fix(GHSA-wp5r-2gw5-m7q7): close unicode-escape identifier bypass

The transformer fast-path bailed out when the source contained none of
`catch`/`import`/`async`/`with` AND the substring `INTERNAL_STATE_NAME`
was absent. Identifiers in JavaScript can use `\uXXXX` / `\u{...}`
escapes, so source like
`var x = VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL;` slipped
past both checks and re-opened the very leak the GHSA closed
(`wrapWith`/`handleException`/`import` exposure).

Fix: any source containing `\u` falls through to AST instrumentation,
where the walker decodes escapes and inspects the actual identifier
name. Adds 3 regression tests covering single-char, code-point, and
fully-escaped identifier forms; one negative test confirms legitimate
`\u` escapes inside string literals still execute correctly.

Author: patriksimek

lib/transformer.js

@@ -70,8 +70,21 @@ function transformer(args, body, isAsync, isGenerator, filename) {
 		// this). Pre-fix the regex.test below silently coerced undefined to
 		// "undefined" and returned false; the new substring check would
 		// throw. Coerce to a defined string for both checks.
+		//
+		// SECURITY (post-GHSA-wp5r-2gw5-m7q7 hardening): identifiers in
+		// JavaScript CAN contain `\uXXXX` / `\u{...}` unicode escapes —
+		// `VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL` is a
+		// valid identifier reference for the same global. The `indexOf`
+		// substring check above only matches the raw form, so bypassed.
+		// Force fall-through to AST when the source contains any `\u`
+		// escape; the AST walker decodes escapes and inspects the actual
+		// identifier name.
 		const codeStr = typeof code === 'string' ? code : '';
-		if (!/\b(?:catch|import|async|with)\b/.test(codeStr) && codeStr.indexOf(INTERNAL_STATE_NAME) === -1) {
+		if (
+			!/\b(?:catch|import|async|with)\b/.test(codeStr) &&
+			codeStr.indexOf(INTERNAL_STATE_NAME) === -1 &&
+			codeStr.indexOf('\\u') === -1
+		) {
 			return {__proto__: null, code, hasAsync: false};
 		}
 	} else {

test/ghsa/GHSA-wp5r-2gw5-m7q7/repro.js

@@ -65,4 +65,37 @@ describe('GHSA-wp5r-2gw5-m7q7 (transformer fast-path bypass)', function () {
 	it('regression: code with catch/import/async still runs unchanged', function () {
 		assert.strictEqual(new VM().run(`try { throw new Error('x'); } catch(e) { e.message }`), 'x');
 	});
+
+	// SECURITY (post-GHSA-wp5r-2gw5-m7q7 hardening): unicode-escape identifier
+	// bypass surfaced during pre-tag red-team. Identifiers can contain
+	// `\uXXXX` escapes; the original fix's substring `indexOf` only matched
+	// the raw form, so `VM2_INTERNAL_STATE_…` slipped past the fast-path
+	// and re-opened the same exposure the GHSA was meant to close. The
+	// fast-path now bails out for any source containing `\u`.
+	describe('unicode-escape identifier bypass', function () {
+		it('rejects \\u0056M2_INTERNAL_STATE_… (single-char unicode escape)', function () {
+			assert.throws(function () {
+				new VM().run(`var x = \\u0056M2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL; x;`);
+			}, /Use of internal vm2 state variable/);
+		});
+
+		it('rejects \\u{56}M2_INTERNAL_STATE_… (extended unicode code-point escape)', function () {
+			assert.throws(function () {
+				new VM().run(`var x = \\u{56}M2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL; x;`);
+			}, /Use of internal vm2 state variable/);
+		});
+
+		it('rejects fully-escaped identifier', function () {
+			// Every char as \uXXXX: VV -> V, MM -> M, etc. Verify
+			// that even when no raw VM2_… substring appears, AST still rejects.
+			assert.throws(function () {
+				new VM().run(`var x = \\u0056\\u004D2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL; x;`);
+			}, /Use of internal vm2 state variable/);
+		});
+
+		it('regression: legitimate \\u escapes in strings still work', function () {
+			// Source contains \u but the AST walker doesn't reject string literals.
+			assert.strictEqual(new VM().run(`'\\u0041\\u0042'`), 'AB');
+		});
+	});
 });