diff --git a/README.md b/README.md index f0da5ca..9688065 100644 --- a/README.md +++ b/README.md @@ -104,6 +104,15 @@ class V8Js public function setModuleNormaliser(callable $normaliser) {} + /** + * Provate a function or method to be used to convert/proxy PHP exceptions to JS. + * This can be any valid PHP callable. + * The converter function will receive the PHP Exception instance that has not been caught and + * is due to be forwarded to JS. Pass NULL as $filter to uninstall an existing filter. + */ + public function setExceptionFilter(callable $filter) + {} + /** * Compiles and executes script in object's context with optional identifier string. * A time limit (milliseconds) and/or memory limit (bytes) can be provided to restrict execution. These options will throw a V8JsTimeLimitException or V8JsMemoryLimitException. @@ -401,3 +410,10 @@ objects obeying the above rules and re-thrown in JavaScript context. If they are not caught by JavaScript code the execution stops and a `V8JsScriptException` is thrown, which has the original PHP exception accessible via `getPrevious` method. + +Consider that the JS code has access to methods like `getTrace` on the exception +object. This might be unwanted behaviour, if you execute untrusted code. +Using `setExceptionFilter` method a callable can be provided, that may convert +the PHP exception to some other value that is safe to expose. The filter may +also decide not to propagate the exception to JS at all by either re-throwing +the passed exception or throwing another exception. diff --git a/tests/exception_filter_001.phpt b/tests/exception_filter_001.phpt new file mode 100644 index 0000000..115642e --- /dev/null +++ b/tests/exception_filter_001.phpt @@ -0,0 +1,35 @@ +--TEST-- +Test V8::setExceptionFilter() : String conversion +--SKIPIF-- + +--FILE-- +setExceptionFilter(function (Throwable $ex) { + echo "exception filter called.\n"; + return $ex->getMessage(); +}); + +$v8->executeString(' + try { + PHP.throwException("Oops"); + } + catch (e) { + var_dump(typeof e); // string + var_dump(e); + } +', null, V8Js::FLAG_PROPAGATE_PHP_EXCEPTIONS); +?> +===EOF=== +--EXPECT-- +exception filter called. +string(6) "string" +string(4) "Oops" +===EOF=== diff --git a/tests/exception_filter_002.phpt b/tests/exception_filter_002.phpt new file mode 100644 index 0000000..add31ee --- /dev/null +++ b/tests/exception_filter_002.phpt @@ -0,0 +1,32 @@ +--TEST-- +Test V8::setExceptionFilter() : Filter handling on exception in setModuleLoader +--SKIPIF-- + +--FILE-- +setModuleLoader(function ($path) { + throw new Error('moep'); +}); + +$v8->setExceptionFilter(function (Throwable $ex) { + echo "exception filter called.\n"; + return $ex->getMessage(); +}); + +$v8->executeString(' + try { + require("file"); + } catch(e) { + var_dump(e); + } +', null, V8Js::FLAG_PROPAGATE_PHP_EXCEPTIONS); + +?> +===EOF=== +--EXPECT-- +exception filter called. +string(4) "moep" +===EOF=== + diff --git a/tests/exception_filter_003.phpt b/tests/exception_filter_003.phpt new file mode 100644 index 0000000..1caaab4 --- /dev/null +++ b/tests/exception_filter_003.phpt @@ -0,0 +1,34 @@ +--TEST-- +Test V8::setExceptionFilter() : Filter handling on exception in setModuleNormaliser +--SKIPIF-- + +--FILE-- +setModuleNormaliser(function ($path) { + throw new Error('blarg'); +}); +$v8->setModuleLoader(function ($path) { + throw new Error('moep'); +}); + +$v8->setExceptionFilter(function (Throwable $ex) { + echo "exception filter called.\n"; + return $ex->getMessage(); +}); + +$v8->executeString(' + try { + require("file"); + } catch(e) { + var_dump(e); + } +', null, V8Js::FLAG_PROPAGATE_PHP_EXCEPTIONS); + +?> +===EOF=== +--EXPECT-- +exception filter called. +string(5) "blarg" +===EOF=== diff --git a/tests/exception_filter_004.phpt b/tests/exception_filter_004.phpt new file mode 100644 index 0000000..b35e3fc --- /dev/null +++ b/tests/exception_filter_004.phpt @@ -0,0 +1,37 @@ +--TEST-- +Test V8::setExceptionFilter() : Filter handling on exception in converter +--SKIPIF-- + +--FILE-- +setExceptionFilter(function (Throwable $ex) { + throw new Exception('moep'); +}); + +try { + $v8->executeString(' + try { + PHP.throwException("Oops"); + print("done\\n"); + } + catch (e) { + print("caught\\n"); + var_dump(e); + } + ', null, V8Js::FLAG_PROPAGATE_PHP_EXCEPTIONS); +} catch (Exception $ex) { + echo "caught in php: " . $ex->getMessage() . PHP_EOL; +} +?> +===EOF=== +--EXPECT-- +caught in php: moep +===EOF=== diff --git a/tests/exception_filter_005.phpt b/tests/exception_filter_005.phpt new file mode 100644 index 0000000..7813691 --- /dev/null +++ b/tests/exception_filter_005.phpt @@ -0,0 +1,53 @@ +--TEST-- +Test V8::setExceptionFilter() : Uninstall filter on NULL +--SKIPIF-- + +--FILE-- +setExceptionFilter(function (Throwable $ex) { + echo "exception filter called.\n"; + return "moep"; +}); + +$v8->executeString(' + try { + PHP.throwException("Oops"); + } + catch (e) { + var_dump(e); + } +', null, V8Js::FLAG_PROPAGATE_PHP_EXCEPTIONS); + +$v8->setExceptionFilter(null); + +try { + $v8->executeString(' + try { + PHP.throwException("Oops"); + print("done\\n"); + } + catch (e) { + print("caught\\n"); + var_dump(e.getMessage()); + } + ', null, V8Js::FLAG_PROPAGATE_PHP_EXCEPTIONS); +} catch (Exception $ex) { + echo "caught in php: " . $ex->getMessage() . PHP_EOL; +} + +?> +===EOF=== +--EXPECT-- +exception filter called. +string(4) "moep" +caught +string(4) "Oops" +===EOF=== diff --git a/tests/exception_filter_006.phpt b/tests/exception_filter_006.phpt new file mode 100644 index 0000000..bf62fce --- /dev/null +++ b/tests/exception_filter_006.phpt @@ -0,0 +1,38 @@ +--TEST-- +Test V8::setExceptionFilter() : re-throw exception in exception filter +--SKIPIF-- + +--FILE-- +setExceptionFilter(function (Throwable $ex) { + // re-throw exception so it is not forwarded + throw $ex; +}); + +try { + $v8->executeString(' + try { + PHP.throwException("Oops"); + print("done\\n"); + } + catch (e) { + print("caught\\n"); + var_dump(e); + } + ', null, V8Js::FLAG_PROPAGATE_PHP_EXCEPTIONS); +} catch (Exception $ex) { + echo "caught in php: " . $ex->getMessage() . PHP_EOL; +} +?> +===EOF=== +--EXPECT-- +caught in php: Oops +===EOF=== diff --git a/tests/exception_filter_basic.phpt b/tests/exception_filter_basic.phpt new file mode 100644 index 0000000..fca5305 --- /dev/null +++ b/tests/exception_filter_basic.phpt @@ -0,0 +1,55 @@ +--TEST-- +Test V8::setExceptionFilter() : Simple test +--SKIPIF-- + +--FILE-- +getMessage()); + + $this->ex = $ex; + } + + public function getMessage() { + echo "getMessage called\n"; + return $this->ex->getMessage(); + } +} + +$v8 = new myv8(); +$v8->setExceptionFilter(function (Throwable $ex) { + echo "exception filter called.\n"; + return new ExceptionFilter($ex); +}); + +$v8->executeString(' + try { + PHP.throwException("Oops"); + } + catch (e) { + var_dump(e.getMessage()); // calls ExceptionFilter::getMessage + var_dump(typeof e.getTrace); + } +', null, V8Js::FLAG_PROPAGATE_PHP_EXCEPTIONS); +?> +===EOF=== +--EXPECT-- +exception filter called. +ExceptionFilter::__construct called! +string(4) "Oops" +getMessage called +string(4) "Oops" +string(9) "undefined" +===EOF=== + diff --git a/v8js_class.cc b/v8js_class.cc index b8af58b..d4bac3e 100644 --- a/v8js_class.cc +++ b/v8js_class.cc @@ -92,6 +92,7 @@ static void v8js_free_storage(zend_object *object) /* {{{ */ zval_ptr_dtor(&c->pending_exception); zval_ptr_dtor(&c->module_normaliser); zval_ptr_dtor(&c->module_loader); + zval_ptr_dtor(&c->exception_filter); /* Delete PHP global object from JavaScript */ if (!c->context.IsEmpty()) { @@ -400,6 +401,7 @@ static PHP_METHOD(V8Js, __construct) ZVAL_NULL(&c->module_normaliser); ZVAL_NULL(&c->module_loader); + ZVAL_NULL(&c->exception_filter); /* Include extensions used by this context */ /* Note: Extensions registered with auto_enable do not need to be added separately like this. */ @@ -880,6 +882,21 @@ static PHP_METHOD(V8Js, setModuleLoader) } /* }}} */ +/* {{{ proto void V8Js::setExceptionFilter(callable factory) + */ +static PHP_METHOD(V8Js, setExceptionFilter) +{ + zval *callable; + + if (zend_parse_parameters(ZEND_NUM_ARGS(), "z", &callable) == FAILURE) { + return; + } + + v8js_ctx *c = Z_V8JS_CTX_OBJ_P(getThis()); + ZVAL_COPY(&c->exception_filter, callable); +} +/* }}} */ + /* {{{ proto void V8Js::setTimeLimit(int time_limit) */ static PHP_METHOD(V8Js, setTimeLimit) @@ -1254,6 +1271,10 @@ ZEND_BEGIN_ARG_INFO_EX(arginfo_v8js_setmoduleloader, 0, 0, 1) ZEND_ARG_INFO(0, callable) ZEND_END_ARG_INFO() +ZEND_BEGIN_ARG_INFO_EX(arginfo_v8js_setexceptionfilter, 0, 0, 1) + ZEND_ARG_INFO(0, callable) +ZEND_END_ARG_INFO() + ZEND_BEGIN_ARG_INFO_EX(arginfo_v8js_setaverageobjectsize, 0, 0, 1) ZEND_ARG_INFO(0, average_object_size) ZEND_END_ARG_INFO() @@ -1293,6 +1314,7 @@ const zend_function_entry v8js_methods[] = { /* {{{ */ PHP_ME(V8Js, clearPendingException, arginfo_v8js_clearpendingexception, ZEND_ACC_PUBLIC|ZEND_ACC_DEPRECATED) PHP_ME(V8Js, setModuleNormaliser, arginfo_v8js_setmodulenormaliser, ZEND_ACC_PUBLIC) PHP_ME(V8Js, setModuleLoader, arginfo_v8js_setmoduleloader, ZEND_ACC_PUBLIC) + PHP_ME(V8Js, setExceptionFilter, arginfo_v8js_setexceptionfilter, ZEND_ACC_PUBLIC) PHP_ME(V8Js, setTimeLimit, arginfo_v8js_settimelimit, ZEND_ACC_PUBLIC) PHP_ME(V8Js, setMemoryLimit, arginfo_v8js_setmemorylimit, ZEND_ACC_PUBLIC) PHP_ME(V8Js, setAverageObjectSize, arginfo_v8js_setaverageobjectsize, ZEND_ACC_PUBLIC) diff --git a/v8js_class.h b/v8js_class.h index 8bcdb6b..38a3ce5 100644 --- a/v8js_class.h +++ b/v8js_class.h @@ -55,6 +55,7 @@ struct v8js_ctx { zval module_normaliser; zval module_loader; + zval exception_filter; std::vector modules_stack; std::map modules_loaded; diff --git a/v8js_methods.cc b/v8js_methods.cc index 7ddfcf8..a20efb8 100644 --- a/v8js_methods.cc +++ b/v8js_methods.cc @@ -19,6 +19,7 @@ #include "php_v8js_macros.h" #include "v8js_commonjs.h" #include "v8js_exceptions.h" +#include "v8js_object_export.h" extern "C" { #include "zend_exceptions.h" @@ -337,14 +338,7 @@ V8JS_METHOD(require) // Check if an exception was thrown if (EG(exception)) { - if (c->flags & V8JS_FLAG_PROPAGATE_PHP_EXCEPTIONS) { - zval tmp_zv; - ZVAL_OBJ(&tmp_zv, EG(exception)); - info.GetReturnValue().Set(isolate->ThrowException(zval_to_v8js(&tmp_zv, isolate))); - zend_clear_exception(); - } else { - v8js_terminate_execution(isolate); - } + info.GetReturnValue().Set(v8js_propagate_exception(c)); return; } @@ -466,15 +460,7 @@ V8JS_METHOD(require) efree(normalised_module_id); efree(normalised_path); - if (c->flags & V8JS_FLAG_PROPAGATE_PHP_EXCEPTIONS) { - zval tmp_zv; - ZVAL_OBJ(&tmp_zv, EG(exception)); - info.GetReturnValue().Set(isolate->ThrowException(zval_to_v8js(&tmp_zv, isolate))); - zend_clear_exception(); - } else { - v8js_terminate_execution(isolate); - } - + info.GetReturnValue().Set(v8js_propagate_exception(c)); return; } @@ -485,7 +471,7 @@ V8JS_METHOD(require) efree(normalised_path); return; - } + } if(Z_TYPE(module_code) == IS_OBJECT) { v8::Local newobj = zval_to_v8js(&module_code, isolate)->ToObject(isolate->GetEnteredOrMicrotaskContext()).ToLocalChecked(); diff --git a/v8js_object_export.cc b/v8js_object_export.cc index b36a347..a657ff1 100644 --- a/v8js_object_export.cc +++ b/v8js_object_export.cc @@ -34,6 +34,41 @@ extern "C" { static void v8js_weak_object_callback(const v8::WeakCallbackInfo &data); +v8::Local v8js_propagate_exception(v8js_ctx *ctx) /* {{{ */ +{ + v8::Local return_value = v8::Null(ctx->isolate); + + if (!(ctx->flags & V8JS_FLAG_PROPAGATE_PHP_EXCEPTIONS)) { + v8js_terminate_execution(ctx->isolate); + return return_value; + } + + zval tmp_zv; + + if (Z_TYPE(ctx->exception_filter) != IS_NULL) { + zval params[1]; + ZVAL_OBJ(¶ms[0], EG(exception)); + Z_ADDREF_P(¶ms[0]); + zend_clear_exception(); + call_user_function(EG(function_table), NULL, &ctx->exception_filter, &tmp_zv, 1, params); + zval_ptr_dtor(¶ms[0]); + + if(EG(exception)) { + // exception proxy threw exception itself, don't forward, just stop execution. + v8js_terminate_execution(ctx->isolate); + } else { + return_value = ctx->isolate->ThrowException(zval_to_v8js(&tmp_zv, ctx->isolate)); + } + } else { + ZVAL_OBJ(&tmp_zv, EG(exception)); + return_value = ctx->isolate->ThrowException(zval_to_v8js(&tmp_zv, ctx->isolate)); + zend_clear_exception(); + } + + return return_value; +} +/* }}} */ + /* Callback for PHP methods and functions */ static void v8js_call_php_func(zend_object *object, zend_function *method_ptr, const v8::FunctionCallbackInfo& info) /* {{{ */ { @@ -175,14 +210,7 @@ failure: } if(EG(exception)) { - if(ctx->flags & V8JS_FLAG_PROPAGATE_PHP_EXCEPTIONS) { - zval tmp_zv; - ZVAL_OBJ(&tmp_zv, EG(exception)); - return_value = isolate->ThrowException(zval_to_v8js(&tmp_zv, isolate)); - zend_clear_exception(); - } else { - v8js_terminate_execution(isolate); - } + return_value = v8js_propagate_exception(ctx); } else if (Z_TYPE(retval) == IS_OBJECT && Z_OBJ(retval) == object) { // special case: "return $this" return_value = info.Holder(); diff --git a/v8js_object_export.h b/v8js_object_export.h index 3bbc840..d562541 100644 --- a/v8js_object_export.h +++ b/v8js_object_export.h @@ -15,6 +15,7 @@ #define V8JS_OBJECT_EXPORT_H v8::Local v8js_hash_to_jsobj(zval *value, v8::Isolate *isolate); +v8::Local v8js_propagate_exception(v8js_ctx *ctx); typedef enum {