Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

lib: implement safe alternatives to Promise static methods #43728

Merged
merged 2 commits into from
Jul 10, 2022

Conversation

aduh95
Copy link
Contributor

@aduh95 aduh95 commented Jul 8, 2022

Alternative to #38843, but restricted to the changes related to the ESM implementation since it's easier to get consensus regarding whether we want tamperproofness on that part of the code base. /cc @nodejs/modules @nodejs/loaders

Promise static methods that iterate over the provided argument (%Promise.all%, %Promise.any%, ...) look up the then property over each promise to support promise subclassing. This PR is introducing SafePromiseAll, SafePromiseAny, etc. that take an array, safely iterate over it, and wrap each promise in a SafePromise (whose prototype is not accessible from userland) and wrap the resulting SafePromise in a classic Promise to make the operation transparent from userland.

@nodejs-github-bot
Copy link
Collaborator

Review requested:

  • @nodejs/modules

@nodejs-github-bot nodejs-github-bot added esm Issues and PRs related to the ECMAScript Modules implementation. needs-ci PRs that need a full CI run. vm Issues and PRs related to the vm subsystem. labels Jul 8, 2022
@aduh95 aduh95 changed the title lib: make primordials Promise static methods safe @aduh95 lib: implement safe alternatives to Promise static methods Jul 8, 2022
@aduh95 aduh95 changed the title @aduh95 lib: implement safe alternatives to Promise static methods lib: implement safe alternatives to Promise static methods Jul 8, 2022
Copy link
Member

@benjamingr benjamingr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is an improvement so LGTM.

Will leave another comment on the concept

@benjamingr
Copy link
Member

Actually I see this is already scoped to discussing primordials in modules so I guess that's fine and no need to re-hash the "they make contributions harder, introduce perf regressions, confuse new contributors" etc discussions.

I just want to add that tamper-proofedness requires formal proof to be meaningful IMO (which afaik we haven't done), turning off known side channels (namely the JIT and concurrent GC) etc.

@aduh95 aduh95 added author ready PRs that have at least one approval, no pending requests for changes, and a CI started. request-ci Add this label to start a Jenkins CI on a PR. labels Jul 8, 2022
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Jul 8, 2022
@nodejs-github-bot
Copy link
Collaborator

@nodejs-github-bot
Copy link
Collaborator

@nodejs-github-bot
Copy link
Collaborator

@nodejs-github-bot
Copy link
Collaborator

@nodejs-github-bot
Copy link
Collaborator

@nodejs-github-bot
Copy link
Collaborator

@nodejs-github-bot
Copy link
Collaborator

@aduh95 aduh95 added commit-queue Add this label to land a pull request using GitHub Actions. commit-queue-squash Add this label to instruct the Commit Queue to squash all the PR commits into the first one. labels Jul 10, 2022
@nodejs-github-bot nodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label Jul 10, 2022
@nodejs-github-bot nodejs-github-bot merged commit 3fb5784 into nodejs:main Jul 10, 2022
@nodejs-github-bot
Copy link
Collaborator

Landed in 3fb5784

@aduh95 aduh95 deleted the safer-promise-statics-2 branch July 10, 2022 13:24
targos pushed a commit that referenced this pull request Jul 12, 2022
PR-URL: #43728
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
nodejs-github-bot pushed a commit that referenced this pull request Jul 25, 2022
PR-URL: #43759
Refs: #43728
Reviewed-By: Feng Yu <F3n67u@outlook.com>
danielleadams pushed a commit that referenced this pull request Jul 26, 2022
PR-URL: #43759
Refs: #43728
Reviewed-By: Feng Yu <F3n67u@outlook.com>
targos pushed a commit that referenced this pull request Jul 31, 2022
PR-URL: #43728
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
targos pushed a commit that referenced this pull request Jul 31, 2022
PR-URL: #43759
Refs: #43728
Reviewed-By: Feng Yu <F3n67u@outlook.com>
targos pushed a commit that referenced this pull request Jul 31, 2022
PR-URL: #43759
Refs: #43728
Reviewed-By: Feng Yu <F3n67u@outlook.com>
targos pushed a commit that referenced this pull request Aug 1, 2022
PR-URL: #43759
Refs: #43728
Reviewed-By: Feng Yu <F3n67u@outlook.com>
Fyko pushed a commit to Fyko/node that referenced this pull request Sep 15, 2022
guangwong pushed a commit to noslate-project/node that referenced this pull request Oct 10, 2022
PR-URL: nodejs/node#43728
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
guangwong pushed a commit to noslate-project/node that referenced this pull request Oct 10, 2022
alan-agius4 added a commit to alan-agius4/universal that referenced this pull request Oct 26, 2022
…led on incompatible receiver error

Prerendering does not work when using Node.js versions that contain the following commit nodejs/node#43728 due to `loadesm` is now using `SafePromiseAll` which is not handled properly by zone.js.

With this chage we introduce a workaround until it's fix upstream.
alan-agius4 added a commit to alan-agius4/universal that referenced this pull request Oct 26, 2022
…led on incompatible receiver error

Prerendering does not work when using Node.js versions that contain the following commit nodejs/node#43728 due to `loadesm` is now using `SafePromiseAll` which is not handled properly by zone.js.

With this chage we introduce a workaround until it's fix upstream.
alan-agius4 added a commit to alan-agius4/universal that referenced this pull request Oct 27, 2022
…led on incompatible receiver error

Prerendering does not work when using Node.js versions that contain the following commit nodejs/node#43728 due to `loadesm` is now using `SafePromiseAll` which is not handled properly by zone.js.
alan-agius4 added a commit to alan-agius4/universal that referenced this pull request Oct 27, 2022
…led on incompatible receiver error

Prerendering does not work when using Node.js versions that contain the following commit nodejs/node#43728 due to `loadesm` is now using `SafePromiseAll` which is not handled properly by zone.js.
alan-agius4 added a commit to angular/universal that referenced this pull request Oct 27, 2022
…led on incompatible receiver error

Prerendering does not work when using Node.js versions that contain the following commit nodejs/node#43728 due to `loadesm` is now using `SafePromiseAll` which is not handled properly by zone.js.
alan-agius4 added a commit to angular/universal that referenced this pull request Oct 27, 2022
…led on incompatible receiver error

Prerendering does not work when using Node.js versions that contain the following commit nodejs/node#43728 due to `loadesm` is now using `SafePromiseAll` which is not handled properly by zone.js.

(cherry picked from commit b7dbc25)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. commit-queue-squash Add this label to instruct the Commit Queue to squash all the PR commits into the first one. esm Issues and PRs related to the ECMAScript Modules implementation. needs-ci PRs that need a full CI run. vm Issues and PRs related to the vm subsystem.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants