diff --git a/doc/api/cli.md b/doc/api/cli.md index 0ac58dba3510fb..4753b35591113f 100644 --- a/doc/api/cli.md +++ b/doc/api/cli.md @@ -439,6 +439,13 @@ added: v6.0.0 Silence all process warnings (including deprecations). +### `--force-context-aware` +<!-- YAML +added: REPLACEME +--> + +Disable loading non-context-aware native addons. + ### `--openssl-config=file` <!-- YAML added: v6.9.0 @@ -1009,6 +1016,7 @@ Node.js options that are allowed are: * `--experimental-report` * `--experimental-vm-modules` * `--experimental-wasm-modules` +* `--force-context-aware` * `--force-fips` * `--frozen-intrinsics` * `--heapsnapshot-signal` diff --git a/doc/api/errors.md b/doc/api/errors.md index 08f379afb1f633..5783724774b600 100644 --- a/doc/api/errors.md +++ b/doc/api/errors.md @@ -1609,6 +1609,11 @@ OpenSSL crypto support. An attempt was made to use features that require [ICU][], but Node.js was not compiled with ICU support. +<a id="ERR_NON_CONTEXT_AWARE_DISABLED"></a> +### ERR_NON_CONTEXT_AWARE_DISABLED + +A non-context-aware native addon was loaded in a process that disallows them. + <a id="ERR_OUT_OF_RANGE"></a> ### ERR_OUT_OF_RANGE diff --git a/src/node_binding.cc b/src/node_binding.cc index c51a892e1bcd3d..fe077e1d92eebd 100644 --- a/src/node_binding.cc +++ b/src/node_binding.cc @@ -1,4 +1,5 @@ #include "node_binding.h" +#include "node_errors.h" #include <atomic> #include "env-inl.h" #include "node_native_module_env.h" @@ -463,6 +464,13 @@ void DLOpen(const FunctionCallbackInfo<Value>& args) { } if (mp != nullptr) { + if (mp->nm_context_register_func == nullptr) { + if (env->options()->force_context_aware) { + dlib->Close(); + THROW_ERR_NON_CONTEXT_AWARE_DISABLED(env); + return false; + } + } mp->nm_dso_handle = dlib->handle_; dlib->SaveInGlobalHandleMap(mp); } else { diff --git a/src/node_errors.h b/src/node_errors.h index 261c6077bb8054..f6fca6c690a1d2 100644 --- a/src/node_errors.h +++ b/src/node_errors.h @@ -52,6 +52,7 @@ void PrintErrorString(const char* format, ...); V(ERR_MISSING_MESSAGE_PORT_IN_TRANSFER_LIST, TypeError) \ V(ERR_MISSING_PASSPHRASE, TypeError) \ V(ERR_MISSING_PLATFORM_FOR_WORKER, Error) \ + V(ERR_NON_CONTEXT_AWARE_DISABLED, Error) \ V(ERR_MODULE_NOT_FOUND, Error) \ V(ERR_OUT_OF_RANGE, RangeError) \ V(ERR_SCRIPT_EXECUTION_INTERRUPTED, Error) \ @@ -96,6 +97,8 @@ void PrintErrorString(const char* format, ...); V(ERR_MISSING_PLATFORM_FOR_WORKER, \ "The V8 platform used by this instance of Node does not support " \ "creating Workers") \ + V(ERR_NON_CONTEXT_AWARE_DISABLED, \ + "Loading non context-aware native modules has been disabled") \ V(ERR_SCRIPT_EXECUTION_INTERRUPTED, \ "Script execution was interrupted by `SIGINT`") \ V(ERR_TRANSFERRING_EXTERNALIZED_SHAREDARRAYBUFFER, \ diff --git a/src/node_options.cc b/src/node_options.cc index 570603140abef4..a9425c4c0862ec 100644 --- a/src/node_options.cc +++ b/src/node_options.cc @@ -400,6 +400,10 @@ EnvironmentOptionsParser::EnvironmentOptionsParser() { "silence all process warnings", &EnvironmentOptions::no_warnings, kAllowedInEnvironment); + AddOption("--force-context-aware", + "disable loading non-context-aware addons", + &EnvironmentOptions::force_context_aware, + kAllowedInEnvironment); AddOption("--pending-deprecation", "emit pending deprecation warnings", &EnvironmentOptions::pending_deprecation, diff --git a/src/node_options.h b/src/node_options.h index dbd85b2d584be5..c4d33831e02bbe 100644 --- a/src/node_options.h +++ b/src/node_options.h @@ -118,6 +118,7 @@ class EnvironmentOptions : public Options { bool no_deprecation = false; bool no_force_async_hooks_checks = false; bool no_warnings = false; + bool force_context_aware = false; bool pending_deprecation = false; bool preserve_symlinks = false; bool preserve_symlinks_main = false;