[flags] Introduce --disallow-code-generation-from-strings

jakobkummerow · Commit Bot · commit 0bcb1d6f2de9 · 2017-12-06T19:10:33.000Z
Exposing the existing Context::AllowCodeGenerationFromStrings(false) API to the command line. Bug: v8:7134 Change-Id: I062ccff0b03c5bcf6878c41c455c0ded37a1d743 Reviewed-on: https://chromium-review.googlesource.com/809631 Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#49911}
diff --git a/src/bootstrapper.cc b/src/bootstrapper.cc
@@ -5484,6 +5484,11 @@ Genesis::Genesis(
     if (!InstallDebuggerNatives()) return;
   }
 
+  if (FLAG_disallow_code_generation_from_strings) {
+    native_context()->set_allow_code_gen_from_strings(
+        isolate->heap()->false_value());
+  }
+
   ConfigureUtilsObject(context_type);
 
   // Check that the script context table is empty except for the 'this' binding.
diff --git a/src/flag-definitions.h b/src/flag-definitions.h
@@ -759,6 +759,8 @@ DEFINE_BOOL(builtins_in_stack_traces, false,
             "show built-in functions in stack traces")
 DEFINE_BOOL(enable_experimental_builtins, true,
             "enable new csa-based experimental builtins")
+DEFINE_BOOL(disallow_code_generation_from_strings, false,
+            "disallow eval and friends")
 
 // builtins.cc
 DEFINE_BOOL(allow_unsafe_function_constructor, false,
diff --git a/test/mjsunit/disallow-codegen-from-strings.js b/test/mjsunit/disallow-codegen-from-strings.js
@@ -0,0 +1,9 @@
+// Copyright 2017 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --disallow-code-generation-from-strings
+
+assertThrows("1 + 1", EvalError);
+assertThrows(() => eval("1 + 1"), EvalError);
+assertThrows(() => Function("x", "return x + 1"), EvalError);
