Skip to content

Commit

Permalink
util: protect against monkeypatched Object prototype for inspect()
Browse files Browse the repository at this point in the history
Prevent affects of monkeypatching (for example) Object.keys() when
calling util.inspect().

PR-URL: #25953
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
  • Loading branch information
Trott committed Feb 10, 2019
1 parent ba4df92 commit 1847696
Showing 2 changed files with 19 additions and 7 deletions.
15 changes: 8 additions & 7 deletions lib/internal/util/inspect.js
Original file line number Diff line number Diff line change
@@ -63,6 +63,11 @@ const {
isBigUint64Array
} = require('internal/util/types');

const assert = require('internal/assert');

// Avoid monkey-patched built-ins.
const { Object } = primordials;

const ReflectApply = Reflect.apply;

// This function is borrowed from the function with the same name on V8 Extras'
@@ -383,13 +388,9 @@ function getKeys(value, showHidden) {
try {
keys = Object.keys(value);
} catch (err) {
if (isNativeError(err) &&
err.name === 'ReferenceError' &&
isModuleNamespaceObject(value)) {
keys = Object.getOwnPropertyNames(value);
} else {
throw err;
}
assert(isNativeError(err) && err.name === 'ReferenceError' &&
isModuleNamespaceObject(value));
keys = Object.getOwnPropertyNames(value);
}
if (symbols.length !== 0) {
keys.push(...symbols.filter((key) => propertyIsEnumerable(value, key)));
11 changes: 11 additions & 0 deletions test/parallel/test-util-primordial-monkeypatching.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
'use strict';

// Monkeypatch Object.keys() so that it throws an unexpected error. This tests
// that `util.inspect()` is unaffected by monkey-patching `Object`.

require('../common');
const assert = require('assert');
const util = require('util');

Object.keys = () => { throw new Error('fhqwhgads'); };
assert.strictEqual(util.inspect({}), '{}');

0 comments on commit 1847696

Please sign in to comment.