Made bad imports throw in extensions, created new evil extension that…

… tries to break things
paranext · Mar 20, 2023 · 3710c76 · 3710c76
1 parent bebfded
commit 3710c76
Show file tree

Hide file tree

Showing 6 changed files with 72 additions and 51 deletions.
diff --git a/extensions/evil/evil.js b/extensions/evil/evil.js
@@ -0,0 +1,49 @@
+/* eslint-disable global-require */
+
+'use strict';
+
+// eslint-disable-next-line import/no-unresolved
+const papi = require('papi');
+
+const { logger } = papi;
+
+logger.log('Evil is importing! Mwahahaha');
+
+try {
+  // This will be blocked
+  const fs = require('fs');
+  logger.log(`Successfully imported fs! fs.readFileSync = ${fs.readFileSync}`);
+} catch (e) {
+  logger.log(e.message);
+}
+
+try {
+  // This will be blocked and will suggest the papi.fetch api
+  const https = require('https');
+  logger.log(`Successfully imported https! ${https}`);
+} catch (e) {
+  logger.log(e.message);
+}
+
+try {
+  // This is just for testing and will throw an exception
+  fetch('test');
+} catch (e) {
+  logger.log(`Evil: Error on fetch! ${e}`);
+}
+
+try {
+  // This is just for testing and will throw an exception
+  // eslint-disable-next-line @typescript-eslint/no-unused-vars
+  const xhr = new XMLHttpRequest();
+} catch (e) {
+  logger.log(`Evil: Error on XMLHttpRequest! ${e}`);
+}
+
+try {
+  // This is just for testing and will throw an exception
+  // eslint-disable-next-line @typescript-eslint/no-unused-vars
+  const webSocket = new WebSocket();
+} catch (e) {
+  logger.log(`Evil: Error on WebSocket! ${e}`);
+}
diff --git a/extensions/evil/manifest.json b/extensions/evil/manifest.json
@@ -0,0 +1,10 @@
+{
+  "name": "evil",
+  "version": "0.0.1",
+  "description": "Paranext extension that tries to break things!!1!!",
+  "author": "TJ Couch",
+  "license": "MIT",
+  "main": "evil.js",
+  "activationEvents": [
+  ]
+}
diff --git a/extensions/evil/package.json b/extensions/evil/package.json
@@ -0,0 +1,11 @@
+{
+  "name": "evil",
+  "version": "0.0.1",
+  "description": "Paranext extension that tries to break things!!1!!",
+  "main": "evil.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "TJ Couch",
+  "license": "MIT"
+}
diff --git a/extensions/hello-someone/hello-someone.js b/extensions/hello-someone/hello-someone.js
@@ -7,15 +7,6 @@ const { logger } = papi;
 
 logger.log('Hello Someone is importing!');
 
-// This will be blocked
-const fs = require('fs');
-
-logger.log(
-  fs.message
-    ? fs.message
-    : `Successfully imported fs! fs.readFileSync = ${fs.readFileSync}`,
-);
-
 const unsubscribers = [];
 
 exports.activate = async () => {

diff --git a/extensions/hello-world/hello-world.js b/extensions/hello-world/hello-world.js
@@ -7,43 +7,6 @@ const { logger } = papi;
 
 logger.log('Hello world is importing!');
 
-// This will be blocked
-const fs = require('fs');
-
-logger.log(
-  fs.message
-    ? fs.message
-    : `Successfully imported fs! fs.readFileSync = ${fs.readFileSync}`,
-);
-
-// This will be blocked and will suggest the papi.fetch api
-const https = require('https');
-
-logger.log(https.message ? https.message : `Successfully imported https!`);
-
-try {
-  // This is just for testing and will throw an exception
-  fetch('test');
-} catch (e) {
-  logger.log(`Hello World: Error on fetch! ${e}`);
-}
-
-try {
-  // This is just for testing and will throw an exception
-  // eslint-disable-next-line @typescript-eslint/no-unused-vars
-  const xhr = new XMLHttpRequest();
-} catch (e) {
-  logger.log(`Hello World: Error on XMLHttpRequest! ${e}`);
-}
-
-try {
-  // This is just for testing and will throw an exception
-  // eslint-disable-next-line @typescript-eslint/no-unused-vars
-  const webSocket = new WebSocket();
-} catch (e) {
-  logger.log(`Hello World: Error on WebSocket! ${e}`);
-}
-
 const unsubscribers = [];
 
 /** Gets the code to make the Hello World React component. Provide a name to use to identify this component. Provide a string to modify the 'function HelloWorld()' line */

diff --git a/src/extension-host/services/ExtensionService.ts b/src/extension-host/services/ExtensionService.ts
@@ -142,22 +142,19 @@ const activateExtensions = async (
     }
 
     // Disallow any imports within the extension
-    // TODO: make this throw so the extension knows what's going on
     // Tell the extension dev if there is an api similar to what they want to import
     const similarApi =
       MODULE_SIMILAR_APIS[fileName] || MODULE_SIMILAR_APIS[`node:${fileName}`];
     const message = `Requiring other than papi is not allowed in extensions! Rejected require('${fileName}').${
       similarApi ? ` Try using papi.${similarApi}` : ''
     }`;
-    return {
-      message,
-    };
+    throw new Error(message);
   }) as typeof Module.prototype.require;
 
   // Shim out internet access options in environments where they are defined so extensions can't use them
   const fetchOriginal: typeof fetch | undefined = globalThis.fetch;
   // eslint-disable-next-line no-global-assign
-  globalThis.fetch = () => {
+  globalThis.fetch = function fetchForbidden() {
     throw Error('Cannot use fetch! Try using papi.fetch');
   };