Skip to content

Commit

Permalink
disabled abusing the "primitive" block with metaprogramming to run ar…
Browse files Browse the repository at this point in the history
…bitrary JS code. Sigh.
  • Loading branch information
jmoenig committed Sep 13, 2024
1 parent 862f80c commit 257544e
Show file tree
Hide file tree
Showing 6 changed files with 34 additions and 18 deletions.
5 changes: 5 additions & 0 deletions HISTORY.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,11 @@
# Snap! (BYOB) History

## in development:
* **Notable Fixes:**
* disabled abusing the "primitive" block with metaprogramming to run arbitrary JS code. Sigh.

### 2024-09-13
* byob, objects, threads, store: disabled abusing the "primitive" block with metaprogramming to run arbitrary JS code. Sigh.

## 10.0.7:
* **Translation Updates:**
Expand Down
8 changes: 4 additions & 4 deletions snap.html
Original file line number Diff line number Diff line change
Expand Up @@ -17,20 +17,20 @@
<script src="src/symbols.js?version=2024-01-24"></script>
<script src="src/widgets.js?version=2024-07-24"></script>
<script src="src/blocks.js?version=2024-06-10"></script>
<script src="src/threads.js?version=2024-08-12"></script>
<script src="src/objects.js?version=2024-08-20"></script>
<script src="src/threads.js?version=2024-09-13"></script>
<script src="src/objects.js?version=2024-09-13"></script>
<script src="src/scenes.js?version=2024-05-28"></script>
<script src="src/gui.js?version=2024-09-06"></script>
<script src="src/paint.js?version=2023-05-24"></script>
<script src="src/lists.js?version=2024-04-08"></script>
<script src="src/byob.js?version=2024-08-09"></script>
<script src="src/byob.js?version=2024-09-13"></script>
<script src="src/tables.js?version=2023-08-17"></script>
<script src="src/sketch.js?version=2023-05-24"></script>
<script src="src/video.js?version=2019-06-27"></script>
<script src="src/maps.js?version=2021-06-15"></script>
<script src="src/extensions.js?version=2024-07-17"></script>
<script src="src/xml.js?version=2021-07-05"></script>
<script src="src/store.js?version=2024-07-24"></script>
<script src="src/store.js?version=2024-09-13"></script>
<script src="src/locale.js?version=2024-09-06"></script>
<script src="src/cloud.js?version=2023-04-12"></script>
<script src="src/api.js?version=2024-02-22"></script>
Expand Down
19 changes: 14 additions & 5 deletions src/byob.js
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,7 @@ ArgLabelMorph, embedMetadataPNG, ArgMorph, RingMorph*/

// Global stuff ////////////////////////////////////////////////////////

modules.byob = '2024-August-09';
modules.byob = '2024-September-13';

// Declarations

Expand Down Expand Up @@ -661,6 +661,15 @@ CustomBlockDefinition.prototype.isDirectlyRecursive = function () {
return this.cachedIsRecursive;
};

CustomBlockDefinition.prototype.setPrimitive = function (prim) {
if (isString(prim) &&
!Object.keys(SpriteMorph.prototype.blocks).includes(prim)) {
// console.warn('attempted to set unlisted primitive:', prim);
return;
}
this.primitive = prim;
};

// CustomBlockDefinition localizing

CustomBlockDefinition.prototype.localizedSpec = function () {
Expand Down Expand Up @@ -806,7 +815,7 @@ CustomBlockDefinition.prototype.setBlockDefinition = function (aContext) {
if (body.expression?.selector === 'doPrimitive' &&
body.expression.inputs()[0].value
) {
this.primitive = body.expression.inputs()[1].contents().text || null;
this.setPrimitive(body.expression.inputs()[1].contents().text || null);
} else {
this.primitive = null;
}
Expand Down Expand Up @@ -3411,9 +3420,9 @@ BlockEditorMorph.prototype.updateDefinition = function () {
if (this.definition.body?.expression?.selector === 'doPrimitive' &&
this.definition.body.expression.inputs()[0].value
) {
this.definition.primitive =
this.definition.body.expression.inputs()[1].contents().text
|| null;
this.definition.setPrimitive(
this.definition.body.expression.inputs()[1].contents().text || null
);
} else {
this.definition.primitive = null;
}
Expand Down
7 changes: 4 additions & 3 deletions src/objects.js
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ CustomBlockDefinition, exportEmbroidery*/

/*jshint esversion: 11*/

modules.objects = '2024-August-20';
modules.objects = '2024-September-13';

var SpriteMorph;
var StageMorph;
Expand Down Expand Up @@ -2482,8 +2482,9 @@ SpriteMorph.prototype.toggleAllCustomizedPrimitives = function (stage, choice) {
var prim = def.body?.expression;
if (prim && prim.selector === 'doPrimitive' && prim.nextBlock()) {
prim.inputs()[0].setContents(choice);
def.primitive = choice ? prim.inputs()[1].contents().text || null
: null;
def.setPrimitive(
choice ? prim.inputs()[1].contents().text || null : null
);
stage.allBlockInstances(def).reverse().forEach(block =>
block.selector = def.primitive || 'evaluateCustomBlock'
);
Expand Down
6 changes: 3 additions & 3 deletions src/store.js
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ Project*/

// Global stuff ////////////////////////////////////////////////////////

modules.store = '2024-July-24';
modules.store = '2024-September-13';

// XML_Serializer ///////////////////////////////////////////////////////
/*
Expand Down Expand Up @@ -1052,7 +1052,7 @@ SnapSerializer.prototype.loadCustomBlocks = function (
}
definition.type = child.attributes.type || 'command';
definition.selector = child.attributes.selector || null;
definition.primitive = child.attributes.primitive || null;
definition.setPrimitive(child.attributes.primitive || null);
definition.isHelper = (child.attributes.helper === 'true') || false;
definition.spaceAbove = (child.attributes.space === 'true') || false;
definition.isGlobal = (isGlobal === true);
Expand Down Expand Up @@ -1174,7 +1174,7 @@ SnapSerializer.prototype.loadCustomizedPrimitives = function (
}
definition.type = child.attributes.type || 'command';
definition.selector = sel || null;
definition.primitive = child.attributes.primitive || null;
definition.setPrimitive(child.attributes.primitive || null);
definition.isHelper = (child.attributes.helper === 'true') || false;
definition.isGlobal = true;

Expand Down
7 changes: 4 additions & 3 deletions src/threads.js
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ StagePickerMorph, CustomBlockDefinition, CommentMorph*/

/*jshint esversion: 11, bitwise: false, evil: true*/

modules.threads = '2024-August-12';
modules.threads = '2024-September-13';

var ThreadManager;
var Process;
Expand Down Expand Up @@ -8431,8 +8431,9 @@ Process.prototype.doSetBlockAttribute = function (attribute, block, val) {
val = [true, 1, '1'].includes(val);
if (prim && prim.selector === 'doPrimitive' && prim.nextBlock()) {
prim.inputs()[0].setContents(val);
def.primitive = val ? prim.inputs()[1].contents().text || null
: null;
def.setPrimitive(
val ? prim.inputs()[1].contents().text || null : null
);
}
break;
case 'category':
Expand Down

0 comments on commit 257544e

Please sign in to comment.