crypto: refactor hasAnyNotIn to avoid unsafe array iteration

aduh95 · aduh95 · commit e7283adfb227 · 2021-02-18T14:51:48.000+01:00
diff --git a/lib/internal/crypto/aes.js b/lib/internal/crypto/aes.js
@@ -222,7 +222,7 @@ async function aesGenerateKey(algorithm, extractable, keyUsages) {
 
   const usageSet = new SafeSet(keyUsages);
 
-  if (hasAnyNotIn(usageSet, 'encrypt', 'decrypt', 'wrapKey', 'unwrapKey')) {
+  if (hasAnyNotIn(usageSet, ['encrypt', 'decrypt', 'wrapKey', 'unwrapKey'])) {
     throw lazyDOMException(
       'Unsupported key usage for an AES key',
       'SyntaxError');
@@ -257,7 +257,7 @@ async function aesImportKey(
     ArrayPrototypePush(checkUsages, 'encrypt', 'decrypt');
 
   const usagesSet = new SafeSet(keyUsages);
-  if (hasAnyNotIn(usagesSet, ...checkUsages)) {
+  if (hasAnyNotIn(usagesSet, checkUsages)) {
     throw lazyDOMException(
       'Unsupported key usage for an AES key',
       'SyntaxError');
diff --git a/lib/internal/crypto/diffiehellman.js b/lib/internal/crypto/diffiehellman.js
@@ -356,7 +356,7 @@ function verifyAcceptableDhKeyUse(name, type, usages) {
       checkSet = [];
       break;
   }
-  if (hasAnyNotIn(usages, ...checkSet)) {
+  if (hasAnyNotIn(usages, checkSet)) {
     throw lazyDOMException(
       `Unsupported key usage for an ${name} key`,
       'SyntaxError');
@@ -369,7 +369,7 @@ async function dhGenerateKey(
   keyUsages) {
   const usageSet = new SafeSet(keyUsages);
 
-  if (hasAnyNotIn(usageSet, 'deriveKey', 'deriveBits')) {
+  if (hasAnyNotIn(usageSet, ['deriveKey', 'deriveBits'])) {
     throw lazyDOMException(
       'Unsupported key usage for a DH key',
       'SyntaxError');
diff --git a/lib/internal/crypto/dsa.js b/lib/internal/crypto/dsa.js
@@ -60,7 +60,7 @@ function verifyAcceptableDsaKeyUse(name, type, usages) {
       checkSet = ['verify'];
       break;
   }
-  if (hasAnyNotIn(usages, ...checkSet)) {
+  if (hasAnyNotIn(usages, checkSet)) {
     throw lazyDOMException(
       `Unsupported key usage for an ${name} key`,
       'SyntaxError');
@@ -84,7 +84,7 @@ async function dsaGenerateKey(
 
   const usageSet = new SafeSet(keyUsages);
 
-  if (hasAnyNotIn(usageSet, 'sign', 'verify')) {
+  if (hasAnyNotIn(usageSet, ['sign', 'verify'])) {
     throw lazyDOMException(
       'Unsupported key usage for a DSA key',
       'SyntaxError');
diff --git a/lib/internal/crypto/ec.js b/lib/internal/crypto/ec.js
@@ -78,7 +78,7 @@ function verifyAcceptableEcKeyUse(name, type, usages) {
           break;
       }
   }
-  if (hasAnyNotIn(usages, ...checkSet)) {
+  if (hasAnyNotIn(usages, checkSet)) {
     throw lazyDOMException(
       `Unsupported key usage for a ${name} key`,
       'SyntaxError');
@@ -148,14 +148,14 @@ async function ecGenerateKey(algorithm, extractable, keyUsages) {
     case 'NODE-ED25519':
       // Fall through
     case 'NODE-ED448':
-      if (hasAnyNotIn(usageSet, 'sign', 'verify')) {
+      if (hasAnyNotIn(usageSet, ['sign', 'verify'])) {
         throw lazyDOMException(
           'Unsupported key usage for an ECDSA key',
           'SyntaxError');
       }
       break;
     case 'ECDH':
-      if (hasAnyNotIn(usageSet, 'deriveKey', 'deriveBits')) {
+      if (hasAnyNotIn(usageSet, ['deriveKey', 'deriveBits'])) {
         throw lazyDOMException(
           'Unsupported key usage for an ECDH key',
           'SyntaxError');
diff --git a/lib/internal/crypto/mac.js b/lib/internal/crypto/mac.js
@@ -56,7 +56,7 @@ async function hmacGenerateKey(algorithm, extractable, keyUsages) {
   validateBitLength(length, 'algorithm.length', true);
 
   const usageSet = new SafeSet(keyUsages);
-  if (hasAnyNotIn(usageSet, 'sign', 'verify')) {
+  if (hasAnyNotIn(usageSet, ['sign', 'verify'])) {
     throw lazyDOMException(
       'Unsupported key usage for an HMAC key',
       'SyntaxError');
@@ -89,7 +89,7 @@ async function hmacImportKey(
     throw new ERR_MISSING_OPTION('algorithm.hash');
 
   const usagesSet = new SafeSet(keyUsages);
-  if (hasAnyNotIn(usagesSet, 'sign', 'verify')) {
+  if (hasAnyNotIn(usagesSet, ['sign', 'verify'])) {
     throw lazyDOMException(
       'Unsupported key usage for an HMAC key',
       'SyntaxError');
diff --git a/lib/internal/crypto/rsa.js b/lib/internal/crypto/rsa.js
@@ -93,7 +93,7 @@ function verifyAcceptableRsaKeyUse(name, type, usages) {
           break;
       }
   }
-  if (hasAnyNotIn(usages, ...checkSet)) {
+  if (hasAnyNotIn(usages, checkSet)) {
     throw lazyDOMException(
       `Unsupported key usage for an ${name} key`,
       'SyntaxError');
@@ -155,14 +155,15 @@ async function rsaKeyGenerate(
 
   switch (name) {
     case 'RSA-OAEP':
-      if (hasAnyNotIn(usageSet, 'encrypt', 'decrypt', 'wrapKey', 'unwrapKey')) {
+      if (hasAnyNotIn(usageSet,
+                      ['encrypt', 'decrypt', 'wrapKey', 'unwrapKey'])) {
         throw lazyDOMException(
           'Unsupported key usage for a RSA key',
           'SyntaxError');
       }
       break;
     default:
-      if (hasAnyNotIn(usageSet, 'sign', 'verify')) {
+      if (hasAnyNotIn(usageSet, ['sign', 'verify'])) {
         throw lazyDOMException(
           'Unsupported key usage for a RSA key',
           'SyntaxError');
diff --git a/lib/internal/crypto/util.js b/lib/internal/crypto/util.js
@@ -236,7 +236,7 @@ function normalizeAlgorithm(algorithm, label = 'algorithm') {
   throw lazyDOMException('Unrecognized name.', 'NotSupportedError');
 }
 
-function hasAnyNotIn(set, ...check) {
+function hasAnyNotIn(set, check) {
   for (const s of set)
     if (!ArrayPrototypeIncludes(check, s))
       return true;
diff --git a/lib/internal/crypto/webcrypto.js b/lib/internal/crypto/webcrypto.js
@@ -402,7 +402,7 @@ async function importGenericSecretKey(
   if (extractable)
     throw lazyDOMException(`${name} keys are not extractable`, 'SyntaxError');
 
-  if (hasAnyNotIn(usagesSet, 'deriveKey', 'deriveBits')) {
+  if (hasAnyNotIn(usagesSet, ['deriveKey', 'deriveBits'])) {
     throw lazyDOMException(
       `Unsupported key usage for a ${name} key`,
       'SyntaxError');
@@ -419,7 +419,7 @@ async function importGenericSecretKey(
       break;
     }
     case 'raw':
-      if (hasAnyNotIn(usagesSet, 'deriveKey', 'deriveBits')) {
+      if (hasAnyNotIn(usagesSet, ['deriveKey', 'deriveBits'])) {
         throw lazyDOMException(
           `Unsupported key usage for a ${name} key`,
           'SyntaxError');

Original file line number	Diff line number	Diff line change
`@@ -236,7 +236,7 @@ function normalizeAlgorithm(algorithm, label = 'algorithm') {`
`236`	`236`	`throw lazyDOMException('Unrecognized name.', 'NotSupportedError');`
`237`	`237`	`}`
`238`	`238`
`239`		`-function hasAnyNotIn(set, ...check) {`
	`239`	`+function hasAnyNotIn(set, check) {`
`240`	`240`	`for (const s of set)`
`241`	`241`	`if (!ArrayPrototypeIncludes(check, s))`
`242`	`242`	`return true;`