Nodejs/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2024-11-21 10:59:27 +00:00
Code Issues Actions 25 Packages Projects Releases Wiki Activity
eb85db4606
node/lib
History
Liran Tal 47b877993f
child_process: fix incomplete prototype pollution hardening 
Prior pull request (#48726) hardened against prototype pollution
vulnerabilities but effectively missed some use-cases which
opened a window for prototype pollution for some child_process
functions such as spawn(), spawnSync(), and execFileSync().

PR-URL: https://github.com/nodejs/node/pull/53781
Reviewed-By: Vinícius Lourenço Claro Cardoso <contact@viniciusl.com.br>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
2024-07-21 21:27:04 +00:00
..
assert
dns
fs
inspector
internal src: move ToNamespacedPath call of webstorage 2024-07-21 20:49:10 +00:00
path
readline readline: use internal addAbortListener 2024-03-16 09:08:57 +00:00
stream
test test_runner: support module detection in module mocks 2024-07-04 13:30:01 +00:00
timers fs: use kResistStopPropagation 2023-06-24 15:52:38 +00:00
util
_http_agent.js http: remove prototype primordials 2024-07-06 10:33:16 +02:00
_http_client.js http: remove prototype primordials 2024-07-06 10:33:16 +02:00
_http_common.js http: remove prototype primordials 2024-07-06 10:33:16 +02:00
_http_incoming.js http: remove prototype primordials 2024-07-06 10:33:16 +02:00
_http_outgoing.js http: remove prototype primordials 2024-07-06 10:33:16 +02:00
_http_server.js http: remove prototype primordials 2024-07-06 10:33:16 +02:00
_stream_duplex.js
_stream_passthrough.js
_stream_readable.js
_stream_transform.js
_stream_wrap.js
_stream_writable.js
_tls_common.js tls: remove prototype primordials 2024-07-07 00:56:04 +00:00
_tls_wrap.js tls: add setKeyCert() to tls.Socket 2024-07-15 15:17:59 +00:00
assert.js lib: fix assert shows diff messages in ESM and CJS 2023-11-11 14:24:56 +00:00
async_hooks.js tools: add lint rule to keep primordials in ASCII order 2024-04-21 16:53:08 +00:00
buffer.js lib: enforce ASCII order in error code imports 2024-04-23 17:05:38 +00:00
child_process.js child_process: fix incomplete prototype pollution hardening 2024-07-21 21:27:04 +00:00
cluster.js cluster: use ObjectPrototypeHasOwnProperty 2023-05-25 16:04:19 +00:00
console.js
constants.js
crypto.js tools: add lint rule to keep primordials in ASCII order 2024-04-21 16:53:08 +00:00
dgram.js lib: do not call callback if socket is closed 2024-05-23 20:32:25 +00:00
diagnostics_channel.js lib: add diagnostics_channel events to module loading 2024-06-20 21:25:04 -03:00
dns.js lib: enforce ASCII order in error code imports 2024-04-23 17:05:38 +00:00
domain.js lib: implement WeakReference on top of JS WeakRef 2023-08-16 18:45:07 +02:00
eslint.config_partial.mjs tls: remove prototype primordials 2024-07-07 00:56:04 +00:00
events.js doc, typings: events.once accepts symbol event type 2024-06-27 21:56:25 +00:00
fs.js fs: move rmSync implementation to c++ 2024-07-18 20:02:49 +00:00
http2.js http2: add server handshake utility 2024-01-12 16:09:48 +00:00
http.js http: expose websockets 2024-07-08 15:55:43 +00:00
https.js http: fix close return value mismatch between doc and implementation 2024-02-26 16:07:39 +00:00
inspector.js inspector: add initial support for network inspection 2024-07-19 05:00:30 +00:00
module.js module: implement register utility 2023-06-12 00:00:46 +00:00
net.js lib: refactor platform utility methods 2024-07-15 18:58:11 +00:00
os.js errors: improve hideStackFrames 2023-11-11 16:25:08 +00:00
path.js lib: refactor platform utility methods 2024-07-15 18:58:11 +00:00
perf_hooks.js
process.js
punycode.js lib: runtime deprecate punycode 2023-04-03 17:47:28 +00:00
querystring.js
readline.js readline: use internal addAbortListener 2024-03-16 09:08:57 +00:00
repl.js lib: enforce ASCII order in error code imports 2024-04-23 17:05:38 +00:00
sea.js sea: support sea.getRawAsset() 2024-02-02 15:25:34 +01:00
sqlite.js lib,src,test,doc: add node:sqlite module 2024-07-09 20:33:38 +00:00
stream.js stream: support typed arrays 2024-03-20 17:27:29 +00:00
string_decoder.js lib: move encodingsMap to internal/util 2024-02-27 13:27:18 +01:00
sys.js
test.js test_runner: add snapshot testing 2024-05-30 09:07:17 -04:00
timers.js lib: fix timer leak 2024-06-07 15:51:44 +00:00
tls.js tls: remove prototype primordials 2024-07-07 00:56:04 +00:00
trace_events.js trace_events: use private fields instead of symbols for Tracing 2023-12-28 23:20:22 +00:00
tty.js lib: enforce ASCII order in error code imports 2024-04-23 17:05:38 +00:00
url.js url,tools,benchmark: replace deprecated substr() 2024-05-12 22:35:31 +02:00
util.js Revert "util: move util._extend to eol" 2024-06-14 13:07:58 +00:00
v8.js v8: move ToNamespacedPath to c++ 2024-07-04 16:19:36 +00:00
vm.js tools: add lint rule to keep primordials in ASCII order 2024-04-21 16:53:08 +00:00
wasi.js wasi: make returnOnExit true by default 2023-04-11 16:35:52 -04:00
worker_threads.js worker: add postMessageToThread 2024-07-09 07:16:04 +00:00
zlib.js zlib: expose zlib.crc32() 2024-05-02 12:54:46 +00:00