hacklab/FLUJOS
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

flow like the river

Browse source
This commit is contained in:
root 2025-11-07 00:06:12 +01:00
commit 013fe673f3
42435 changed files with 5764238 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

18
VISUALIZACION/node_modules/static-eval/.travis.yml generated vendored Executable file
View file

@ -0,0 +1,18 @@
language: node_js
os: linux
dist: bionic
before_install:
- "nvm install-latest-npm"
node_js:
- "0.8"
- "0.10"
- "0.12"
- "4"
- "6"
- "8"
- "9"
- "10"
- "11"
- "12"
- "13"
- "14"

15
VISUALIZACION/node_modules/static-eval/CHANGELOG.md generated vendored Executable file
View file

@ -0,0 +1,15 @@
# static-eval Change Log
All notable changes to this project will be documented in this file.
This project adheres to [Semantic Versioning](http://semver.org/).
## 2.1.0
* Add `allowAccessToMethodsOnFunctions` option to restore 1.x behaviour so that [cwise](https://github.com/scijs/cwise) can upgrade. ([@archmoj](https://github.com/archmoj) in [#31](https://github.com/browserify/static-eval/pull/31))
Do not use this option if you are not sure that you need it, as it had previously been removed for security reasons. There is a known exploit to execute arbitrary code. Only use it on trusted inputs, like the developer's JS files in a build system.
## 2.0.5
* Fix function bodies being invoked during declaration. ([@RoboPhred](https://github.com/RoboPhred) in [#30](https://github.com/browserify/static-eval/pull/30))
## 2.0.4
* Short-circuit evaluation in `&&` and `||` expressions. ([@RoboPhred](https://github.com/RoboPhred) in [#28](https://github.com/browserify/static-eval/pull/28))
* Start tracking changes.

20
VISUALIZACION/node_modules/static-eval/LICENSE generated vendored Executable file
View file

@ -0,0 +1,20 @@
MIT License
Copyright (c) 2013 James Halliday
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

7
VISUALIZACION/node_modules/static-eval/example/eval.js generated vendored Executable file
View file

@ -0,0 +1,7 @@
var evaluate = require('static-eval');
var parse = require('esprima').parse;
var src = process.argv.slice(2).join(' ');
var ast = parse(src).body[0].expression;
console.log(evaluate(ast));

11
VISUALIZACION/node_modules/static-eval/example/vars.js generated vendored Executable file
View file

@ -0,0 +1,11 @@
var evaluate = require('../');
var parse = require('esprima').parse;
var src = '[1,2,3+4*10+n,foo(3+5),obj[""+"x"].y]';
var ast = parse(src).body[0].expression;
console.log(evaluate(ast, {
n: 6,
foo: function (x) { return x * 100 },
obj: { x: { y: 555 } }
}));

209
VISUALIZACION/node_modules/static-eval/index.js generated vendored Executable file
View file

@ -0,0 +1,209 @@
var unparse = require('escodegen').generate;
module.exports = function (ast, vars, opts) {
if(!opts) opts = {};
var rejectAccessToMethodsOnFunctions = !opts.allowAccessToMethodsOnFunctions;
if (!vars) vars = {};
var FAIL = {};
var result = (function walk (node, noExecute) {
if (node.type === 'Literal') {
return node.value;
}
else if (node.type === 'UnaryExpression'){
var val = walk(node.argument, noExecute)
if (node.operator === '+') return +val
if (node.operator === '-') return -val
if (node.operator === '~') return ~val
if (node.operator === '!') return !val
return FAIL
}
else if (node.type === 'ArrayExpression') {
var xs = [];
for (var i = 0, l = node.elements.length; i < l; i++) {
var x = walk(node.elements[i], noExecute);
if (x === FAIL) return FAIL;
xs.push(x);
}
return xs;
}
else if (node.type === 'ObjectExpression') {
var obj = {};
for (var i = 0; i < node.properties.length; i++) {
var prop = node.properties[i];
var value = prop.value === null
? prop.value
: walk(prop.value, noExecute)
;
if (value === FAIL) return FAIL;
obj[prop.key.value || prop.key.name] = value;
}
return obj;
}
else if (node.type === 'BinaryExpression' ||
node.type === 'LogicalExpression') {
var op = node.operator;
if (op === '&&') {
var l = walk(node.left);
if (l === FAIL) return FAIL;
if (!l) return l;
var r = walk(node.right);
if (r === FAIL) return FAIL;
return r;
}
else if (op === '||') {
var l = walk(node.left);
if (l === FAIL) return FAIL;
if (l) return l;
var r = walk(node.right);
if (r === FAIL) return FAIL;
return r;
}
var l = walk(node.left, noExecute);
if (l === FAIL) return FAIL;
var r = walk(node.right, noExecute);
if (r === FAIL) return FAIL;
if (op === '==') return l == r;
if (op === '===') return l === r;
if (op === '!=') return l != r;
if (op === '!==') return l !== r;
if (op === '+') return l + r;
if (op === '-') return l - r;
if (op === '*') return l * r;
if (op === '/') return l / r;
if (op === '%') return l % r;
if (op === '<') return l < r;
if (op === '<=') return l <= r;
if (op === '>') return l > r;
if (op === '>=') return l >= r;
if (op === '|') return l | r;
if (op === '&') return l & r;
if (op === '^') return l ^ r;
return FAIL;
}
else if (node.type === 'Identifier') {
if ({}.hasOwnProperty.call(vars, node.name)) {
return vars[node.name];
}
else return FAIL;
}
else if (node.type === 'ThisExpression') {
if ({}.hasOwnProperty.call(vars, 'this')) {
return vars['this'];
}
else return FAIL;
}
else if (node.type === 'CallExpression') {
var callee = walk(node.callee, noExecute);
if (callee === FAIL) return FAIL;
if (typeof callee !== 'function') return FAIL;
var ctx = node.callee.object ? walk(node.callee.object, noExecute) : FAIL;
if (ctx === FAIL) ctx = null;
var args = [];
for (var i = 0, l = node.arguments.length; i < l; i++) {
var x = walk(node.arguments[i], noExecute);
if (x === FAIL) return FAIL;
args.push(x);
}
if (noExecute) {
return undefined;
}
return callee.apply(ctx, args);
}
else if (node.type === 'MemberExpression') {
var obj = walk(node.object, noExecute);
if((obj === FAIL) || (
(typeof obj == 'function') && rejectAccessToMethodsOnFunctions
)){
return FAIL;
}
if (node.property.type === 'Identifier' && !node.computed) {
if (isUnsafeProperty(node.property.name)) return FAIL;
return obj[node.property.name];
}
var prop = walk(node.property, noExecute);
if (prop === null || prop === FAIL) return FAIL;
if (isUnsafeProperty(prop)) return FAIL;
return obj[prop];
}
else if (node.type === 'ConditionalExpression') {
var val = walk(node.test, noExecute)
if (val === FAIL) return FAIL;
return val ? walk(node.consequent) : walk(node.alternate, noExecute)
}
else if (node.type === 'ExpressionStatement') {
var val = walk(node.expression, noExecute)
if (val === FAIL) return FAIL;
return val;
}
else if (node.type === 'ReturnStatement') {
return walk(node.argument, noExecute)
}
else if (node.type === 'FunctionExpression') {
var bodies = node.body.body;
// Create a "scope" for our arguments
var oldVars = {};
Object.keys(vars).forEach(function(element){
oldVars[element] = vars[element];
})
for(var i=0; i<node.params.length; i++){
var key = node.params[i];
if(key.type == 'Identifier'){
vars[key.name] = null;
}
else return FAIL;
}
for(var i in bodies){
if(walk(bodies[i], true) === FAIL){
return FAIL;
}
}
// restore the vars and scope after we walk
vars = oldVars;
var keys = Object.keys(vars);
var vals = keys.map(function(key) {
return vars[key];
});
return Function(keys.join(', '), 'return ' + unparse(node)).apply(null, vals);
}
else if (node.type === 'TemplateLiteral') {
var str = '';
for (var i = 0; i < node.expressions.length; i++) {
str += walk(node.quasis[i], noExecute);
str += walk(node.expressions[i], noExecute);
}
str += walk(node.quasis[i], noExecute);
return str;
}
else if (node.type === 'TaggedTemplateExpression') {
var tag = walk(node.tag, noExecute);
var quasi = node.quasi;
var strings = quasi.quasis.map(walk);
var values = quasi.expressions.map(walk);
return tag.apply(null, [strings].concat(values));
}
else if (node.type === 'TemplateElement') {
return node.value.cooked;
}
else return FAIL;
})(ast);
return result === FAIL ? undefined : result;
};
function isUnsafeProperty(name) {
return name === 'constructor' || name === '__proto__';
}

1
VISUALIZACION/node_modules/static-eval/node_modules/.bin/escodegen generated vendored Symbolic link
View file

@ -0,0 +1 @@
../escodegen/bin/escodegen.js

1
VISUALIZACION/node_modules/static-eval/node_modules/.bin/esgenerate generated vendored Symbolic link
View file

@ -0,0 +1 @@
../escodegen/bin/esgenerate.js

21
VISUALIZACION/node_modules/static-eval/node_modules/escodegen/LICENSE.BSD generated vendored Executable file
View file

@ -0,0 +1,21 @@
Copyright (C) 2012 Yusuke Suzuki (twitter: @Constellation) and other contributors.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

84
VISUALIZACION/node_modules/static-eval/node_modules/escodegen/README.md generated vendored Executable file
View file

@ -0,0 +1,84 @@
## Escodegen
[![npm version](https://badge.fury.io/js/escodegen.svg)](http://badge.fury.io/js/escodegen)
[![Build Status](https://secure.travis-ci.org/estools/escodegen.svg)](http://travis-ci.org/estools/escodegen)
[![Dependency Status](https://david-dm.org/estools/escodegen.svg)](https://david-dm.org/estools/escodegen)
[![devDependency Status](https://david-dm.org/estools/escodegen/dev-status.svg)](https://david-dm.org/estools/escodegen#info=devDependencies)
Escodegen ([escodegen](http://github.com/estools/escodegen)) is an
[ECMAScript](http://www.ecma-international.org/publications/standards/Ecma-262.htm)
(also popularly known as [JavaScript](http://en.wikipedia.org/wiki/JavaScript))
code generator from [Mozilla's Parser API](https://developer.mozilla.org/en/SpiderMonkey/Parser_API)
AST. See the [online generator](https://estools.github.io/escodegen/demo/index.html)
for a demo.
### Install
Escodegen can be used in a web browser:
<script src="escodegen.browser.js"></script>
escodegen.browser.js can be found in tagged revisions on GitHub.
Or in a Node.js application via npm:
npm install escodegen
### Usage
A simple example: the program
escodegen.generate({
type: 'BinaryExpression',
operator: '+',
left: { type: 'Literal', value: 40 },
right: { type: 'Literal', value: 2 }
});
produces the string `'40 + 2'`.
See the [API page](https://github.com/estools/escodegen/wiki/API) for
options. To run the tests, execute `npm test` in the root directory.
### Building browser bundle / minified browser bundle
At first, execute `npm install` to install the all dev dependencies.
After that,
npm run-script build
will generate `escodegen.browser.js`, which can be used in browser environments.
And,
npm run-script build-min
will generate the minified file `escodegen.browser.min.js`.
### License
#### Escodegen
Copyright (C) 2012 [Yusuke Suzuki](http://github.com/Constellation)
(twitter: [@Constellation](http://twitter.com/Constellation)) and other contributors.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

77
VISUALIZACION/node_modules/static-eval/node_modules/escodegen/bin/escodegen.js generated vendored Executable file
View file

@ -0,0 +1,77 @@
#!/usr/bin/env node
/*
Copyright (C) 2012 Yusuke Suzuki <utatane.tea@gmail.com>
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*jslint sloppy:true node:true */
var fs = require('fs'),
path = require('path'),
root = path.join(path.dirname(fs.realpathSync(__filename)), '..'),
esprima = require('esprima'),
escodegen = require(root),
optionator = require('optionator')({
prepend: 'Usage: escodegen [options] file...',
options: [
{
option: 'config',
alias: 'c',
type: 'String',
description: 'configuration json for escodegen'
}
]
}),
args = optionator.parse(process.argv),
files = args._,
options,
esprimaOptions = {
raw: true,
tokens: true,
range: true,
comment: true
};
if (files.length === 0) {
console.log(optionator.generateHelp());
process.exit(1);
}
if (args.config) {
try {
options = JSON.parse(fs.readFileSync(args.config, 'utf-8'));
} catch (err) {
console.error('Error parsing config: ', err);
}
}
files.forEach(function (filename) {
var content = fs.readFileSync(filename, 'utf-8'),
syntax = esprima.parse(content, esprimaOptions);
if (options.comment) {
escodegen.attachComments(syntax, syntax.comments, syntax.tokens);
}
console.log(escodegen.generate(syntax, options));
});
/* vim: set sw=4 ts=4 et tw=80 : */

64
VISUALIZACION/node_modules/static-eval/node_modules/escodegen/bin/esgenerate.js generated vendored Executable file
View file

@ -0,0 +1,64 @@
#!/usr/bin/env node
/*
Copyright (C) 2012 Yusuke Suzuki <utatane.tea@gmail.com>
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*jslint sloppy:true node:true */
var fs = require('fs'),
path = require('path'),
root = path.join(path.dirname(fs.realpathSync(__filename)), '..'),
escodegen = require(root),
optionator = require('optionator')({
prepend: 'Usage: esgenerate [options] file.json ...',
options: [
{
option: 'config',
alias: 'c',
type: 'String',
description: 'configuration json for escodegen'
}
]
}),
args = optionator.parse(process.argv),
files = args._,
options;
if (files.length === 0) {
console.log(optionator.generateHelp());
process.exit(1);
}
if (args.config) {
try {
options = JSON.parse(fs.readFileSync(args.config, 'utf-8'))
} catch (err) {
console.error('Error parsing config: ', err);
}
}
files.forEach(function (filename) {
var content = fs.readFileSync(filename, 'utf-8');
console.log(escodegen.generate(JSON.parse(content), options));
});
/* vim: set sw=4 ts=4 et tw=80 : */

2626
VISUALIZACION/node_modules/static-eval/node_modules/escodegen/escodegen.js generated vendored Executable file
View file

File diff suppressed because it is too large Load diff

61
VISUALIZACION/node_modules/static-eval/node_modules/escodegen/package.json generated vendored Executable file
View file

@ -0,0 +1,61 @@
{
"name": "escodegen",
"description": "ECMAScript code generator",
"homepage": "http://github.com/estools/escodegen",
"main": "escodegen.js",
"bin": {
"esgenerate": "./bin/esgenerate.js",
"escodegen": "./bin/escodegen.js"
},
"files": [
"LICENSE.BSD",
"README.md",
"bin",
"escodegen.js",
"package.json"
],
"version": "1.14.3",
"engines": {
"node": ">=4.0"
},
"maintainers": [
{
"name": "Yusuke Suzuki",
"email": "utatane.tea@gmail.com",
"web": "http://github.com/Constellation"
}
],
"repository": {
"type": "git",
"url": "http://github.com/estools/escodegen.git"
},
"dependencies": {
"estraverse": "^4.2.0",
"esutils": "^2.0.2",
"esprima": "^4.0.1",
"optionator": "^0.8.1"
},
"optionalDependencies": {
"source-map": "~0.6.1"
},
"devDependencies": {
"acorn": "^7.1.0",
"bluebird": "^3.4.7",
"bower-registry-client": "^1.0.0",
"chai": "^3.5.0",
"commonjs-everywhere": "^0.9.7",
"gulp": "^3.8.10",
"gulp-eslint": "^3.0.1",
"gulp-mocha": "^3.0.1",
"semver": "^5.1.0"
},
"license": "BSD-2-Clause",
"scripts": {
"test": "gulp travis",
"unit-test": "gulp test",
"lint": "gulp lint",
"release": "node tools/release.js",
"build-min": "./node_modules/.bin/cjsify -ma path: tools/entry-point.js > escodegen.browser.min.js",
"build": "./node_modules/.bin/cjsify -a path: tools/entry-point.js > escodegen.browser.js"
}
}

48
VISUALIZACION/node_modules/static-eval/package.json generated vendored Executable file
View file

@ -0,0 +1,48 @@
{
"name": "static-eval",
"version": "2.1.0",
"description": "evaluate statically-analyzable expressions",
"main": "index.js",
"dependencies": {
"escodegen": "^1.11.1"
},
"devDependencies": {
"esprima": "^3.1.3",
"tape": "^4.10.1"
},
"scripts": {
"test": "tape test/*.js"
},
"testling": {
"files": "test/*.js",
"browsers": [
"ie/8..latest",
"ff/latest",
"chrome/latest",
"opera/latest",
"safari/latest"
]
},
"repository": {
"type": "git",
"url": "git://github.com/browserify/static-eval.git"
},
"homepage": "https://github.com/browserify/static-eval",
"keywords": [
"static",
"eval",
"expression",
"esprima",
"ast",
"abstract",
"syntax",
"tree",
"analysis"
],
"author": {
"name": "James Halliday",
"email": "mail@substack.net",
"url": "http://substack.net"
},
"license": "MIT"
}

87
VISUALIZACION/node_modules/static-eval/readme.markdown generated vendored Executable file
View file

@ -0,0 +1,87 @@
# static-eval
evaluate statically-analyzable expressions
[![testling badge](https://ci.testling.com/substack/static-eval.png)](https://ci.testling.com/substack/static-eval)
[![build status](https://secure.travis-ci.org/browserify/static-eval.png)](http://travis-ci.org/browserify/static-eval)
# security
static-eval is like `eval`. It is intended for use in build scripts and code transformations, doing some evaluation at build time—it is **NOT** suitable for handling arbitrary untrusted user input. Malicious user input _can_ execute arbitrary code.
# example
``` js
var evaluate = require('static-eval');
var parse = require('esprima').parse;
var src = process.argv[2];
var ast = parse(src).body[0].expression;
console.log(evaluate(ast));
```
If you stick to simple expressions, the result is statically analyzable:
```
$ node '7*8+9'
65
$ node eval.js '[1,2,3+4*5-(5*11)]'
[ 1, 2, -32 ]
```
but if you use statements, undeclared identifiers, or syntax, the result is no
longer statically analyzable and `evaluate()` returns `undefined`:
```
$ node eval.js '1+2+3*n'
undefined
$ node eval.js 'x=5; x*2'
undefined
$ node eval.js '5-4*3'
-7
```
You can also declare variables and functions to use in the static evaluation:
``` js
var evaluate = require('static-eval');
var parse = require('esprima').parse;
var src = '[1,2,3+4*10+n,foo(3+5),obj[""+"x"].y]';
var ast = parse(src).body[0].expression;
console.log(evaluate(ast, {
n: 6,
foo: function (x) { return x * 100 },
obj: { x: { y: 555 } }
}));
```
# methods
``` js
var evaluate = require('static-eval');
```
## evaluate(ast, vars={})
Evaluate the [esprima](https://npmjs.org/package/esprima)-parsed abstract syntax
tree object `ast` with an optional collection of variables `vars` to use in the
static expression resolution.
If the expression contained in `ast` can't be statically resolved, `evaluate()`
returns undefined.
# install
With [npm](https://npmjs.org) do:
```
npm install static-eval
```
# license
MIT

15
VISUALIZACION/node_modules/static-eval/security.md generated vendored Executable file
View file

@ -0,0 +1,15 @@
# Security Policy
## Supported Versions
Only the latest major version is supported at any given time.
## Reporting a Vulnerability
To report a security vulnerability, please use the
[Tidelift security contact](https://tidelift.com/security).
Tidelift will coordinate the fix and disclosure.
Note that this package is intended for use in build-time
transformations. It is only intended to handle trusted code. If a
vulnerability requires a fix that would prevent important use cases, we
may decide not to address it.

177
VISUALIZACION/node_modules/static-eval/test/eval.js generated vendored Executable file
View file

@ -0,0 +1,177 @@
var test = require('tape');
var evaluate = require('../');
var parse = require('esprima').parse;
test('resolved', function (t) {
t.plan(1);
var src = '[1,2,3+4*10+(n||6),foo(3+5),obj[""+"x"].y]';
var ast = parse(src).body[0].expression;
var res = evaluate(ast, {
n: false,
foo: function (x) { return x * 100 },
obj: { x: { y: 555 } }
});
t.deepEqual(res, [ 1, 2, 49, 800, 555 ]);
});
test('unresolved', function (t) {
t.plan(1);
var src = '[1,2,3+4*10*z+n,foo(3+5),obj[""+"x"].y]';
var ast = parse(src).body[0].expression;
var res = evaluate(ast, {
n: 6,
foo: function (x) { return x * 100 },
obj: { x: { y: 555 } }
});
t.equal(res, undefined);
});
test('boolean', function (t) {
t.plan(1);
var src = '[ 1===2+3-16/4, [2]==2, [2]!==2, [2]!==[2] ]';
var ast = parse(src).body[0].expression;
t.deepEqual(evaluate(ast), [ true, true, true, true ]);
});
test('array methods', function(t) {
t.plan(1);
var src = '[1, 2, 3].map(function(n) { return n * 2 })';
var ast = parse(src).body[0].expression;
t.deepEqual(evaluate(ast), [2, 4, 6]);
});
test('array methods invocation count', function(t) {
t.plan(2);
var variables = {
values: [1, 2, 3],
receiver: []
};
var src = 'values.forEach(function(x) { receiver.push(x); })'
var ast = parse(src).body[0].expression;
evaluate(ast, variables);
t.equal(variables.receiver.length, 3);
t.deepEqual(variables.receiver, [1, 2, 3]);
})
test('array methods with vars', function(t) {
t.plan(1);
var src = '[1, 2, 3].map(function(n) { return n * x })';
var ast = parse(src).body[0].expression;
t.deepEqual(evaluate(ast, {x: 2}), [2, 4, 6]);
});
test('evaluate this', function(t) {
t.plan(1);
var src = 'this.x + this.y.z';
var ast = parse(src).body[0].expression;
var res = evaluate(ast, {
'this': { x: 1, y: { z: 100 } }
});
t.equal(res, 101);
});
test('FunctionExpression unresolved', function(t) {
t.plan(1);
var src = '(function(){console.log("Not Good")})';
var ast = parse(src).body[0].expression;
var res = evaluate(ast, {});
t.equal(res, undefined);
});
test('MemberExpressions from Functions unresolved', function(t) {
t.plan(1);
var src = '(function () {}).constructor';
var ast = parse(src).body[0].expression;
var res = evaluate(ast, {});
t.equal(res, undefined);
});
test('disallow accessing constructor or __proto__', function (t) {
t.plan(4)
var someValue = {};
var src = 'object.constructor';
var ast = parse(src).body[0].expression;
var res = evaluate(ast, { vars: { object: someValue } });
t.equal(res, undefined);
var src = 'object["constructor"]';
var ast = parse(src).body[0].expression;
var res = evaluate(ast, { vars: { object: someValue } });
t.equal(res, undefined);
var src = 'object.__proto__';
var ast = parse(src).body[0].expression;
var res = evaluate(ast, { vars: { object: someValue } });
t.equal(res, undefined);
var src = 'object["__pro"+"t\x6f__"]';
var ast = parse(src).body[0].expression;
var res = evaluate(ast, { vars: { object: someValue } });
t.equal(res, undefined);
});
test('constructor at runtime only', function(t) {
t.plan(2)
var src = '(function myTag(y){return ""[!y?"__proto__":"constructor"][y]})("constructor")("console.log(process.env)")()'
var ast = parse(src).body[0].expression;
var res = evaluate(ast);
t.equal(res, undefined);
var src = '(function(prop) { return {}[prop ? "benign" : "constructor"][prop] })("constructor")("alert(1)")()'
var ast = parse(src).body[0].expression;
var res = evaluate(ast);
t.equal(res, undefined);
});
test('short circuit evaluation AND', function(t) {
t.plan(1);
var variables = {
value: null
};
var src = 'value && value.func()';
var ast = parse(src).body[0].expression;
var res = evaluate(ast, variables);
t.equals(res, null);
})
test('short circuit evaluation OR', function(t) {
t.plan(1);
var fnInvoked = false;
var variables = {
value: true,
fn: function() { fnInvoked = true}
};
var src = 'value || fn()';
var ast = parse(src).body[0].expression;
evaluate(ast, variables);
t.equals(fnInvoked, false);
})
test('function declaration does not invoke CallExpressions', function(t) {
t.plan(1);
var invoked = false;
var variables = {
noop: function(){},
onInvoke: function() {invoked = true}
};
var src = 'noop(function(){ onInvoke(); })';
var ast = parse(src).body[0].expression;
evaluate(ast, variables);
t.equal(invoked, false);
});

16
VISUALIZACION/node_modules/static-eval/test/prop.js generated vendored Executable file
View file

@ -0,0 +1,16 @@
var test = require('tape');
var evaluate = require('../');
var parse = require('esprima').parse;
test('function property', function (t) {
t.plan(1);
var src = '[1,2,3+4*10+n,beep.boop(3+5),obj[""+"x"].y]';
var ast = parse(src).body[0].expression;
var res = evaluate(ast, {
n: 6,
beep: { boop: function (x) { return x * 100 } },
obj: { x: { y: 555 } }
});
t.deepEqual(res, [ 1, 2, 49, 800, 555 ]);
});

33
VISUALIZACION/node_modules/static-eval/test/template-strings.js generated vendored Executable file
View file

@ -0,0 +1,33 @@
var test = require('tape');
var evaluate = require('../');
var parse = require('esprima').parse;
test('untagged template strings', function (t) {
t.plan(1);
var src = '`${1},${2 + n},${`4,5`}`';
var ast = parse(src).body[0].expression;
var res = evaluate(ast, {
n: 6
});
t.deepEqual(res, '1,8,4,5');
});
test('tagged template strings', function (t) {
t.plan(3);
var src = 'template`${1},${2 + n},${`4,5`}`';
var ast = parse(src).body[0].expression;
var res = evaluate(ast, {
template: function (strings) {
t.deepEqual(strings, ['', ',', ',', '']);
var values = [].slice.call(arguments, 1);
t.deepEqual(values, [1, 8, '4,5']);
return 'foo';
},
n: 6
});
t.deepEqual(res, 'foo');
})