Skip to content

Commit eeb3a9b

Browse files
ExE-BossExE-Boss
committed
lib: avoid unsafe String methods that depend on RegExp prototype methods
1 parent a257294 commit eeb3a9b

22 files changed

Lines changed: 111 additions & 96 deletions

lib/_tls_common.js

Lines changed: 10 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ const tls = require('tls');
2626
const {
2727
ArrayPrototypePush,
2828
ObjectCreate,
29-
StringPrototypeReplace,
29+
RegExpPrototypeSymbolReplace,
3030
} = primordials;
3131

3232
const {
@@ -135,13 +135,15 @@ function translatePeerCertificate(c) {
135135
c.infoAccess = ObjectCreate(null);
136136

137137
// XXX: More key validation?
138-
StringPrototypeReplace(info, /([^\n:]*):([^\n]*)(?:\n|$)/g,
139-
(all, key, val) => {
140-
if (key in c.infoAccess)
141-
ArrayPrototypePush(c.infoAccess[key], val);
142-
else
143-
c.infoAccess[key] = [val];
144-
});
138+
RegExpPrototypeSymbolReplace(
139+
/([^\n:]*):([^\n]*)(?:\n|$)/g,
140+
info,
141+
(all, key, val) => {
142+
if (key in c.infoAccess)
143+
ArrayPrototypePush(c.infoAccess[key], val);
144+
else
145+
c.infoAccess[key] = [val];
146+
});
145147
}
146148
return c;
147149
}

lib/_tls_wrap.js

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -31,8 +31,9 @@ const {
3131
ObjectSetPrototypeOf,
3232
ReflectApply,
3333
RegExp,
34+
RegExpPrototypeSymbolReplace,
3435
RegExpPrototypeTest,
35-
StringPrototypeReplace,
36+
StringPrototypeReplaceAll,
3637
StringPrototypeSlice,
3738
Symbol,
3839
SymbolFor,
@@ -1444,9 +1445,10 @@ Server.prototype.addContext = function(servername, context) {
14441445
throw new ERR_TLS_REQUIRED_SERVER_NAME();
14451446
}
14461447

1447-
const re = new RegExp('^' + StringPrototypeReplace(
1448-
StringPrototypeReplace(servername, /([.^$+?\-\\[\]{}])/g, '\\$1'),
1449-
/\*/g, '[^.]*'
1448+
const re = new RegExp('^' + StringPrototypeReplaceAll(
1449+
RegExpPrototypeSymbolReplace(/([.^$+?\-\\[\]{}])/g, servername, '\\$1'),
1450+
'*',
1451+
'[^.]*',
14501452
) + '$');
14511453
ArrayPrototypePush(this._contexts,
14521454
[re, tls.createSecureContext(context).context]);

lib/assert.js

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -35,13 +35,14 @@ const {
3535
ObjectKeys,
3636
ObjectPrototypeIsPrototypeOf,
3737
ReflectApply,
38+
RegExpPrototypeSymbolReplace,
3839
RegExpPrototypeTest,
3940
SafeMap,
4041
String,
4142
StringPrototypeCharCodeAt,
4243
StringPrototypeIncludes,
4344
StringPrototypeIndexOf,
44-
StringPrototypeReplace,
45+
StringPrototypeReplaceAll,
4546
StringPrototypeSlice,
4647
StringPrototypeSplit,
4748
StringPrototypeStartsWith,
@@ -271,9 +272,10 @@ function parseCode(code, offset) {
271272

272273
return [
273274
node.node.start,
274-
StringPrototypeReplace(StringPrototypeSlice(code,
275-
node.node.start, node.node.end),
276-
escapeSequencesRegExp, escapeFn),
275+
RegExpPrototypeSymbolReplace(
276+
escapeSequencesRegExp,
277+
StringPrototypeSlice(code, node.node.start, node.node.end),
278+
escapeFn),
277279
];
278280
}
279281

@@ -346,7 +348,7 @@ function getErrMessage(message, fn) {
346348
// Always normalize indentation, otherwise the message could look weird.
347349
if (StringPrototypeIncludes(message, '\n')) {
348350
if (EOL === '\r\n') {
349-
message = StringPrototypeReplace(message, /\r\n/g, '\n');
351+
message = StringPrototypeReplaceAll(message, '\r\n', '\n');
350352
}
351353
const frames = StringPrototypeSplit(message, '\n');
352354
message = ArrayPrototypeShift(frames);

lib/buffer.js

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -36,8 +36,8 @@ const {
3636
ObjectDefineProperties,
3737
ObjectDefineProperty,
3838
ObjectSetPrototypeOf,
39+
RegExpPrototypeSymbolReplace,
3940
StringPrototypeCharCodeAt,
40-
StringPrototypeReplace,
4141
StringPrototypeSlice,
4242
StringPrototypeToLowerCase,
4343
StringPrototypeTrim,
@@ -832,8 +832,8 @@ Buffer.prototype[customInspectSymbol] = function inspect(recurseTimes, ctx) {
832832
const max = INSPECT_MAX_BYTES;
833833
const actualMax = MathMin(max, this.length);
834834
const remaining = this.length - max;
835-
let str = StringPrototypeTrim(StringPrototypeReplace(
836-
this.hexSlice(0, actualMax), /(.{2})/g, '$1 '));
835+
let str = StringPrototypeTrim(RegExpPrototypeSymbolReplace(
836+
/(.{2})/g, this.hexSlice(0, actualMax), '$1 '));
837837
if (remaining > 0)
838838
str += ` ... ${remaining} more byte${remaining > 1 ? 's' : ''}`;
839839
// Inspect special properties as well, if possible.

lib/internal/console/constructor.js

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ const {
2929
StringPrototypeIncludes,
3030
StringPrototypePadStart,
3131
StringPrototypeRepeat,
32-
StringPrototypeReplace,
32+
StringPrototypeReplaceAll,
3333
StringPrototypeSlice,
3434
StringPrototypeSplit,
3535
Symbol,
@@ -265,7 +265,7 @@ ObjectDefineProperties(Console.prototype, {
265265

266266
if (groupIndent.length !== 0) {
267267
if (StringPrototypeIncludes(string, '\n')) {
268-
string = StringPrototypeReplace(string, /\n/g, `\n${groupIndent}`);
268+
string = StringPrototypeReplaceAll(string, '\n', `\n${groupIndent}`);
269269
}
270270
string = groupIndent + string;
271271
}

lib/internal/dns/utils.js

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -7,8 +7,8 @@ const {
77
ArrayPrototypePush,
88
FunctionPrototypeBind,
99
NumberParseInt,
10-
StringPrototypeMatch,
11-
StringPrototypeReplace,
10+
RegExpPrototypeExec,
11+
RegExpPrototypeSymbolReplace,
1212
} = primordials;
1313

1414
const errors = require('internal/errors');
@@ -86,21 +86,22 @@ class Resolver {
8686
if (ipVersion !== 0)
8787
return ArrayPrototypePush(newSet, [ipVersion, serv, IANA_DNS_PORT]);
8888

89-
const match = StringPrototypeMatch(serv, IPv6RE);
89+
const match = RegExpPrototypeExec(IPv6RE, serv);
9090

9191
// Check for an IPv6 in brackets.
9292
if (match) {
9393
ipVersion = isIP(match[1]);
9494

9595
if (ipVersion !== 0) {
9696
const port = NumberParseInt(
97-
StringPrototypeReplace(serv, addrSplitRE, '$2')) || IANA_DNS_PORT;
97+
RegExpPrototypeSymbolReplace(addrSplitRE, serv, '$2')
98+
) || IANA_DNS_PORT;
9899
return ArrayPrototypePush(newSet, [ipVersion, match[1], port]);
99100
}
100101
}
101102

102103
// addr::port
103-
const addrSplitMatch = StringPrototypeMatch(serv, addrSplitRE);
104+
const addrSplitMatch = RegExpPrototypeExec(addrSplitRE, serv);
104105

105106
if (addrSplitMatch) {
106107
const hostIP = addrSplitMatch[1];

lib/internal/errors.js

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -41,14 +41,14 @@ const {
4141
ObjectPrototypeHasOwnProperty,
4242
RangeError,
4343
ReflectApply,
44+
RegExpPrototypeExec,
4445
RegExpPrototypeTest,
4546
SafeArrayIterator,
4647
SafeMap,
4748
SafeWeakMap,
4849
String,
4950
StringPrototypeEndsWith,
5051
StringPrototypeIncludes,
51-
StringPrototypeMatch,
5252
StringPrototypeSlice,
5353
StringPrototypeSplit,
5454
StringPrototypeStartsWith,
@@ -422,7 +422,7 @@ function getMessage(key, args, self) {
422422
}
423423

424424
const expectedLength =
425-
(StringPrototypeMatch(msg, /%[dfijoOs]/g) || []).length;
425+
(RegExpPrototypeExec(/%[dfijoOs]/g, msg) || []).length;
426426
assert(
427427
expectedLength === args.length,
428428
`Code: ${key}; The provided arguments length (${args.length}) does not ` +

lib/internal/fs/utils.js

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ const {
1919
ReflectOwnKeys,
2020
StringPrototypeEndsWith,
2121
StringPrototypeIncludes,
22-
StringPrototypeReplace,
22+
StringPrototypeReplaceAll,
2323
Symbol,
2424
TypedArrayPrototypeIncludes,
2525
} = primordials;
@@ -393,7 +393,7 @@ function preprocessSymlinkDestination(path, type, linkPath) {
393393
return pathModule.toNamespacedPath(path);
394394
}
395395
// Windows symlinks don't tolerate forward slashes.
396-
return StringPrototypeReplace(path, /\//g, '\\');
396+
return StringPrototypeReplaceAll(path, '/', '\\');
397397
}
398398

399399
// Constructor for file stats.

lib/internal/main/print_help.js

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -8,11 +8,11 @@ const {
88
MathMax,
99
ObjectKeys,
1010
RegExp,
11+
RegExpPrototypeSymbolReplace,
1112
StringPrototypeLocaleCompare,
1213
StringPrototypeSlice,
1314
StringPrototypeTrimLeft,
1415
StringPrototypeRepeat,
15-
StringPrototypeReplace,
1616
SafeMap,
1717
} = primordials;
1818

@@ -77,14 +77,14 @@ const envVars = new SafeMap(ArrayPrototypeConcat([
7777

7878

7979
function indent(text, depth) {
80-
return StringPrototypeReplace(text, /^/gm, StringPrototypeRepeat(' ', depth));
80+
return RegExpPrototypeSymbolReplace(/^/gm, text, StringPrototypeRepeat(' ', depth));
8181
}
8282

8383
function fold(text, width) {
84-
return StringPrototypeReplace(text,
85-
new RegExp(`([^\n]{0,${width}})( |$)`, 'g'),
86-
(_, newLine, end) =>
87-
newLine + (end === ' ' ? '\n' : ''));
84+
return RegExpPrototypeSymbolReplace(
85+
new RegExp(`([^\n]{0,${width}})( |$)`, 'g'),
86+
text,
87+
(_, newLine, end) => newLine + (end === ' ' ? '\n' : ''));
8888
}
8989

9090
function getArgDescription(type) {

lib/internal/modules/cjs/loader.js

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,6 @@ const {
5858
StringPrototypeEndsWith,
5959
StringPrototypeLastIndexOf,
6060
StringPrototypeIndexOf,
61-
StringPrototypeMatch,
6261
StringPrototypeRepeat,
6362
StringPrototypeSlice,
6463
StringPrototypeSplit,
@@ -472,7 +471,7 @@ const EXPORTS_PATTERN = /^((?:@[^/\\%]+\/)?[^./\\%][^/\\%]*)(\/.*)?$/;
472471
function resolveExports(nmPath, request) {
473472
// The implementation's behavior is meant to mirror resolution in ESM.
474473
const { 1: name, 2: expansion = '' } =
475-
StringPrototypeMatch(request, EXPORTS_PATTERN) || [];
474+
RegExpPrototypeExec(EXPORTS_PATTERN, request) || [];
476475
if (!name)
477476
return;
478477
const pkgPath = path.resolve(nmPath, name);

0 commit comments

Comments
 (0)