jiangcuo/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-05-13 13:01:31 +00:00
Code Issues Actions 14 Packages Projects Releases Wiki Activity
f76b28f2cf
node/test/parallel/test-child-process-prototype-tampering.mjs
Livia Medeiros 6a889261c8
child_process: harden against prototype pollution 
PR-URL: https://github.com/nodejs/node/pull/48726
Reviewed-By: Matthew Aitken <maitken033380023@gmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
2023-07-14 09:37:37 +00:00

60 lines
1.9 KiB
JavaScript
Raw Blame History

import * as common from '../common/index.mjs';
import * as fixtures from '../common/fixtures.mjs';
import { EOL } from 'node:os';
import { strictEqual } from 'node:assert';
import cp from 'node:child_process';
// TODO(LiviaMedeiros): test on different platforms
if (!common.isLinux)
common.skip();
const expectedCWD = process.cwd();
const expectedUID = process.getuid();
for (const tamperedCwd of ['', '/tmp', '/not/existing/malicious/path', 42n]) {
Object.prototype.cwd = tamperedCwd;
cp.exec('pwd', common.mustSucceed((out) => {
strictEqual(`${out}`, `${expectedCWD}${EOL}`);
}));
strictEqual(`${cp.execSync('pwd')}`, `${expectedCWD}${EOL}`);
cp.execFile('pwd', common.mustSucceed((out) => {
strictEqual(`${out}`, `${expectedCWD}${EOL}`);
}));
strictEqual(`${cp.execFileSync('pwd')}`, `${expectedCWD}${EOL}`);
cp.spawn('pwd').stdout.on('data', common.mustCall((out) => {
strictEqual(`${out}`, `${expectedCWD}${EOL}`);
}));
strictEqual(`${cp.spawnSync('pwd').stdout}`, `${expectedCWD}${EOL}`);
delete Object.prototype.cwd;
}
for (const tamperedUID of [0, 1, 999, 1000, 0n, 'gwak']) {
Object.prototype.uid = tamperedUID;
cp.exec('id -u', common.mustSucceed((out) => {
strictEqual(`${out}`, `${expectedUID}${EOL}`);
}));
strictEqual(`${cp.execSync('id -u')}`, `${expectedUID}${EOL}`);
cp.execFile('id', ['-u'], common.mustSucceed((out) => {
strictEqual(`${out}`, `${expectedUID}${EOL}`);
}));
strictEqual(`${cp.execFileSync('id', ['-u'])}`, `${expectedUID}${EOL}`);
cp.spawn('id', ['-u']).stdout.on('data', common.mustCall((out) => {
strictEqual(`${out}`, `${expectedUID}${EOL}`);
}));
strictEqual(`${cp.spawnSync('id', ['-u']).stdout}`, `${expectedUID}${EOL}`);
delete Object.prototype.uid;
}
{
Object.prototype.execPath = '/not/existing/malicious/path';
// Does not throw ENOENT
cp.fork(fixtures.path('empty.js'));
delete Object.prototype.execPath;
}
Reference in New Issue View Git Blame Copy Permalink