From 4bdbcc3e40abfaa1252672da3b1b43bbfeaed17b Mon Sep 17 00:00:00 2001 From: Sam Roberts Date: Wed, 5 Jul 2017 14:25:55 -0700 Subject: [PATCH] src: whitelist v8 options with '_' or '-' V8 options allow either '_' or '-' to be used in options as a seperator, such as "--abort-on_uncaught-exception". Allow these case variations when used with NODE_OPTIONS. PR-URL: https://github.com/nodejs/node/pull/14093 Reviewed-By: Richard Lau Reviewed-By: Refael Ackermann Reviewed-By: James M Snell --- doc/api/cli.md | 2 +- src/node.cc | 33 ++++++++++++++++++++------ test/parallel/test-cli-node-options.js | 4 ++++ 3 files changed, 31 insertions(+), 8 deletions(-) diff --git a/doc/api/cli.md b/doc/api/cli.md index 41c747c1c3da75..f1b33e883ae883 100644 --- a/doc/api/cli.md +++ b/doc/api/cli.md @@ -372,7 +372,7 @@ Node options that are allowed are: V8 options that are allowed are: - `--abort-on-uncaught-exception` -- `--max_old_space_size` +- `--max-old-space-size` ### `NODE_REPL_HISTORY=file` diff --git a/src/node.cc b/src/node.cc index 98fde0dbbe3f65..2fd6da0c6f4c37 100644 --- a/src/node.cc +++ b/src/node.cc @@ -3786,15 +3786,34 @@ static void PrintHelp() { } +static bool ArgIsAllowed(const char* arg, const char* allowed) { + for (; *arg && *allowed; arg++, allowed++) { + // Like normal strcmp(), except that a '_' in `allowed` matches either a '-' + // or '_' in `arg`. + if (*allowed == '_') { + if (!(*arg == '_' || *arg == '-')) + return false; + } else { + if (*arg != *allowed) + return false; + } + } + + // "--some-arg=val" is allowed for "--some-arg" + if (*arg == '=') + return true; + + // Both must be null, or one string is just a prefix of the other, not a + // match. + return !*arg && !*allowed; +} + + static void CheckIfAllowedInEnv(const char* exe, bool is_env, const char* arg) { if (!is_env) return; - // Find the arg prefix when its --some_arg=val - const char* eq = strchr(arg, '='); - size_t arglen = eq ? eq - arg : strlen(arg); - static const char* whitelist[] = { // Node options, sorted in `node --help` order for ease of comparison. "--require", "-r", @@ -3820,14 +3839,14 @@ static void CheckIfAllowedInEnv(const char* exe, bool is_env, "--openssl-config", "--icu-data-dir", - // V8 options - "--abort-on-uncaught-exception", + // V8 options (define with '_', which allows '-' or '_') + "--abort_on_uncaught_exception", "--max_old_space_size", }; for (unsigned i = 0; i < arraysize(whitelist); i++) { const char* allowed = whitelist[i]; - if (strlen(allowed) == arglen && strncmp(allowed, arg, arglen) == 0) + if (ArgIsAllowed(arg, allowed)) return; } diff --git a/test/parallel/test-cli-node-options.js b/test/parallel/test-cli-node-options.js index 104473bfa69e34..a1148fd0516703 100644 --- a/test/parallel/test-cli-node-options.js +++ b/test/parallel/test-cli-node-options.js @@ -26,6 +26,7 @@ disallow('--interactive'); disallow('-i'); disallow('--v8-options'); disallow('--'); +disallow('--no_warnings'); // Node options don't allow '_' instead of '-'. function disallow(opt) { const options = {env: {NODE_OPTIONS: opt}}; @@ -43,6 +44,7 @@ const printA = require.resolve('../fixtures/printA.js'); expect(`-r ${printA}`, 'A\nB\n'); expect('--abort-on-uncaught-exception', 'B\n'); +expect('--abort_on_uncaught_exception', 'B\n'); expect('--no-deprecation', 'B\n'); expect('--no-warnings', 'B\n'); expect('--trace-warnings', 'B\n'); @@ -61,6 +63,8 @@ expect('--icu-data-dir=_d', 'B\n'); // V8 options expect('--max_old_space_size=0', 'B\n'); +expect('--max-old_space-size=0', 'B\n'); +expect('--max-old-space-size=0', 'B\n'); function expect(opt, want) { const printB = require.resolve('../fixtures/printB.js');