From efe74746f080a4bdde7dec064cb8c3353d171b1a Mon Sep 17 00:00:00 2001 From: James M Snell Date: Mon, 12 Jul 2021 15:59:36 -0700 Subject: [PATCH] stream: fixup property definition to avoid prototype polution Fixup the definitions of the properties to avoid the possibility of prototype polution on the object definitions. Signed-off-by: James M Snell PR-URL: https://github.com/nodejs/node/pull/39371 Reviewed-By: Antoine du Hamel Reviewed-By: Robert Nagy Reviewed-By: Matteo Collina --- lib/internal/webstreams/queuingstrategies.js | 9 ++-- lib/internal/webstreams/readablestream.js | 53 ++++++++++---------- lib/internal/webstreams/transformstream.js | 13 ++--- lib/internal/webstreams/util.js | 4 ++ lib/internal/webstreams/writablestream.js | 29 +++++------ 5 files changed, 58 insertions(+), 50 deletions(-) diff --git a/lib/internal/webstreams/queuingstrategies.js b/lib/internal/webstreams/queuingstrategies.js index d8750665bd5e86..2db51b92a7f502 100644 --- a/lib/internal/webstreams/queuingstrategies.js +++ b/lib/internal/webstreams/queuingstrategies.js @@ -21,6 +21,7 @@ const { isBrandCheck, kType, kState, + kEnumerableProperty, } = require('internal/webstreams/util'); const { @@ -102,8 +103,8 @@ class ByteLengthQueuingStrategy { } ObjectDefineProperties(ByteLengthQueuingStrategy.prototype, { - highWaterMark: { enumerable: true }, - size: { enumerable: true }, + highWaterMark: kEnumerableProperty, + size: kEnumerableProperty, }); /** @@ -158,8 +159,8 @@ class CountQueuingStrategy { } ObjectDefineProperties(CountQueuingStrategy.prototype, { - highWaterMark: { enumerable: true }, - size: { enumerable: true }, + highWaterMark: kEnumerableProperty, + size: kEnumerableProperty, }); module.exports = { diff --git a/lib/internal/webstreams/readablestream.js b/lib/internal/webstreams/readablestream.js index 978281dfa324e8..ce822d479437e3 100644 --- a/lib/internal/webstreams/readablestream.js +++ b/lib/internal/webstreams/readablestream.js @@ -103,6 +103,7 @@ const { nonOpStart, kType, kState, + kEnumerableProperty, } = require('internal/webstreams/util'); const { @@ -553,12 +554,12 @@ ObjectDefineProperties(ReadableStream.prototype, { writable: true, value: ReadableStream.prototype.values, }, - locked: { enumerable: true }, - cancel: { enumerable: true }, - getReader: { enumerable: true }, - pipeThrough: { enumerable: true }, - pipeTo: { enumerable: true }, - tee: { enumerable: true }, + locked: kEnumerableProperty, + cancel: kEnumerableProperty, + getReader: kEnumerableProperty, + pipeThrough: kEnumerableProperty, + pipeTo: kEnumerableProperty, + tee: kEnumerableProperty, }); function TransferredReadableStream() { @@ -654,9 +655,9 @@ class ReadableStreamBYOBRequest { } ObjectDefineProperties(ReadableStreamBYOBRequest.prototype, { - view: { enumerable: true }, - respond: { enumerable: true }, - respondWithNewView: { enumerable: true }, + view: kEnumerableProperty, + respond: kEnumerableProperty, + respondWithNewView: kEnumerableProperty, }); function createReadableStreamBYOBRequest(controller, view) { @@ -801,10 +802,10 @@ class ReadableStreamDefaultReader { } ObjectDefineProperties(ReadableStreamDefaultReader.prototype, { - closed: { enumerable: true }, - read: { enumerable: true }, - releaseLock: { enumerable: true }, - cancel: { enumerable: true }, + closed: kEnumerableProperty, + read: kEnumerableProperty, + releaseLock: kEnumerableProperty, + cancel: kEnumerableProperty, }); class ReadableStreamBYOBReader { @@ -918,10 +919,10 @@ class ReadableStreamBYOBReader { } ObjectDefineProperties(ReadableStreamBYOBReader.prototype, { - closed: { enumerable: true }, - read: { enumerable: true }, - releaseLock: { enumerable: true }, - cancel: { enumerable: true }, + closed: kEnumerableProperty, + read: kEnumerableProperty, + releaseLock: kEnumerableProperty, + cancel: kEnumerableProperty, }); class ReadableStreamDefaultController { @@ -977,10 +978,10 @@ class ReadableStreamDefaultController { } ObjectDefineProperties(ReadableStreamDefaultController.prototype, { - desiredSize: { enumerable: true }, - close: { enumerable: true }, - enqueue: { enumerable: true }, - error: { enumerable: true }, + desiredSize: kEnumerableProperty, + close: kEnumerableProperty, + enqueue: kEnumerableProperty, + error: kEnumerableProperty, }); function createReadableStreamDefaultController() { @@ -1106,11 +1107,11 @@ class ReadableByteStreamController { } ObjectDefineProperties(ReadableByteStreamController.prototype, { - byobRequest: { enumerable: true }, - desiredSize: { enumerable: true }, - close: { enumerable: true }, - enqueue: { enumerable: true }, - error: { enumerable: true }, + byobRequest: kEnumerableProperty, + desiredSize: kEnumerableProperty, + close: kEnumerableProperty, + enqueue: kEnumerableProperty, + error: kEnumerableProperty, }); function createReadableByteStreamController() { diff --git a/lib/internal/webstreams/transformstream.js b/lib/internal/webstreams/transformstream.js index 62940a1fb9da76..b4e690daa98c4a 100644 --- a/lib/internal/webstreams/transformstream.js +++ b/lib/internal/webstreams/transformstream.js @@ -45,6 +45,7 @@ const { nonOpFlush, kType, kState, + kEnumerableProperty, } = require('internal/webstreams/util'); const { @@ -226,8 +227,8 @@ class TransformStream { } ObjectDefineProperties(TransformStream.prototype, { - readable: { enumerable: true }, - writable: { enumerable: true }, + readable: kEnumerableProperty, + writable: kEnumerableProperty, }); function TransferredTransformStream() { @@ -310,10 +311,10 @@ class TransformStreamDefaultController { } ObjectDefineProperties(TransformStreamDefaultController.prototype, { - desiredSize: { enumerable: true }, - enqueue: { enumerable: true }, - error: { enumerable: true }, - terminate: { enumerable: true }, + desiredSize: kEnumerableProperty, + enqueue: kEnumerableProperty, + error: kEnumerableProperty, + terminate: kEnumerableProperty, }); function createTransformStreamDefaultController() { diff --git a/lib/internal/webstreams/util.js b/lib/internal/webstreams/util.js index 8cf31d1c307ca9..54e707e8525c09 100644 --- a/lib/internal/webstreams/util.js +++ b/lib/internal/webstreams/util.js @@ -207,6 +207,9 @@ function lazyTransfer() { return transfer; } +const kEnumerableProperty = ObjectCreate(null); +kEnumerableProperty.enumerable = true; + module.exports = { ArrayBufferViewGetBuffer, ArrayBufferViewGetByteLength, @@ -234,4 +237,5 @@ module.exports = { nonOpWrite, kType, kState, + kEnumerableProperty, }; diff --git a/lib/internal/webstreams/writablestream.js b/lib/internal/webstreams/writablestream.js index c36ce82fcdcfbf..dba7560c549a9a 100644 --- a/lib/internal/webstreams/writablestream.js +++ b/lib/internal/webstreams/writablestream.js @@ -64,6 +64,7 @@ const { nonOpWrite, kType, kState, + kEnumerableProperty, } = require('internal/webstreams/util'); const { @@ -280,10 +281,10 @@ class WritableStream { } ObjectDefineProperties(WritableStream.prototype, { - locked: { enumerable: true }, - abort: { enumerable: true }, - close: { enumerable: true }, - getWriter: { enumerable: true }, + locked: kEnumerableProperty, + abort: kEnumerableProperty, + close: kEnumerableProperty, + getWriter: kEnumerableProperty, }); function TransferredWritableStream() { @@ -469,13 +470,13 @@ class WritableStreamDefaultWriter { } ObjectDefineProperties(WritableStreamDefaultWriter.prototype, { - closed: { enumerable: true }, - ready: { enumerable: true }, - desiredSize: { enumerable: true }, - abort: { enumerable: true }, - close: { enumerable: true }, - releaseLock: { enumerable: true }, - write: { enumerable: true }, + closed: kEnumerableProperty, + ready: kEnumerableProperty, + desiredSize: kEnumerableProperty, + abort: kEnumerableProperty, + close: kEnumerableProperty, + releaseLock: kEnumerableProperty, + write: kEnumerableProperty, }); class WritableStreamDefaultController { @@ -534,9 +535,9 @@ class WritableStreamDefaultController { } ObjectDefineProperties(WritableStreamDefaultController.prototype, { - abortReason: { enumerable: true }, - signal: { enumerable: true }, - error: { enumerable: true }, + abortReason: kEnumerableProperty, + signal: kEnumerableProperty, + error: kEnumerableProperty, }); function createWritableStreamDefaultController() {