Skip to content

Commit bce4b59

Browse files
bennothommobennothommo
committed
Harden Snowboard (#687)
Backport from 1.2 branch. - The Snowboard and PluginLoader objects are now frozen and cannot be modified. - Added a Proxy in front of Snowboard to handle plugin loading - Plugin "Snowboard" instances are blocked from running certain methods - Update tests to check hardening
1 parent 107e1d0 commit bce4b59

20 files changed

+395
-52
lines changed

modules/system/.eslintrc.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,5 +32,9 @@
3232
"math": "always"
3333
}],
3434
"vue/multi-word-component-names": ["off"]
35-
}
35+
},
36+
"ignorePatterns": [
37+
"tests/js",
38+
"**/build/*.js"
39+
]
3640
}

modules/system/assets/js/build/manifest.js

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

modules/system/assets/js/build/system.js

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

modules/system/assets/js/snowboard/build/snowboard.base.debug.js

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

modules/system/assets/js/snowboard/build/snowboard.base.js

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

modules/system/assets/js/snowboard/build/snowboard.data-attr.js

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

modules/system/assets/js/snowboard/build/snowboard.extras.js

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

modules/system/assets/js/snowboard/build/snowboard.request.js

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

modules/system/assets/js/snowboard/build/snowboard.vendor.js

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

modules/system/assets/js/snowboard/main/InnerProxyHandler.js

Lines changed: 43 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,43 @@
1+
/**
2+
* Internal proxy for Snowboard.
3+
*
4+
* This handler wraps the Snowboard instance that is passed to the constructor of plugin instances.
5+
* It prevents access to the following methods:
6+
* - `attachAbstracts`: No need to attach abstracts again.
7+
* - `loadUtilties`: No need to load utilities again.
8+
* - `initialise`: Snowboard is already initialised.
9+
* - `initialiseSingletons`: Singletons are already initialised.
10+
*/
11+
export default {
12+
get(target, prop, receiver) {
13+
if (typeof prop === 'string') {
14+
const propLower = prop.toLowerCase();
15+
16+
if (['attachAbstracts', 'loadUtilities', 'initialise', 'initialiseSingletons'].includes(prop)) {
17+
throw new Error(`You cannot use the "${prop}" Snowboard method within a plugin.`);
18+
}
19+
20+
if (target.hasPlugin(propLower)) {
21+
return (...params) => Reflect.get(target, 'plugins')[propLower].getInstance(...params);
22+
}
23+
}
24+
25+
return Reflect.get(target, prop, receiver);
26+
},
27+
28+
has(target, prop) {
29+
if (typeof prop === 'string') {
30+
const propLower = prop.toLowerCase();
31+
32+
if (['attachAbstracts', 'loadUtilities', 'initialise', 'initialiseSingletons'].includes(prop)) {
33+
return false;
34+
}
35+
36+
if (target.hasPlugin(propLower)) {
37+
return true;
38+
}
39+
}
40+
41+
return Reflect.has(target, prop);
42+
},
43+
};

0 commit comments

Comments
 (0)