From 40f51d8e83e8f71fa1c66a07475e4e760abaceed Mon Sep 17 00:00:00 2001 From: Antoine du Hamel Date: Sat, 9 Jul 2022 14:02:35 +0200 Subject: [PATCH] test_runner: protect internals against prototype tampering MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit PR-URL: https://github.com/nodejs/node/pull/43578 Reviewed-By: Tobias Nießen Reviewed-By: Mohammed Keyvanzadeh Reviewed-By: Colin Ihrig Reviewed-By: James M Snell --- lib/internal/test_runner/test.js | 2 +- test/fixtures/test-runner/protoMutation.js | 3 +++ test/parallel/test-runner-cli.js | 16 ++++++++++++++++ 3 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 test/fixtures/test-runner/protoMutation.js diff --git a/lib/internal/test_runner/test.js b/lib/internal/test_runner/test.js index e27a700424a076..3d5230b082c3e6 100644 --- a/lib/internal/test_runner/test.js +++ b/lib/internal/test_runner/test.js @@ -222,7 +222,7 @@ class Test extends AsyncResource { } } - const test = new Factory({ fn, name, parent, ...options, ...overrides }); + const test = new Factory({ __proto__: null, fn, name, parent, ...options, ...overrides }); if (parent.waitingOn === 0) { parent.waitingOn = test.testNumber; diff --git a/test/fixtures/test-runner/protoMutation.js b/test/fixtures/test-runner/protoMutation.js new file mode 100644 index 00000000000000..20071b9ecf7c75 --- /dev/null +++ b/test/fixtures/test-runner/protoMutation.js @@ -0,0 +1,3 @@ +'use strict'; + +Object.prototype.skip = true; diff --git a/test/parallel/test-runner-cli.js b/test/parallel/test-runner-cli.js index 7bd95372a2d68b..552d64d7c40ba2 100644 --- a/test/parallel/test-runner-cli.js +++ b/test/parallel/test-runner-cli.js @@ -34,6 +34,22 @@ const testFixtures = fixtures.path('test-runner'); assert.match(stdout, /ok 4 - .+random\.cjs/); } +{ + // Same but with a prototype mutation in require scripts. + const args = ['--require', join(testFixtures, 'protoMutation.js'), '--test', testFixtures]; + const child = spawnSync(process.execPath, args); + + const stdout = child.stdout.toString(); + assert.match(stdout, /ok 1 - .+index\.test\.js/); + assert.match(stdout, /not ok 2 - .+random\.test\.mjs/); + assert.match(stdout, /not ok 1 - this should fail/); + assert.match(stdout, /ok 3 - .+subdir.+subdir_test\.js/); + assert.match(stdout, /ok 4 - .+random\.cjs/); + assert.strictEqual(child.status, 1); + assert.strictEqual(child.signal, null); + assert.strictEqual(child.stderr.toString(), ''); +} + { // User specified files that don't match the pattern are still run. const args = ['--test', testFixtures, join(testFixtures, 'index.js')];