[flags] Introduce --disallow-code-generation-from-strings

Exposing the existing Context::AllowCodeGenerationFromStrings(false) API
to the command line.

Bug: v8:7134
Change-Id: I062ccff0b03c5bcf6878c41c455c0ded37a1d743
Reviewed-on: https://chromium-review.googlesource.com/809631Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49911}

src/bootstrapper.cc

@@ -5484,6 +5484,11 @@ Genesis::Genesis(
     if (!InstallDebuggerNatives()) return;
   }
 
+  if (FLAG_disallow_code_generation_from_strings) {
+    native_context()->set_allow_code_gen_from_strings(
+        isolate->heap()->false_value());
+  }
+
   ConfigureUtilsObject(context_type);
 
   // Check that the script context table is empty except for the 'this' binding.

src/flag-definitions.h

@@ -759,6 +759,8 @@ DEFINE_BOOL(builtins_in_stack_traces, false,
             "show built-in functions in stack traces")
 DEFINE_BOOL(enable_experimental_builtins, true,
             "enable new csa-based experimental builtins")
+DEFINE_BOOL(disallow_code_generation_from_strings, false,
+            "disallow eval and friends")
 
 // builtins.cc
 DEFINE_BOOL(allow_unsafe_function_constructor, false,

test/mjsunit/disallow-codegen-from-strings.js

+// Copyright 2017 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --disallow-code-generation-from-strings
+
+assertThrows("1 + 1", EvalError);
+assertThrows(() => eval("1 + 1"), EvalError);
+assertThrows(() => Function("x", "return x + 1"), EvalError);