stream: fixup property definition to avoid prototype polution

Fixup the definitions of the properties to avoid the possibility of prototype polution on the object definitions. Signed-off-by: James M Snell <jasnell@gmail.com> PR-URL: #39371 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Robert Nagy <ronagy@icloud.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
nodejs · Jul 13, 2021 · 2cc13ad · 2cc13ad
1 parent a99c230
commit 2cc13ad
Show file tree

Hide file tree

Showing 5 changed files with 58 additions and 50 deletions.
diff --git a/lib/internal/webstreams/queuingstrategies.js b/lib/internal/webstreams/queuingstrategies.js
@@ -21,6 +21,7 @@ const {
  isBrandCheck,
  kType,
  kState,
+ kEnumerableProperty,
 } = require('internal/webstreams/util');
 
 const {
@@ -102,8 +103,8 @@ class ByteLengthQueuingStrategy {
 }
 
 ObjectDefineProperties(ByteLengthQueuingStrategy.prototype, {
- highWaterMark: { enumerable: true },
- size: { enumerable: true },
+ highWaterMark: kEnumerableProperty,
+ size: kEnumerableProperty,
 });
 
 /**
@@ -158,8 +159,8 @@ class CountQueuingStrategy {
 }
 
 ObjectDefineProperties(CountQueuingStrategy.prototype, {
- highWaterMark: { enumerable: true },
- size: { enumerable: true },
+ highWaterMark: kEnumerableProperty,
+ size: kEnumerableProperty,
 });
 
 module.exports = {

diff --git a/lib/internal/webstreams/readablestream.js b/lib/internal/webstreams/readablestream.js
@@ -103,6 +103,7 @@ const {
  nonOpStart,
  kType,
  kState,
+ kEnumerableProperty,
 } = require('internal/webstreams/util');
 
 const {
@@ -553,12 +554,12 @@ ObjectDefineProperties(ReadableStream.prototype, {
  writable: true,
  value: ReadableStream.prototype.values,
  },
- locked: { enumerable: true },
- cancel: { enumerable: true },
- getReader: { enumerable: true },
- pipeThrough: { enumerable: true },
- pipeTo: { enumerable: true },
- tee: { enumerable: true },
+ locked: kEnumerableProperty,
+ cancel: kEnumerableProperty,
+ getReader: kEnumerableProperty,
+ pipeThrough: kEnumerableProperty,
+ pipeTo: kEnumerableProperty,
+ tee: kEnumerableProperty,
 });
 
 function TransferredReadableStream() {
@@ -654,9 +655,9 @@ class ReadableStreamBYOBRequest {
 }
 
 ObjectDefineProperties(ReadableStreamBYOBRequest.prototype, {
- view: { enumerable: true },
- respond: { enumerable: true },
- respondWithNewView: { enumerable: true },
+ view: kEnumerableProperty,
+ respond: kEnumerableProperty,
+ respondWithNewView: kEnumerableProperty,
 });
 
 function createReadableStreamBYOBRequest(controller, view) {
@@ -801,10 +802,10 @@ class ReadableStreamDefaultReader {
 }
 
 ObjectDefineProperties(ReadableStreamDefaultReader.prototype, {
- closed: { enumerable: true },
- read: { enumerable: true },
- releaseLock: { enumerable: true },
- cancel: { enumerable: true },
+ closed: kEnumerableProperty,
+ read: kEnumerableProperty,
+ releaseLock: kEnumerableProperty,
+ cancel: kEnumerableProperty,
 });
 
 class ReadableStreamBYOBReader {
@@ -918,10 +919,10 @@ class ReadableStreamBYOBReader {
 }
 
 ObjectDefineProperties(ReadableStreamBYOBReader.prototype, {
- closed: { enumerable: true },
- read: { enumerable: true },
- releaseLock: { enumerable: true },
- cancel: { enumerable: true },
+ closed: kEnumerableProperty,
+ read: kEnumerableProperty,
+ releaseLock: kEnumerableProperty,
+ cancel: kEnumerableProperty,
 });
 
 class ReadableStreamDefaultController {
@@ -977,10 +978,10 @@ class ReadableStreamDefaultController {
 }
 
 ObjectDefineProperties(ReadableStreamDefaultController.prototype, {
- desiredSize: { enumerable: true },
- close: { enumerable: true },
- enqueue: { enumerable: true },
- error: { enumerable: true },
+ desiredSize: kEnumerableProperty,
+ close: kEnumerableProperty,
+ enqueue: kEnumerableProperty,
+ error: kEnumerableProperty,
 });
 
 function createReadableStreamDefaultController() {
@@ -1106,11 +1107,11 @@ class ReadableByteStreamController {
 }
 
 ObjectDefineProperties(ReadableByteStreamController.prototype, {
- byobRequest: { enumerable: true },
- desiredSize: { enumerable: true },
- close: { enumerable: true },
- enqueue: { enumerable: true },
- error: { enumerable: true },
+ byobRequest: kEnumerableProperty,
+ desiredSize: kEnumerableProperty,
+ close: kEnumerableProperty,
+ enqueue: kEnumerableProperty,
+ error: kEnumerableProperty,
 });
 
 function createReadableByteStreamController() {

diff --git a/lib/internal/webstreams/transformstream.js b/lib/internal/webstreams/transformstream.js
@@ -45,6 +45,7 @@ const {
  nonOpFlush,
  kType,
  kState,
+ kEnumerableProperty,
 } = require('internal/webstreams/util');
 
 const {
@@ -226,8 +227,8 @@ class TransformStream {
 }
 
 ObjectDefineProperties(TransformStream.prototype, {
- readable: { enumerable: true },
- writable: { enumerable: true },
+ readable: kEnumerableProperty,
+ writable: kEnumerableProperty,
 });
 
 function TransferredTransformStream() {
@@ -310,10 +311,10 @@ class TransformStreamDefaultController {
 }
 
 ObjectDefineProperties(TransformStreamDefaultController.prototype, {
- desiredSize: { enumerable: true },
- enqueue: { enumerable: true },
- error: { enumerable: true },
- terminate: { enumerable: true },
+ desiredSize: kEnumerableProperty,
+ enqueue: kEnumerableProperty,
+ error: kEnumerableProperty,
+ terminate: kEnumerableProperty,
 });
 
 function createTransformStreamDefaultController() {

diff --git a/lib/internal/webstreams/util.js b/lib/internal/webstreams/util.js
@@ -207,6 +207,9 @@ function lazyTransfer() {
  return transfer;
 }
 
+const kEnumerableProperty = ObjectCreate(null);
+kEnumerableProperty.enumerable = true;
+
 module.exports = {
  ArrayBufferViewGetBuffer,
  ArrayBufferViewGetByteLength,
@@ -234,4 +237,5 @@ module.exports = {
  nonOpWrite,
  kType,
  kState,
+ kEnumerableProperty,
 };
diff --git a/lib/internal/webstreams/writablestream.js b/lib/internal/webstreams/writablestream.js
@@ -64,6 +64,7 @@ const {
  nonOpWrite,
  kType,
  kState,
+ kEnumerableProperty,
 } = require('internal/webstreams/util');
 
 const {
@@ -280,10 +281,10 @@ class WritableStream {
 }
 
 ObjectDefineProperties(WritableStream.prototype, {
- locked: { enumerable: true },
- abort: { enumerable: true },
- close: { enumerable: true },
- getWriter: { enumerable: true },
+ locked: kEnumerableProperty,
+ abort: kEnumerableProperty,
+ close: kEnumerableProperty,
+ getWriter: kEnumerableProperty,
 });
 
 function TransferredWritableStream() {
@@ -469,13 +470,13 @@ class WritableStreamDefaultWriter {
 }
 
 ObjectDefineProperties(WritableStreamDefaultWriter.prototype, {
- closed: { enumerable: true },
- ready: { enumerable: true },
- desiredSize: { enumerable: true },
- abort: { enumerable: true },
- close: { enumerable: true },
- releaseLock: { enumerable: true },
- write: { enumerable: true },
+ closed: kEnumerableProperty,
+ ready: kEnumerableProperty,
+ desiredSize: kEnumerableProperty,
+ abort: kEnumerableProperty,
+ close: kEnumerableProperty,
+ releaseLock: kEnumerableProperty,
+ write: kEnumerableProperty,
 });
 
 class WritableStreamDefaultController {
@@ -534,9 +535,9 @@ class WritableStreamDefaultController {
 }
 
 ObjectDefineProperties(WritableStreamDefaultController.prototype, {
- abortReason: { enumerable: true },
- signal: { enumerable: true },
- error: { enumerable: true },
+ abortReason: kEnumerableProperty,
+ signal: kEnumerableProperty,
+ error: kEnumerableProperty,
 });
 
 function createWritableStreamDefaultController() {