Expose ModifyCodeGenerationFromStrings callback

Author: rebu-dt

src/binding.cc

@@ -288,6 +288,13 @@ void v8__Isolate__SetUseCounterCallback(
   isolate->SetUseCounterCallback(callback);
 }
 
+void v8__Isolate__SetModifyCodeGenerationFromStringsCallback(
+  v8::Isolate* isolate,
+  v8::ModifyCodeGenerationFromStringsCallback2 callback
+) {
+  isolate->SetModifyCodeGenerationFromStringsCallback(callback);
+}
+
 bool v8__Isolate__AddMessageListener(v8::Isolate* isolate,
                                      v8::MessageCallback callback) {
   return isolate->AddMessageListener(callback);

src/isolate.rs

@@ -559,6 +559,22 @@ pub type OomErrorCallback =
 #[derive(Debug)]
 pub struct HeapStatistics([usize; 16]);
 
+#[repr(C)]
+pub struct ModifyCodeGenerationFromStringsResult<'s> {
+  pub codegen_allowed: bool,
+  pub modified_source: Option<Local<'s, String>>,
+}
+
+// We use Option<NonNull<T>> which _is_ FFI-safe.
+// See https://doc.rust-lang.org/nomicon/other-reprs.html
+#[allow(improper_ctypes_definitions)]
+pub type ModifyCodeGenerationFromStringsCallback<'s> =
+  extern "C" fn(
+    context: Local<'s, Context>,
+    source: Local<'s, Value>,
+    is_code_like: bool,
+  ) -> ModifyCodeGenerationFromStringsResult<'s>;
+
 // Windows x64 ABI: MaybeLocal<Value> returned on the stack.
 #[cfg(target_os = "windows")]
 pub type PrepareStackTraceCallback<'s> =
@@ -694,6 +710,13 @@ unsafe extern "C" {
     isolate: *mut Isolate,
     callback: UseCounterCallback,
   );
+  // We use Option<NonNull<T>> which _is_ FFI-safe.
+  // See https://doc.rust-lang.org/nomicon/other-reprs.html
+  #[allow(improper_ctypes)]
+  fn v8__Isolate__SetModifyCodeGenerationFromStringsCallback(
+    isolate: *mut Isolate,
+    callback: ModifyCodeGenerationFromStringsCallback,
+  );
   fn v8__Isolate__RequestInterrupt(
     isolate: *const Isolate,
     callback: InterruptCallback,
@@ -1380,6 +1403,20 @@ impl Isolate {
     unsafe { v8__Isolate__RemoveGCPrologueCallback(self, callback, data) }
   }
 
+  /// This specifies the callback called by v8 when JS is trying to dynamically execute
+  /// code using `eval` or the `Function` constructor.
+  ///
+  /// The callback can decide whether to allow code generation and, if so, modify
+  /// the source code beforehand.
+  pub fn set_modify_code_generation_from_strings_callback(
+    &mut self,
+    callback: ModifyCodeGenerationFromStringsCallback,
+  ) {
+    unsafe {
+      v8__Isolate__SetModifyCodeGenerationFromStringsCallback(self, callback)
+    }
+  }
+
   /// Add a callback to invoke in case the heap size is close to the heap limit.
   /// If multiple callbacks are added, only the most recently added callback is
   /// invoked.

src/lib.rs

@@ -115,6 +115,8 @@ pub use isolate::MemoryPressureLevel;
 pub use isolate::MessageCallback;
 pub use isolate::MessageErrorLevel;
 pub use isolate::MicrotasksPolicy;
+pub use isolate::ModifyCodeGenerationFromStringsCallback;
+pub use isolate::ModifyCodeGenerationFromStringsResult;
 pub use isolate::ModuleImportPhase;
 pub use isolate::NearHeapLimitCallback;
 pub use isolate::OomDetails;

tests/test_api.rs

@@ -12102,6 +12102,50 @@ fn use_counter_callback() {
   assert_eq!(COUNT.load(Ordering::Relaxed), 1);
 }
 
+#[test]
+fn code_generation_from_strings_callback() {
+  static CODEGEN_ALLOWED: AtomicBool = AtomicBool::new(false);
+  static CALLED: AtomicBool = AtomicBool::new(false);
+
+  #[allow(improper_ctypes_definitions)]
+  extern "C" fn callback<'s>(
+    _context: v8::Local<'s, v8::Context>,
+    _source: v8::Local<'s, v8::Value>,
+    _is_code_like: bool,
+  ) -> v8::ModifyCodeGenerationFromStringsResult<'s> {
+    CALLED.store(true, Ordering::Relaxed);
+    v8::ModifyCodeGenerationFromStringsResult {
+      codegen_allowed: CODEGEN_ALLOWED.load(Ordering::Relaxed),
+      modified_source: None,
+    }
+  }
+
+  let _setup_guard = setup::parallel_test();
+  let mut isolate = v8::Isolate::new(Default::default());
+  isolate.set_modify_code_generation_from_strings_callback(callback);
+  let mut scope = v8::HandleScope::new(&mut isolate);
+  let context = v8::Context::new(&mut scope, Default::default());
+  // Must be set to false, otherwise code generation is unconditionally allowed and the callback is never used
+  context.set_allow_generation_from_strings(false);
+
+  let scope = &mut v8::ContextScope::new(&mut scope, context);
+
+  // Code generation should be disallowed
+  {
+    let tc = &mut v8::TryCatch::new(scope);
+    eval(tc, "eval('1 + 1')");
+    assert_eq!(
+      tc.message().unwrap().get(tc).to_rust_string_lossy(tc),
+      "Uncaught EvalError: Code generation from strings disallowed for this context"
+    );
+  }
+
+  // Enable code generation
+  CODEGEN_ALLOWED.store(true, Ordering::Relaxed);
+  let result: Option<v8::Local<'_, v8::Value>> = eval(scope, "eval('1 + 1')");
+  assert_eq!(result.unwrap().number_value(scope).unwrap(), 2.0);
+}
+
 #[test]
 fn test_eternals() {
   let _setup_guard = setup::parallel_test();