Skip to content

vm: fix property queries for proxy sandboxes#63742

Open
brianathere wants to merge 1 commit into
nodejs:mainfrom
brianathere:fix-vm-proxy-hasown-main
Open

vm: fix property queries for proxy sandboxes#63742
brianathere wants to merge 1 commit into
nodejs:mainfrom
brianathere:fix-vm-proxy-hasown-main

Conversation

@brianathere
Copy link
Copy Markdown

@brianathere brianathere commented Jun 4, 2026

Fixes: #63739
Refs: #63549

This updates the vm contextify named property query path to inspect own property descriptors on the sandbox object instead of using HasRealNamedProperty() for that sandbox lookup. The previous lookup cannot see properties through a JSProxy, which made Proxy-backed vm sandboxes report false for hasOwnProperty, Object.hasOwn, in, and Reflect.has even when the property was readable, listed, and had an own descriptor.

The fallback lookup on the real global proxy remains unchanged for properties that are not own properties of the sandbox.

Added a regression test for a Proxy sandbox with writable, non-enumerable, and readonly own properties, plus prototype fallback sanity checks.

Validation:

  • ./configure --ninja --without-npm --without-inspector --without-sqlite --without-ffi --without-lief
  • ninja -C out/Release -j12 node
  • ./out/Release/node test/parallel/test-vm-proxy-sandbox-property-query.js
  • python3 tools/test.py -J --mode=release parallel/test-vm-proxy-sandbox-property-query parallel/test-vm-property-definer-interception parallel/test-vm-global-property-interceptors
  • make lint-cpp
  • make lint-js LINT_JS_TARGETS=test/parallel/test-vm-proxy-sandbox-property-query.js
  • External minimal repro: patched branch passes
  • External Jest fake-timers repro: patched branch passes both tests

@brianathere
vm: fix property queries for proxy sandboxes
904f876 
Signed-off-by: Brian Meek <55990082+brianathere@users.noreply.github.com>
@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. needs-ci PRs that need a full CI run. vm Issues and PRs related to the vm subsystem. labels Jun 4, 2026
@brianathere brianathere mentioned this pull request Jun 4, 2026
Open
legendecas
legendecas reviewed Jun 4, 2026
View reviewed changes
Comment thread src/node_contextify.cc

Maybe<bool> maybe_has = sandbox->HasRealNamedProperty(context, property);
Maybe<bool> maybe_has =
GetOwnPropertyAttributes(isolate, context, sandbox, property, &attr);
Copy link
Copy Markdown
Member

@legendecas legendecas Jun 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can call sandbox->HasOwnProperty for own existence check, and next when the sandbox has the own property, call sandbox->GetPropertyAttributes for property attributes, this could be a fix with just 2 lines.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@legendecas legendecas legendecas left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

c++ Issues and PRs that require attention from people who are familiar with C++. needs-ci PRs that need a full CI run. vm Issues and PRs related to the vm subsystem.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

vm: in / hasOwnProperty return false for existing globals when the sandbox is a Proxy (regression in v26.3.0, breaks Jest fake timers)

3 participants

@brianathere @legendecas @nodejs-github-bot