-
Notifications
You must be signed in to change notification settings - Fork 30.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
lib: add option to disable __proto__
Adds `--disable-proto` CLI option which can be set to `delete` or `throw`. Fixes #31951 PR-URL: #32279 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: David Carlier <devnexen@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Bradley Farias <bradley.meck@gmail.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Vladimir de Turckheim <vlad2t@hotmail.com>
- Loading branch information
Showing
10 changed files
with
174 additions
and
29 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
// Flags: --disable-proto=delete | ||
|
||
'use strict'; | ||
|
||
require('../common'); | ||
const assert = require('assert'); | ||
const vm = require('vm'); | ||
const { Worker, isMainThread } = require('worker_threads'); | ||
|
||
// eslint-disable-next-line no-proto | ||
assert.strictEqual(Object.prototype.__proto__, undefined); | ||
assert(!Object.prototype.hasOwnProperty('__proto__')); | ||
|
||
const ctx = vm.createContext(); | ||
const ctxGlobal = vm.runInContext('this', ctx); | ||
|
||
// eslint-disable-next-line no-proto | ||
assert.strictEqual(ctxGlobal.Object.prototype.__proto__, undefined); | ||
assert(!ctxGlobal.Object.prototype.hasOwnProperty('__proto__')); | ||
|
||
if (isMainThread) { | ||
new Worker(__filename); | ||
} else { | ||
process.exit(); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
// Flags: --disable-proto=throw | ||
|
||
'use strict'; | ||
|
||
require('../common'); | ||
const assert = require('assert'); | ||
const vm = require('vm'); | ||
const { Worker, isMainThread } = require('worker_threads'); | ||
|
||
assert(Object.prototype.hasOwnProperty('__proto__')); | ||
|
||
assert.throws(() => { | ||
// eslint-disable-next-line no-proto | ||
({}).__proto__; | ||
}, { | ||
code: 'ERR_PROTO_ACCESS' | ||
}); | ||
|
||
assert.throws(() => { | ||
// eslint-disable-next-line no-proto | ||
({}).__proto__ = {}; | ||
}, { | ||
code: 'ERR_PROTO_ACCESS', | ||
}); | ||
|
||
const ctx = vm.createContext(); | ||
|
||
assert.throws(() => { | ||
vm.runInContext('({}).__proto__;', ctx); | ||
}, { | ||
code: 'ERR_PROTO_ACCESS' | ||
}); | ||
|
||
assert.throws(() => { | ||
vm.runInContext('({}).__proto__ = {};', ctx); | ||
}, { | ||
code: 'ERR_PROTO_ACCESS', | ||
}); | ||
|
||
if (isMainThread) { | ||
new Worker(__filename); | ||
} else { | ||
process.exit(); | ||
} |