diff options
author | Himself65 <himself65@outlook.com> | 2022-04-04 11:24:17 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-04-04 11:24:17 +0300 |
commit | e6a7300a10eb7de8a79e1ace26631fb611b64bfe (patch) | |
tree | 8427fa1cf81472810059de13b61549e5636d8f17 /src/node_env_var.cc | |
parent | df20947e69dcfe73f0df1ff33ac350748173742e (diff) |
process: disallow some uses of Object.defineProperty() on process.env
Disallow the use of Object.defineProperty() to hide entries in
process.env or make them immutable.
PR-URL: https://github.com/nodejs/node/pull/28006
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Diffstat (limited to 'src/node_env_var.cc')
-rw-r--r-- | src/node_env_var.cc | 50 |
1 files changed, 49 insertions, 1 deletions
diff --git a/src/node_env_var.cc b/src/node_env_var.cc index 27c833d498e..98f1ed07998 100644 --- a/src/node_env_var.cc +++ b/src/node_env_var.cc @@ -28,6 +28,7 @@ using v8::Nothing; using v8::Object; using v8::ObjectTemplate; using v8::PropertyCallbackInfo; +using v8::PropertyDescriptor; using v8::PropertyHandlerFlags; using v8::ReadOnly; using v8::String; @@ -396,11 +397,57 @@ static void EnvEnumerator(const PropertyCallbackInfo<Array>& info) { env->env_vars()->Enumerate(env->isolate())); } +static void EnvDefiner(Local<Name> property, + const PropertyDescriptor& desc, + const PropertyCallbackInfo<Value>& info) { + Environment* env = Environment::GetCurrent(info); + if (desc.has_value()) { + if (!desc.has_writable() || + !desc.has_enumerable() || + !desc.has_configurable()) { + THROW_ERR_INVALID_OBJECT_DEFINE_PROPERTY(env, + "'process.env' only accepts a " + "configurable, writable," + " and enumerable " + "data descriptor"); + } else if (!desc.configurable() || + !desc.enumerable() || + !desc.writable()) { + THROW_ERR_INVALID_OBJECT_DEFINE_PROPERTY(env, + "'process.env' only accepts a " + "configurable, writable," + " and enumerable " + "data descriptor"); + } else { + return EnvSetter(property, desc.value(), info); + } + } else if (desc.has_get() || desc.has_set()) { + // we don't accept a getter/setter in 'process.env' + THROW_ERR_INVALID_OBJECT_DEFINE_PROPERTY(env, + "'process.env' does not accept an" + "accessor(getter/setter)" + " descriptor"); + } else { + THROW_ERR_INVALID_OBJECT_DEFINE_PROPERTY(env, + "'process.env' only accepts a " + "configurable, writable," + " and enumerable " + "data descriptor"); + } +} + MaybeLocal<Object> CreateEnvVarProxy(Local<Context> context, Isolate* isolate) { EscapableHandleScope scope(isolate); Local<ObjectTemplate> env_proxy_template = ObjectTemplate::New(isolate); env_proxy_template->SetHandler(NamedPropertyHandlerConfiguration( - EnvGetter, EnvSetter, EnvQuery, EnvDeleter, EnvEnumerator, Local<Value>(), + EnvGetter, + EnvSetter, + EnvQuery, + EnvDeleter, + EnvEnumerator, + EnvDefiner, + nullptr, + Local<Value>(), PropertyHandlerFlags::kHasNoSideEffect)); return scope.EscapeMaybe(env_proxy_template->NewInstance(context)); } @@ -411,6 +458,7 @@ void RegisterEnvVarExternalReferences(ExternalReferenceRegistry* registry) { registry->Register(EnvQuery); registry->Register(EnvDeleter); registry->Register(EnvEnumerator); + registry->Register(EnvDefiner); } } // namespace node |