test: add initial pull delay and prototype pollution prevention tests for ReadableStream #54061
Conversation
nodejs-github-bot
added
needs-ci
|
Why do we need a prototype pollution test? |
sonsurim
force-pushed
the
sonsurim-add-readstream-values-test
branch
from
5c65bb0
to
1ad6b75
Compare
|
@anonrig Thank you for the review! During the refactoring process of the Specifically, the tests failed due to the usage of I think prototype pollution test was essential to confirm that the code changes did not negatively impact the stream's behavior. |
Because it's a web standard and that requires certain behaviors I guess? We can choose not to test/guarantee this in our own abstractions but in standards we implement we should generally follow them as much as we are able to. |
Thank you for the review! Are you referring to checking for tests in the streams directory of the WPT repository? Is there anything else I should check? Please let me know and I will look into it right away! |
|
@sonsurim I would prefer it if this was tested through the WPTs which means Node and browsers (and other runtimes) would run it and be compatible. https://github.com/web-platform-tests/wpt That will be pulled automatically the next time WPTs are updates for streams (which is pretty often). However, if that's too much work from your PoV then I'm fine with landing this and opening an issue at the WPT repo and then migrating when that part happens. |
|
Thank you for the suggestion! I would like to proceed with this PR and then open an issue in the WPT repository as you mentioned. Does that sound okay? 😀 |
|
Is it okay if I proceed with this PR as it is now and work on wpt repo as a follow-up PR and pull it to node repo? If you don't mind, Please let me know! |
Hey yes, this PR isn't blocked - it has an approval (by James) and no blocks. I'll trigger a CI run so after it's green it can land. |
github-actions
bot
removed
the
request-ci
benjamingr
added
the
commit-queue
nodejs-github-bot
removed
the
commit-queue
|
Landed in d172da8 |
Refs : https://github.com/nodejs/node/blob/main/lib/internal/webstreams/readablestream.js#L522-L536 PR-URL: #54061 Reviewed-By: James M Snell <jasnell@gmail.com>
Added two important tests for the
valuesmethod ofReadableStream:These tests were added based on the comment in the source code.
Initial Pull Delay Test:
Added a test to ensure that the microtask completes before the controller starts the first read. This is to ensure that the controller is properly initialized before the first read.
Prototype Pollution Prevention Test:
Modified
Promise.prototype.thento simulate a prototype pollution scenario and verified that the stream operates correctly. Restored thethenmethod to its original state at the end.cc. @jasnell