mirror of
https://github.com/nodejs/node.git
synced 2025-05-02 03:31:35 +00:00
4aa0eff787
process.binding() can be used to trivially bypass restrictions imposed through a policy. Since the function is deprecated already, simply replace it with a stub when a policy is being enabled. Fixes: https://hackerone.com/bugs?report_id=1946470 PR-URL: https://github.com/nodejs-private/node-private/pull/397 Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> CVE-ID: CVE-2023-32559
72 lines
1.6 KiB
JavaScript
72 lines
1.6 KiB
JavaScript
'use strict';
|
|
|
|
const {
|
|
JSONParse,
|
|
ObjectFreeze,
|
|
ReflectSetPrototypeOf,
|
|
} = primordials;
|
|
|
|
const {
|
|
ERR_ACCESS_DENIED,
|
|
ERR_MANIFEST_TDZ,
|
|
} = require('internal/errors').codes;
|
|
const { Manifest } = require('internal/policy/manifest');
|
|
let manifest;
|
|
let manifestSrc;
|
|
let manifestURL;
|
|
|
|
module.exports = ObjectFreeze({
|
|
__proto__: null,
|
|
setup(src, url) {
|
|
manifestSrc = src;
|
|
manifestURL = url;
|
|
if (src === null) {
|
|
manifest = null;
|
|
return;
|
|
}
|
|
|
|
const json = JSONParse(src, (_, o) => {
|
|
if (o && typeof o === 'object') {
|
|
ReflectSetPrototypeOf(o, null);
|
|
ObjectFreeze(o);
|
|
}
|
|
return o;
|
|
});
|
|
manifest = new Manifest(json, url);
|
|
|
|
// process.binding() is deprecated (DEP0111) and trivially allows bypassing
|
|
// policies, so if policies are enabled, make this API unavailable.
|
|
process.binding = function binding(_module) {
|
|
throw new ERR_ACCESS_DENIED('process.binding');
|
|
};
|
|
process._linkedBinding = function _linkedBinding(_module) {
|
|
throw new ERR_ACCESS_DENIED('process._linkedBinding');
|
|
};
|
|
},
|
|
|
|
get manifest() {
|
|
if (typeof manifest === 'undefined') {
|
|
throw new ERR_MANIFEST_TDZ();
|
|
}
|
|
return manifest;
|
|
},
|
|
|
|
get src() {
|
|
if (typeof manifestSrc === 'undefined') {
|
|
throw new ERR_MANIFEST_TDZ();
|
|
}
|
|
return manifestSrc;
|
|
},
|
|
|
|
get url() {
|
|
if (typeof manifestURL === 'undefined') {
|
|
throw new ERR_MANIFEST_TDZ();
|
|
}
|
|
return manifestURL;
|
|
},
|
|
|
|
assertIntegrity(moduleURL, content) {
|
|
this.manifest.assertIntegrity(moduleURL, content);
|
|
},
|
|
});
|