "/"
+        yield { path, module, compartment };
       }
     }
   }
 };
 
+/**
+ * @param {ArchiveWriter} archive
+ * @param {Sources} sources
+ */
+export const addSourcesToArchive = async (archive, sources) => {
+  for (const { path, module } of locationsForSources(sources)) {
+    const { bytes } = module;
+    if (bytes !== undefined) {
+      // eslint-disable-next-line no-await-in-loop
+      await archive.write(path, bytes);
+    }
+  }
+};
+
 /**
  * @param {Sources} sources
  * @param {CaptureSourceLocationHook} captureSourceLocation
@@ -247,7 +258,7 @@ const captureSourceLocations = async (sources, captureSourceLocation) => {
 /**
  * @param {CompartmentMapDescriptor} compartmentMap
  * @param {Sources} sources
- * @returns {{archiveCompartmentMap: CompartmentMapDescriptor, archiveSources: Sources}}
+ * @returns {{archiveCompartmentMap: CompartmentMapDescriptor, archiveSources: Sources, compartmentRenames: Record<string, string>}}
  */
 export const makeArchiveCompartmentMap = (compartmentMap, sources) => {
   const {
@@ -279,7 +290,7 @@ export const makeArchiveCompartmentMap = (compartmentMap, sources) => {
   // accept all valid compartment maps.
   assertCompartmentMap(archiveCompartmentMap);
 
-  return { archiveCompartmentMap, archiveSources };
+  return { archiveCompartmentMap, archiveSources, compartmentRenames };
 };
 
 /**

packages/compartment-mapper/src/bundle-cjs.js

@@ -1,11 +1,16 @@
 /** quotes strings */
 const q = JSON.stringify;
 
+const maybeAppendDefaultValueForExport = exportName =>
+  exportName === 'default' ? `, {}` : '';
+
 const exportsCellRecord = exportsList =>
   ''.concat(
     ...exportsList.map(
       exportName => `\
-      ${exportName}: cell(${q(exportName)}),
+      ${exportName}: cell(${q(exportName)}${maybeAppendDefaultValueForExport(
+        exportName,
+      )}),
 `,
     ),
   );
@@ -15,7 +20,12 @@ const runtime = function wrapCjsFunctor(num) {
   /* eslint-disable no-undef */
   return ({ imports = {} }) => {
     const cModule = Object.freeze(
-      Object.defineProperty({}, 'exports', cells[num].default),
+      Object.defineProperties(
+        {},
+        {
+          exports: cells[num].default,
+        },
+      ),
     );
     // TODO: specifier not found handling
     const requireImpl = specifier => cells[imports[specifier]].default.get();
@@ -39,7 +49,7 @@ export default {
     return {
       getFunctor: () => `\
 // === functors[${index}] ===
-${cjsFunctor},
+${cjsFunctor}
 `,
       getCells: () => `\
     {

packages/compartment-mapper/src/bundle-mjs.js

@@ -61,7 +61,7 @@ export default {
     return {
       getFunctor: () => `\
 // === functors[${index}] ===
-${__syncModuleProgram__},
+${__syncModuleProgram__}
 `,
       getCells: () => `\
     {

packages/compartment-mapper/src/bundle-runtime.js

@@ -0,0 +1,103 @@
+// @ts-check
+/** @typedef {import('ses').RedirectStaticModuleInterface} RedirectStaticModuleInterface */
+/** @typedef {import('./types.js').ExecuteFn} ExecuteFn */
+
+/* globals globalThis */
+import { scopeTerminators } from 'ses/tools.js';
+import { link } from './link.js';
+import { makeArchiveImportHookMaker } from './import-archive.js';
+
+const { strictScopeTerminator } = scopeTerminators;
+const textEncoder = new TextEncoder();
+
+export function loadApplication(
+  compartmentMap,
+  moduleRegistry,
+  loadModuleFunctors,
+  archiveLocation,
+) {
+  const lookupModule = moduleLocation =>
+    textEncoder.encode(JSON.stringify(moduleRegistry[moduleLocation]));
+
+  const {
+    compartments: compartmentDescriptors,
+    entry: { module: entrySpecifier },
+  } = compartmentMap;
+
+  const archiveMakeImportHook = makeArchiveImportHookMaker(
+    lookupModule, // <-- this is our get function
+    compartmentDescriptors,
+    archiveLocation,
+  );
+
+  // see getEvalKitForCompartment definition for note on hoisting
+  /* eslint-disable-next-line no-use-before-define */
+  const moduleFunctors = loadModuleFunctors(getEvalKitForCompartment);
+
+  const makeImportHook = (packageLocation, packageName) => {
+    const archiveImportHook = archiveMakeImportHook(
+      packageLocation,
+      packageName,
+    );
+    const { modules: moduleDescriptors } =
+      compartmentDescriptors[packageLocation];
+    const importHook = async moduleSpecifier => {
+      const staticModuleRecord = await archiveImportHook(moduleSpecifier);
+      // archiveImportHook always setups on an alias record
+      // loadRecord will read the alias so use that
+      const aliasModuleRecord = /** @type {RedirectStaticModuleInterface} */ (
+        staticModuleRecord
+      ).record;
+      // put module functor on the staticModuleRecord
+      const moduleDescriptor = moduleDescriptors[moduleSpecifier];
+      const moduleLocation = `${packageLocation}/${moduleDescriptor.location}`;
+      const makeModuleFunctor = moduleFunctors[moduleLocation];
+      /* eslint-disable-next-line no-underscore-dangle */
+      /** @type {any} */ (aliasModuleRecord).__syncModuleFunctor__ =
+        makeModuleFunctor();
+      return staticModuleRecord;
+    };
+    return importHook;
+  };
+
+  /*
+  wiring would be cleaner if `link()` could take a compartments collection
+
+  reference cycle:
+    - `getEvalKitForCompartment` needs `compartments`
+    - `compartments` is created by `link()`
+    - `link()` needs `makeImportHook`
+    - `makeImportHook` needs `getEvalKitForCompartment`
+  */
+  const { compartment: entryCompartment, compartments } = link(compartmentMap, {
+    makeImportHook,
+    globals: globalThis,
+    // transforms,
+  });
+
+  function getCompartmentByName(name) {
+    let compartment = compartments[name];
+    if (compartment === undefined) {
+      compartment = new Compartment();
+      compartments[name] = compartment;
+    }
+    return compartment;
+  }
+
+  // this relies on hoisting to close a reference triangle
+  // as noted above, this could be fixed if we could pass `compartments` into `link()`
+  function getEvalKitForCompartment(compartmentName) {
+    const compartment = getCompartmentByName(compartmentName);
+    const scopeTerminator = strictScopeTerminator;
+    const { globalThis } = compartment;
+    return { globalThis, scopeTerminator };
+  }
+
+  /** @type {ExecuteFn} */
+  const execute = () => {
+    // eslint-disable-next-line dot-notation
+    return entryCompartment['import'](entrySpecifier);
+  };
+
+  return { execute, compartments };
+}