fix(core)!: Allow syntax errors and expression errors to fail executions (#6352)

* fix: Unify expression error behavior for v1 * fix: Add `package.json` to `tsconfig.build.json` * fix: Make `isFrontend` a constant * fix: Use CommonJS require to read version * fix: Use `JSON.parse()` and `fs.readFileSync()` * feat(editor): Make WF name a link on /executions (#6354) * make wf name a link in exec view * link color * make wf name a link in exec view * link color --------- Co-authored-by: Alex Grozav <alex@grozav.com> * fix: Try restoring inclusions in tsconfig files * fix: Try with copy * refactor: Switch base branch and remove global toggle * chore: Remove unrelated changes * chore: Restore lockfile * fix: Ensure all expression errors fail executions * uncaught ExpressionErrors should not fail e2e tests --------- Co-authored-by: romainminaud <romain.minaud@gmail.com> Co-authored-by: Alex Grozav <alex@grozav.com> Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in>
2025-12-17 10:02:05 +00:00 · 2023-06-08 11:06:09 +02:00
parent 8c008f5d22
commit 1197811a1e
8 changed files with 45 additions and 62 deletions
--- a/packages/workflow/test/Expression.test.ts
+++ b/packages/workflow/test/Expression.test.ts
@@ -10,6 +10,7 @@ import type { ExpressionTestEvaluation, ExpressionTestTransform } from './Expres
 import { baseFixtures } from './ExpressionFixtures/base';
 import type { INodeExecutionData } from '@/Interfaces';
 import { extendSyntax } from '@/Extensions/ExpressionExtension';
+import { ExpressionError } from '@/ExpressionError';

 describe('Expression', () => {
 	describe('getParameterValue()', () => {
@@ -154,7 +155,9 @@ describe('Expression', () => {
 		it('should not able to do arbitrary code execution', () => {
 			const testFn = jest.fn();
 			Object.assign(global, { testFn });
-			evaluate("={{ Date['constructor']('testFn()')()}}");
+			expect(() => evaluate("={{ Date['constructor']('testFn()')()}}")).toThrowError(
+				new ExpressionError('Arbitrary code execution detected'),
+			);
 			expect(testFn).not.toHaveBeenCalled();
 		});
 	});
@@ -180,7 +183,18 @@ describe('Expression', () => {
 		const expression = new Expression(workflow);

 		const evaluate = (value: string, data: INodeExecutionData[]) => {
-			return expression.getParameterValue(value, null, 0, 0, 'node', data, 'manual', '', {});
+			const itemIndex = data.length === 0 ? -1 : 0;
+			return expression.getParameterValue(
+				value,
+				null,
+				0,
+				itemIndex,
+				'node',
+				data,
+				'manual',
+				'',
+				{},
+			);
 		};

 		for (const t of baseFixtures) {