Skip to content

Commit

Permalink
http2: remove prototype primordials
Browse files Browse the repository at this point in the history
Co-authored-by: Yagiz Nizipli <yagiz@nizipli.com>
PR-URL: #53696
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz.nizipli@sentry.io>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Chemi Atlow <chemi@atlow.co.il>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
  • Loading branch information
2 people authored and targos committed Sep 21, 2024
1 parent 3000e5d commit 99f96eb
Show file tree
Hide file tree
Showing 4 changed files with 64 additions and 101 deletions.
9 changes: 7 additions & 2 deletions doc/contributing/primordials.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,13 @@ The file `lib/internal/per_context/primordials.js` subclasses and stores the JS
built-ins that come from the VM so that Node.js built-in modules do not need to
later look these up from the global proxy, which can be mutated by users.

Usage of primordials should be preferred for any new code, but replacing current
code with primordials should be
For some area of the codebase, performance and code readability are deemed more
important than reliability against prototype pollution:

* `node:http2`

Usage of primordials should be preferred for new code in other areas, but
replacing current code with primordials should be
[done with care](#primordials-with-known-performance-issues). It is highly
recommended to ping the relevant team when reviewing a pull request that touches
one of the subsystems they "own".
Expand Down
37 changes: 15 additions & 22 deletions lib/internal/http2/compat.js
Original file line number Diff line number Diff line change
Expand Up @@ -2,19 +2,13 @@

const {
ArrayIsArray,
ArrayPrototypePush,
Boolean,
FunctionPrototypeBind,
ObjectAssign,
ObjectHasOwn,
ObjectKeys,
ObjectPrototypeHasOwnProperty,
Proxy,
ReflectApply,
ReflectGetPrototypeOf,
StringPrototypeIncludes,
SafeArrayIterator,
StringPrototypeToLowerCase,
StringPrototypeTrim,
Symbol,
} = primordials;

Expand Down Expand Up @@ -89,7 +83,7 @@ let statusConnectionHeaderWarned = false;
const assertValidHeader = hideStackFrames((name, value) => {
if (name === '' ||
typeof name !== 'string' ||
StringPrototypeIncludes(name, ' ')) {
name.includes(' ')) {
throw new ERR_INVALID_HTTP_TOKEN.HideStackFramesError('Header name', name);
}
if (isPseudoHeader(name)) {
Expand Down Expand Up @@ -153,8 +147,7 @@ function onStreamTrailers(trailers, flags, rawTrailers) {
const request = this[kRequest];
if (request !== undefined) {
ObjectAssign(request[kTrailers], trailers);
ArrayPrototypePush(request[kRawTrailers],
...new SafeArrayIterator(rawTrailers));
request[kRawTrailers].push(...rawTrailers);
}
}

Expand Down Expand Up @@ -216,7 +209,7 @@ const proxySocketHandler = {
case 'end':
case 'emit':
case 'destroy':
return FunctionPrototypeBind(stream[prop], stream);
return stream[prop].bind(stream);
case 'writable':
case 'destroyed':
return stream[prop];
Expand All @@ -229,8 +222,8 @@ const proxySocketHandler = {
case 'setTimeout': {
const session = stream.session;
if (session !== undefined)
return FunctionPrototypeBind(session.setTimeout, session);
return FunctionPrototypeBind(stream.setTimeout, stream);
return session.setTimeout.bind(session);
return stream.setTimeout.bind(stream);
}
case 'write':
case 'read':
Expand All @@ -242,7 +235,7 @@ const proxySocketHandler = {
stream.session[kSocket] : stream;
const value = ref[prop];
return typeof value === 'function' ?
FunctionPrototypeBind(value, ref) :
value.bind(ref) :
value;
}
}
Expand Down Expand Up @@ -417,7 +410,7 @@ class Http2ServerRequest extends Readable {

set method(method) {
validateString(method, 'method');
if (StringPrototypeTrim(method) === '')
if (method.trim() === '')
throw new ERR_INVALID_ARG_VALUE('method', method);

this[kHeaders][HTTP2_HEADER_METHOD] = method;
Expand Down Expand Up @@ -578,7 +571,7 @@ class Http2ServerResponse extends Stream {

setTrailer(name, value) {
validateString(name, 'name');
name = StringPrototypeToLowerCase(StringPrototypeTrim(name));
name = name.trim().toLowerCase();
assertValidHeader(name, value);
this[kTrailers][name] = value;
}
Expand All @@ -594,7 +587,7 @@ class Http2ServerResponse extends Stream {

getHeader(name) {
validateString(name, 'name');
name = StringPrototypeToLowerCase(StringPrototypeTrim(name));
name = name.trim().toLowerCase();
return this[kHeaders][name];
}

Expand All @@ -609,16 +602,16 @@ class Http2ServerResponse extends Stream {

hasHeader(name) {
validateString(name, 'name');
name = StringPrototypeToLowerCase(StringPrototypeTrim(name));
return ObjectPrototypeHasOwnProperty(this[kHeaders], name);
name = name.trim().toLowerCase();
return ObjectHasOwn(this[kHeaders], name);
}

removeHeader(name) {
validateString(name, 'name');
if (this[kStream].headersSent)
throw new ERR_HTTP2_HEADERS_SENT();

name = StringPrototypeToLowerCase(StringPrototypeTrim(name));
name = name.trim().toLowerCase();

if (name === 'date') {
this[kState].sendDate = false;
Expand All @@ -638,7 +631,7 @@ class Http2ServerResponse extends Stream {
}

[kSetHeader](name, value) {
name = StringPrototypeToLowerCase(StringPrototypeTrim(name));
name = name.trim().toLowerCase();
assertValidHeader(name, value);

if (!isConnectionHeaderAllowed(name, value)) {
Expand All @@ -662,7 +655,7 @@ class Http2ServerResponse extends Stream {
}

[kAppendHeader](name, value) {
name = StringPrototypeToLowerCase(StringPrototypeTrim(name));
name = name.trim().toLowerCase();
assertValidHeader(name, value);

if (!isConnectionHeaderAllowed(name, value)) {
Expand Down
Loading

0 comments on commit 99f96eb

Please sign in to comment.