-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
lib: replace string prototype usage with alternatives #52440
Conversation
this should be benchmarked as it is a pretty central function. |
I've made a few changes based on the suggestions, there are more to be made still (such as fixing imports) I'll go through the file tonight |
When ready, I'll squash |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
It should be faster, but I dont think we can benchmark it as it "only" speeds up the startup time of node. |
Yes, most of the time. I've noticed that is it used during runtime (a bit).
|
|
Probably a tiny bit, but it presents less of a security issue, as a user can overwrite |
Just for the performance comparison: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
I'll fix the lint issue and squash today. |
|
I'm ready to merge when you are |
This PR requires a full CI run before landing. However, because there's a security release in preparation, the CI request is queued up (notice your PR has the
request-ci
|
I think the proposition in the PR description is misleading - primordials are not a security measure and they never will be because we will never enforce them throughout the codebase. They are only a UX enhancement (e.g. don't blow up the process just because someone patched a global prototype). |
I think further special casing in JS land is not ideal - we should just add |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey, thanks for this PR! I don't understand this change - this code runs when Node boots before an user code runs when options values are checked (right?)
I think that implies that prototypes cannot be polluted at this point doesn't it?
While this code is ran before runtime, it code is also used during runtime. This means that prototype pollution, while not possible for all cli arguments, is possible for some. |
Can you give an example? |
Sure! With a snippet like const startsWith = String.prototype.startsWith;
Object.defineProperty(String.prototype, "startsWith", {
value: function (search, pos) {
if (search === "--no-") {
process.nextTick(() => {
console.log(this, search, pos);
});
}
return startsWith.call(this, search, pos);
}
}) we can see exactly what uses it during runtime. For example, when I run
|
out/Release/node /Users/iojs/build/workspace/node-test-commit-osx-arm/nodes/osx11/test/pummel/test-crypto-timing-safe-equal-benchmarks.js Failed a test run, I don't think this change had anything to do with it, but idk |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, didn't realize, thanks makes sense (as reliability)
Hi Team, I noticed that the CI bot keeps re-CI-ing this PR, isn't that a waste of resources? Is there a reason for this? |
It's not re-CI it's manual due to flakiness |
Ah, thanks! |
@aduh95 you beat me to it with adding the commit queue label 😃 |
Great work, everyone! |
Landed in bb7d748 |
🎉 |
PR-URL: #52440 Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: Moshe Atlow <[email protected]> Reviewed-By: Vinícius Lourenço Claro Cardoso <[email protected]> Reviewed-By: Benjamin Gruenbaum <[email protected]> Reviewed-By: Rafael Gonzaga <[email protected]> Reviewed-By: Antoine du Hamel <[email protected]>
PR-URL: #52440 Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: Moshe Atlow <[email protected]> Reviewed-By: Vinícius Lourenço Claro Cardoso <[email protected]> Reviewed-By: Benjamin Gruenbaum <[email protected]> Reviewed-By: Rafael Gonzaga <[email protected]> Reviewed-By: Antoine du Hamel <[email protected]>
PR-URL: #52440 Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: Moshe Atlow <[email protected]> Reviewed-By: Vinícius Lourenço Claro Cardoso <[email protected]> Reviewed-By: Benjamin Gruenbaum <[email protected]> Reviewed-By: Rafael Gonzaga <[email protected]> Reviewed-By: Antoine du Hamel <[email protected]>
This PR replaces the use of overridable functions (in strings) with alternatives, to prevent user interference when processing cli options