lib: be robust when process global is clobbered #10135
- Loading branch information
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -7,9 +7,13 @@ | |
|
|
||
| 'use strict'; | ||
|
|
||
| (function(global, process) { | ||
|
|
||
| function startup(global, process) { | ||
| // Expose the global object as a property on itself | ||
| // (Allows you to set stuff on `global` from anywhere in JavaScript.) | ||
| global.global = global; | ||
|
Contributor
There was a problem hiding this comment. Shouldn't this also be non-writable?
Member
There was a problem hiding this comment. @thefourtheye Have you seen #10405 / https://tc39.github.io/proposal-global/?
Contributor
There was a problem hiding this comment. Oh not yet. Thanks. I'll read that.
Member
There was a problem hiding this comment. (it should be non-enumerable though)
Member
Author
There was a problem hiding this comment. For the record: this is just the |
||
|
|
||
| const EventEmitter = NativeModule.require('events'); | ||
| process._eventsCount = 0; | ||
|
|
||
|
|
@@ -196,7 +200,12 @@ | |
| enumerable: false, | ||
| configurable: true | ||
| }); | ||
| Object.defineProperty(global, 'process', { | ||
|
Member
There was a problem hiding this comment. I don't think this is needed / warranted. If someone wants to delete
Member
Author
There was a problem hiding this comment. It was requested by @sam-github in #10135 (comment).
Member
There was a problem hiding this comment. basically, if we set this precedent I would be much more comfortable locking down all things that core could depend on, either by adding them to a closure ala https://github.com/bmeck/node/tree/no-globals or by freezing them on the global. There are many of these globals that break
Contributor
There was a problem hiding this comment. Are there many? https://nodejs.org/api/globals.html documents only a bit more than a dozen "globals", and half of them aren't global, they are module-scoped variables. Perhaps all the "globals" should be module-scoped variables? So that its impossible to mess with them globally?
Member
There was a problem hiding this comment.
Member
There was a problem hiding this comment. this does not include prototype hijacking protection, thats raw global refs. |
||
| value: process, | ||
| writable: false, | ||
| enumerable: true, | ||
| configurable: true | ||
| }); | ||
| const util = NativeModule.require('util'); | ||
|
|
||
| // Deprecate GLOBAL and root | ||
|
|
@@ -532,5 +541,5 @@ | |
| NativeModule._cache[this.id] = this; | ||
| }; | ||
|
|
||
| startup(global, process); | ||
| }); | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,7 @@ | ||
| /* eslint-disable no-global-assign */ | ||
| 'use strict'; | ||
|
|
||
| require('../common'); | ||
| const assert = require('assert'); | ||
|
|
||
| assert.throws(() => process = null, /Cannot assign to read only property/); | ||
|
Member
There was a problem hiding this comment. I don't think this should throw. Natives should be robust w/o relying on globals once startup finishes
Member
Author
There was a problem hiding this comment. The built-in libraries are, this checks that
Member
There was a problem hiding this comment. I don't think that is appropriate to lock down. |
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you please give an example? I don't follow.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I didn't write this comment, I only moved it around. I can remove it if you want.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, it came from C++ code. I think we can remove this now.