metarhia · borodichAlex · Jul 27, 2022 · Jul 27, 2022 · Jul 27, 2022 · Jul 27, 2022
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,7 @@
 ## [Unreleased][unreleased]
 
 - Prevent arbitrary js code execution
+- Handle recursive expressions
 
 ## [0.0.1][] - 2022-05-13
 

diff --git a/lib/sheet.js b/lib/sheet.js
@@ -2,6 +2,8 @@
 
 const metavm = require('metavm');
 
+const LIMIT_STEPS = 100;
+
 const wrap = (target) =>
   new Proxy(target, {
     get: (target, prop) => {
@@ -16,10 +18,25 @@ const math = wrap(Math);
 
 const getValue = (target, prop) => {
   if (prop === 'Math') return math;
-  const { expressions, data } = target;
+  const { expressions, data, callChain } = target;
+  const propAmountSteps = Number(callChain.get(prop) ?? 0);
+  if (propAmountSteps > LIMIT_STEPS) {
+    throw new Error('Recursive expression error');
+  }
   if (!expressions.has(prop)) return data.get(prop);
   const expression = expressions.get(prop);
-  return expression();
+  let value = null;
+  try {
+    callChain.set(prop, propAmountSteps + 1);
+    value = expression();
+    if (value) callChain.set(prop, 0);
+  } catch (err) {
+    if (err.message === 'Maximum call stack size exceeded') {
+      throw new Error('Recursive expression error');
+    }
+    throw err;
+  }
+  return value;
 };
 
 const getCell = (target, prop) => {
@@ -31,9 +48,11 @@ const getCell = (target, prop) => {
 const setCell = (target, prop, value) => {
   target.expressions.delete(prop);
   target.data.delete(prop);
+  target.callChain.set(prop, 0);
 
   if (typeof value === 'string' && value[0] === '=') {
     const src = '() => ' + value.substring(1);
+
     const options = { context: target.context };
     const script = metavm.createScript(prop, src, options);
     target.expressions.set(prop, script.exports);
@@ -50,6 +69,7 @@ class Sheet {
     this.values = new Proxy(this, { get: getValue });
     this.context = metavm.createContext(this.values);
     this.cells = new Proxy(this, { get: getCell, set: setCell });
+    this.callChain = new Map();
   }
 }
 

diff --git a/test/unit.js b/test/unit.js
@@ -28,6 +28,47 @@ metatests.test('Expression chain', async (test) => {
   test.end();
 });
 
+metatests.test('Recursive expressions', async (test) => {
+  const sheet = new Sheet();
+  sheet.cells['A1'] = 100;
+  sheet.cells['B1'] = 2;
+  sheet.cells['C1'] = '= A1 *E1';
+  sheet.cells['D1'] = '=C1+8';
+  sheet.cells['E1'] = '=D1/2';
-  sheet.cells['C1'] = '= A1 *E1';
-  sheet.cells['D1'] = '=C1+8';
-  sheet.cells['E1'] = '=D1/2';
+  sheet.cells['C1'] = '= A1 * E1';
+  sheet.cells['D1'] = '= C1 + 8';
+  sheet.cells['E1'] = '= D1 / 2';
-  sheet.cells['C1'] = '= A1 *E1';
-  sheet.cells['D1'] = '=C1+8';
-  sheet.cells['E1'] = '=D1/2';
+  sheet.cells['C1'] = '= A1 * E1';
+  sheet.cells['D1'] = '= C1 + 8';
+  sheet.cells['E1'] = '= D1 / 2';
+
+  try {
+    test.strictSame(sheet.values['D1'], 208);
+  } catch (error) {
+    test.strictSame(error.constructor.name === 'Error', true);
+    test.strictSame(error.message, 'Recursive expression error');
+  }
+
+  try {
+    test.strictSame(sheet.values['E1'], 104);
+  } catch (error) {
+    test.strictSame(error.constructor.name === 'Error', true);
+    test.strictSame(error.message, 'Recursive expression error');
+  }
+  test.end();
+});
+
+metatests.test(
+  'Exit from recursive expression use Math.random',
+  async (test) => {
+    const sheet = new Sheet();
+    sheet.cells['A1'] = 100;
+    sheet.cells['B1'] = 2;
+    sheet.cells['C1'] = '=Math.round(Math.random()) ? A1 * E1 : 5';
+    sheet.cells['D1'] = '=C1+8';
+    sheet.cells['E1'] = '=D1/2';
+
+    const D1 = sheet.values['D1'];
+    test.strictSame(!(D1 & 0) || D1 === 13, true);
+
+    test.end();
+  },
+);
+
 metatests.test('JavaScript Math', async (test) => {
   const sheet = new Sheet();
   sheet.cells['A1'] = 100;