Skip to content
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
fixup! module: protect against prototype mutation
  • Loading branch information
aduh95 committed Jul 29, 2022
commit 835cb42885cc6587012ed3c179836ed0953235cd
9 changes: 2 additions & 7 deletions lib/internal/modules/cjs/helpers.js
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ const path = require('path');
const { pathToFileURL, fileURLToPath, URL } = require('internal/url');

const { getOptionValue } = require('internal/options');
const { setOwnProperty } = require('internal/util');
const userConditions = getOptionValue('--conditions');

let debug = require('internal/util/debuglog').debuglog('module', (fn) => {
Expand Down Expand Up @@ -117,13 +118,7 @@ function makeRequireFunction(mod, redirects) {

resolve.paths = paths;

ObjectDefineProperty(require, 'main', {
__proto__: null,
configurable: true,
enumerable: true,
value: process.mainModule,
writable: true,
});
setOwnProperty(require, 'main', process.mainModule);

// Enable support to add extra extension types.
require.extensions = Module._extensions;
Expand Down
18 changes: 3 additions & 15 deletions lib/internal/modules/cjs/loader.js
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ const {
maybeCacheSourceMap,
} = require('internal/source_map/source_map_cache');
const { pathToFileURL, fileURLToPath, isURLInstance } = require('internal/url');
const { deprecate, kEmptyObject, filterOwnProperties } = require('internal/util');
const { deprecate, kEmptyObject, filterOwnProperties, setOwnProperty } = require('internal/util');
const vm = require('vm');
const assert = require('internal/assert');
const fs = require('fs');
Expand Down Expand Up @@ -172,13 +172,7 @@ const moduleParentCache = new SafeWeakMap();
function Module(id = '', parent) {
this.id = id;
this.path = path.dirname(id);
Comment thread
ljharb marked this conversation as resolved.
ObjectDefineProperty(this, 'exports', {
__proto__: null,
configurable: true,
enumerable: true,
value: {},
writable: true,
});
setOwnProperty(this, 'exports', {});
moduleParentCache.set(this, parent);
updateChildren(parent, this, false);
this.filename = null;
Expand Down Expand Up @@ -1190,13 +1184,7 @@ Module._extensions['.json'] = function(module, filename) {
}

try {
ObjectDefineProperty(module, 'exports', {
__proto__: null,
configurable: true,
enumerable: true,
value: JSONParse(stripBOM(content)),
writable: true,
});
setOwnProperty(module, 'exports', JSONParse(stripBOM(content)));
} catch (err) {
err.message = filename + ': ' + err.message;
throw err;
Expand Down
18 changes: 18 additions & 0 deletions lib/internal/util.js
Original file line number Diff line number Diff line change
Expand Up @@ -520,6 +520,23 @@ function filterOwnProperties(source, keys) {
return filtered;
}

/**
* Mimics `obj[key] = value` but ignoring potential prototype inheritance.
* @param {any} obj
* @param {string} key
* @param {any} value
* @returns {any}
*/
function setOwnProperty(obj, key, value) {
return ObjectDefineProperty(obj, key, {
__proto__: null,
configurable: true,
enumerable: true,
value,
writable: true,
});
}

module.exports = {
assertCrypto,
cachedResult,
Expand Down Expand Up @@ -563,4 +580,5 @@ module.exports = {

kEmptyObject,
kEnumerableProperty,
setOwnProperty,
};