From f93bcf8f47414782b992aa2b6c0eb084fcff8ccc Mon Sep 17 00:00:00 2001 From: Akhil Marsonya Date: Wed, 7 Apr 2021 02:54:46 +0530 Subject: [PATCH] events: refactor to use primordials in lib/events Replace code that's vulnerable to Prototype Pollution with Primordials. --- lib/events.js | 45 +++++++++++++++++++++++++++------------------ 1 file changed, 27 insertions(+), 18 deletions(-) diff --git a/lib/events.js b/lib/events.js index 15c69c30271aa6..cb44a68c3c9b4c 100644 --- a/lib/events.js +++ b/lib/events.js @@ -23,11 +23,17 @@ const { ArrayPrototypeForEach, + ArrayPrototypeIndexOf, + ArrayPrototypeJoin, ArrayPrototypePush, + ArrayPrototypeShift, ArrayPrototypeSlice, + ArrayPrototypeSplice, + ArrayPrototypeUnshift, Boolean, Error, ErrorCaptureStackTrace, + FunctionPrototypeBind, FunctionPrototypeCall, MathMin, NumberIsNaN, @@ -42,9 +48,10 @@ const { ReflectApply, ReflectOwnKeys, String, + StringPrototypeSplit, Symbol, SymbolFor, - SymbolAsyncIterator + SymbolAsyncIterator, } = primordials; const kRejection = SymbolFor('nodejs.rejection'); @@ -274,7 +281,7 @@ EventEmitter.prototype.getMaxListeners = function getMaxListeners() { function identicalSequenceRange(a, b) { for (let i = 0; i < a.length - 3; i++) { // Find the first entry of b that matches the current entry of a. - const pos = b.indexOf(a[i]); + const pos = ArrayPrototypeIndexOf(b, a[i]); if (pos !== -1) { const rest = b.length - pos; if (rest > 3) { @@ -303,16 +310,18 @@ function enhanceStackTrace(err, own) { } catch {} const sep = `\nEmitted 'error' event${ctorInfo} at:\n`; - const errStack = err.stack.split('\n').slice(1); - const ownStack = own.stack.split('\n').slice(1); + const errStack = ArrayPrototypeSlice( + StringPrototypeSplit(err.stack, '\n'), 1); + const ownStack = ArrayPrototypeSlice( + StringPrototypeSplit(own.stack, '\n'), 1); const { 0: len, 1: off } = identicalSequenceRange(ownStack, errStack); if (len > 0) { - ownStack.splice(off + 1, len - 2, - ' [... lines matching original stack trace ...]'); + ArrayPrototypeSplice(ownStack, off + 1, len - 2, + ' [... lines matching original stack trace ...]'); } - return err.stack + sep + ownStack.join('\n'); + return err.stack + sep + ArrayPrototypeJoin(ownStack, '\n'); } EventEmitter.prototype.emit = function emit(type, ...args) { @@ -336,7 +345,7 @@ EventEmitter.prototype.emit = function emit(type, ...args) { const capture = {}; ErrorCaptureStackTrace(capture, EventEmitter.prototype.emit); ObjectDefineProperty(er, kEnhanceStackBeforeInspector, { - value: enhanceStackTrace.bind(this, er, capture), + value: FunctionPrototypeBind(enhanceStackTrace, this, er, capture), configurable: true }); } catch {} @@ -430,9 +439,9 @@ function _addListener(target, type, listener, prepend) { prepend ? [listener, existing] : [existing, listener]; // If we've already got an array, just append. } else if (prepend) { - existing.unshift(listener); + ArrayPrototypeUnshift(existing, listener); } else { - existing.push(listener); + ArrayPrototypePush(existing, listener); } // Check for listener leak @@ -472,14 +481,14 @@ function onceWrapper() { this.target.removeListener(this.type, this.wrapFn); this.fired = true; if (arguments.length === 0) - return this.listener.call(this.target); - return this.listener.apply(this.target, arguments); + return FunctionPrototypeCall(this.listener, this.target); + return ReflectApply(this.listener, this.target, arguments); } } function _onceWrap(target, type, listener) { const state = { fired: false, wrapFn: undefined, target, type, listener }; - const wrapped = onceWrapper.bind(state); + const wrapped = FunctionPrototypeBind(onceWrapper, state); wrapped.listener = listener; state.wrapFn = wrapped; return wrapped; @@ -535,7 +544,7 @@ EventEmitter.prototype.removeListener = return this; if (position === 0) - list.shift(); + ArrayPrototypeShift(list); else { if (spliceOne === undefined) spliceOne = require('internal/util').spliceOne; @@ -629,7 +638,7 @@ EventEmitter.listenerCount = function(emitter, type) { if (typeof emitter.listenerCount === 'function') { return emitter.listenerCount(type); } - return listenerCount.call(emitter, type); + return FunctionPrototypeCall(listenerCount, emitter, type); }; EventEmitter.prototype.listenerCount = listenerCount; @@ -785,7 +794,7 @@ function on(emitter, event, options) { const iterator = ObjectSetPrototypeOf({ next() { // First, we consume all unread events - const value = unconsumedEvents.shift(); + const value = ArrayPrototypeShift(unconsumedEvents); if (value) { return PromiseResolve(createIterResult(value, false)); } @@ -867,7 +876,7 @@ function on(emitter, event, options) { } function eventHandler(...args) { - const promise = unconsumedPromises.shift(); + const promise = ArrayPrototypeShift(unconsumedPromises); if (promise) { promise.resolve(createIterResult(args, false)); } else { @@ -878,7 +887,7 @@ function on(emitter, event, options) { function errorHandler(err) { finished = true; - const toError = unconsumedPromises.shift(); + const toError = ArrayPrototypeShift(unconsumedPromises); if (toError) { toError.reject(err);