diff options
| author | Akhil Marsonya <akhil.marsonya27@gmail.com> | 2021-04-16 20:17:20 +0300 |
|---|---|---|
| committer | James M Snell <jasnell@gmail.com> | 2021-05-21 22:55:43 +0300 |
| commit | 13ec3176acf370ac87eb2acf13103ab6ca55cda0 (patch) | |
| tree | 7002ffc41400cd4b334ae128c91dd8e162323be3 /lib | |
| parent | c9269a44590a42ca52847ffb878bb37a30293f68 (diff) | |
events: refactor to use primordials in lib/events
Replace code that's vulnerable to Prototype Pollution with Primordials.
PR-URL: https://github.com/nodejs/node/pull/38117
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/events.js | 31 |
1 files changed, 20 insertions, 11 deletions
diff --git a/lib/events.js b/lib/events.js index 72fc867da44..4a21632b1cf 100644 --- a/lib/events.js +++ b/lib/events.js @@ -22,10 +22,16 @@ 'use strict'; const { + ArrayPrototypeIndexOf, + ArrayPrototypeJoin, + ArrayPrototypeShift, ArrayPrototypeSlice, + ArrayPrototypeSplice, Boolean, Error, ErrorCaptureStackTrace, + FunctionPrototypeBind, + FunctionPrototypeCall, MathMin, NumberIsNaN, ObjectCreate, @@ -38,9 +44,10 @@ const { PromiseResolve, ReflectOwnKeys, String, + StringPrototypeSplit, Symbol, SymbolFor, - SymbolAsyncIterator + SymbolAsyncIterator, } = primordials; const kRejection = SymbolFor('nodejs.rejection'); @@ -265,7 +272,7 @@ EventEmitter.prototype.getMaxListeners = function getMaxListeners() { function identicalSequenceRange(a, b) { for (let i = 0; i < a.length - 3; i++) { // Find the first entry of b that matches the current entry of a. - const pos = b.indexOf(a[i]); + const pos = ArrayPrototypeIndexOf(b, a[i]); if (pos !== -1) { const rest = b.length - pos; if (rest > 3) { @@ -294,16 +301,18 @@ function enhanceStackTrace(err, own) { } catch {} const sep = `\nEmitted 'error' event${ctorInfo} at:\n`; - const errStack = err.stack.split('\n').slice(1); - const ownStack = own.stack.split('\n').slice(1); + const errStack = ArrayPrototypeSlice( + StringPrototypeSplit(err.stack, '\n'), 1); + const ownStack = ArrayPrototypeSlice( + StringPrototypeSplit(own.stack, '\n'), 1); const { 0: len, 1: off } = identicalSequenceRange(ownStack, errStack); if (len > 0) { - ownStack.splice(off + 1, len - 2, - ' [... lines matching original stack trace ...]'); + ArrayPrototypeSplice(ownStack, off + 1, len - 2, + ' [... lines matching original stack trace ...]'); } - return err.stack + sep + ownStack.join('\n'); + return err.stack + sep + ArrayPrototypeJoin(ownStack, '\n'); } EventEmitter.prototype.emit = function emit(type, ...args) { @@ -327,7 +336,7 @@ EventEmitter.prototype.emit = function emit(type, ...args) { const capture = {}; ErrorCaptureStackTrace(capture, EventEmitter.prototype.emit); ObjectDefineProperty(er, kEnhanceStackBeforeInspector, { - value: enhanceStackTrace.bind(this, er, capture), + value: FunctionPrototypeBind(enhanceStackTrace, this, er, capture), configurable: true }); } catch {} @@ -620,7 +629,7 @@ EventEmitter.listenerCount = function(emitter, type) { if (typeof emitter.listenerCount === 'function') { return emitter.listenerCount(type); } - return listenerCount.call(emitter, type); + return FunctionPrototypeCall(listenerCount, emitter, type); }; EventEmitter.prototype.listenerCount = listenerCount; @@ -858,7 +867,7 @@ function on(emitter, event, options) { } function eventHandler(...args) { - const promise = unconsumedPromises.shift(); + const promise = ArrayPrototypeShift(unconsumedPromises); if (promise) { promise.resolve(createIterResult(args, false)); } else { @@ -869,7 +878,7 @@ function on(emitter, event, options) { function errorHandler(err) { finished = true; - const toError = unconsumedPromises.shift(); + const toError = ArrayPrototypeShift(unconsumedPromises); if (toError) { toError.reject(err); |