Skip to content

child_process: harden fork arguments validation#27039

Closed
ZYSzys wants to merge 1 commit into
nodejs:masterfrom
zys-contrib:cp-fork
Closed

child_process: harden fork arguments validation#27039
ZYSzys wants to merge 1 commit into
nodejs:masterfrom
zys-contrib:cp-fork

Conversation

@ZYSzys
Copy link
Copy Markdown
Member

@ZYSzys ZYSzys commented Apr 1, 2019
edited
Loading

Ensure that the first argument modulePath of fork method must be provided and be of type string.

Also merge test-child-process-fork-options.js(which ensure that the second argument can be undefined or null) into test-child-process-fork-args.js

Maybe should be semver-major since different error now ?

Before:

> child_process.fork()
...
> internal/modules/cjs/loader.js:651
    throw err;
    ^

Error: Cannot find module '/Users/zyszys/Projects/nodejs/node/undefined'
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:649:15)
    at Function.Module._load (internal/modules/cjs/loader.js:575:25)
    at Function.Module.runMain (internal/modules/cjs/loader.js:862:12)
    at internal/main/run_main_module.js:21:11

After validation:

> child_process.fork()
Thrown:
TypeError [ERR_INVALID_ARG_TYPE]: The "modulePath" argument must be of type string. Received type undefined
    at validateString (internal/validators.js:105:11)
    at Object.fork (child_process.js:63:3)
    at repl:1:15
    at Script.runInThisContext (vm.js:124:20)
    at REPLServer.defaultEval (repl.js:360:29)
    at bound (domain.js:413:14)
    at REPLServer.runBound [as eval] (domain.js:426:12)
    at REPLServer.onLine (repl.js:667:10)
    at REPLServer.emit (events.js:199:15)
    at REPLServer.EventEmitter.emit (domain.js:469:20)
Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • commit message follows commit guidelines

@nodejs-github-bot
Copy link
Copy Markdown
Collaborator

nodejs-github-bot commented Apr 1, 2019

Lite-CI: https://ci.nodejs.org/job/node-test-pull-request-lite-pipeline/3133

@nodejs-github-bot nodejs-github-bot added the child_process Issues and PRs related to the child_process subsystem. label Apr 1, 2019
@ZYSzys ZYSzys added the semver-major PRs that contain breaking changes and should be released in the next major version. label Apr 1, 2019
@nodejs-github-bot
Copy link
Copy Markdown
Collaborator

nodejs-github-bot commented Apr 1, 2019

CI: https://ci.nodejs.org/job/node-test-pull-request/22095/

This was referenced Apr 2, 2019
Closed
Closed
@nodejs nodejs deleted a comment from nodejs-github-bot Apr 2, 2019
@nodejs-github-bot
Copy link
Copy Markdown
Collaborator

nodejs-github-bot commented Apr 2, 2019

CI: https://ci.nodejs.org/job/node-test-pull-request/22131/

@ZYSzys
Copy link
Copy Markdown
Member Author

ZYSzys commented Apr 2, 2019

/cc @nodejs/child_process Could you please have a review on this?

@BridgeAR
Copy link
Copy Markdown
Member

BridgeAR commented Apr 4, 2019

Since this was broken before (as in: would always result in an error), should this really be semver-major?

@BridgeAR BridgeAR added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Apr 4, 2019
@ZYSzys
Copy link
Copy Markdown
Member Author

ZYSzys commented Apr 5, 2019
edited
Loading

I’m not sure exactly, but one thing would be broken now is, e.g, child_process.fork(1) would throw error even if we have 1.js in current dir(we should use child_process.fork(‘1’)).

@ZYSzys
Copy link
Copy Markdown
Member Author

ZYSzys commented Apr 8, 2019

Ping @nodejs/tsc , can I get some reviews since it's semver major ?

@BridgeAR BridgeAR added the review wanted PRs that need reviews. label Apr 9, 2019
@ZYSzys ZYSzys requested a review from a team April 11, 2019 08:01
@ZYSzys
Copy link
Copy Markdown
Member Author

ZYSzys commented Apr 12, 2019

Landed in 9ad5106.

Thanks all!

@ZYSzys ZYSzys closed this Apr 12, 2019
ZYSzys added a commit that referenced this pull request Apr 12, 2019
@ZYSzys
child_process: harden fork arguments validation
9ad5106 
Ensure that the first argument `modulePath` of `fork` method
must be provided and be of type string.

PR-URL: #27039
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
@ZYSzys ZYSzys removed the review wanted PRs that need reviews. label Apr 12, 2019
@ZYSzys ZYSzys deleted the cp-fork branch April 12, 2019 05:01
@BethGriggs BethGriggs mentioned this pull request Apr 18, 2019
Merged
BethGriggs added a commit that referenced this pull request Apr 22, 2019
@BethGriggs
2019-04-23, Version 12.0.0 (Current)
bac024b 
Notable changes:

* assert:
  * improve performance to instantiate errors (Ruben Bridgewater)
    [#26738](#26738)
  * validate required arguments (Ruben Bridgewater)
    [#26641](#26641)
  * adjust loose assertions (Ruben Bridgewater)
    [#25008](#25008)
* async_hooks:
  * remove deprecated emitBefore and emitAfter (Matteo Collina)
    [#26530](#26530)
  * remove promise object from resource (Andreas Madsen)
    [#23443](#23443)
* bootstrap
  * make Buffer and process non-enumerable (Ruben Bridgewater)
    [#24874](#24874)
* buffer:
  * use stricter range checks (Ruben Bridgewater)
    [#27045](#27045)
  * harden SlowBuffer creation (ZYSzys)
    [#26272](#26272)
  * harden validation of buffer allocation size (ZYSzys)
    [#26162](#26162)
  * do proper error propagation in addon methods (Anna Henningsen)
    [#23939](#23939)
* child_process:
  * change the defaults maxBuffer size (kohta ito)
    [#27179](#27179)
  * harden fork arguments validation (ZYSzys)
    [#27039](#27039)
  * use non-infinite maxBuffer defaults (kohta ito)
    [#23027](#23027)
* console:
  * don't use ANSI escape codes when TERM=dumb (Vladislav Kaminsky)
    [#26261](#26261)
* crypto:
  * remove legacy native handles (Tobias Nießen)
    [#27011](#27011)
  * decode missing passphrase errors (Tobias Nießen)
    [#25208](#25208)
  * move DEP0113 to End-of-Life (Tobias Nießen)
    [#26249](#26249)
  * remove deprecated crypto.\_toBuf (Tobias Nießen)
    [#25338](#25338)
  * set `DEFAULT\_ENCODING` property to non-enumerable
    (Antoine du Hamel)
    [#23222](#23222)
* deps:
  * silence irrelevant V8 warning (Michaël Zasso)
    [#26685](#26685)
  * update postmortem metadata generation script (cjihrig)
    [#26685](#26685)
  * V8: un-cherry-pick bd019bd (Refael Ackermann)
    [#26685](#26685)
  * V8: cherry-pick 6 commits (Michaël Zasso)
    [#26685](#26685)
  * V8: cherry-pick d82c9af (Anna Henningsen)
    [#26685](#26685)
  * V8: cherry-pick e5f01ba (Anna Henningsen)
    [#26685](#26685)
  * V8: cherry-pick d5f08e4 (Anna Henningsen)
    [#26685](#26685)
  * V8: cherry-pick 6b09d21 (Anna Henningsen)
    [#26685](#26685)
  * V8: cherry-pick f0bb5d2 (Anna Henningsen)
    [#26685](#26685)
  * V8: cherry-pick 5b0510d (Anna Henningsen)
    [#26685](#26685)
  * V8: cherry-pick 91f0cd0 (Anna Henningsen)
    [#26685](#26685)
  * V8: cherry-pick 392316d (Anna Henningsen)
    [#26685](#26685)
  * V8: cherry-pick 2f79d68 (Anna Henningsen)
    [#26685](#26685)
  * sync V8 gypfiles with 7.4 (Ujjwal Sharma)
    [#26685](#26685)
  * update V8 to 7.4.288.13 (Ujjwal Sharma)
    [#26685](#26685)
  * bump minimum icu version to 63 (Ujjwal Sharma)
    [#25852](#25852)
  * silence irrelevant V8 warnings (Michaël Zasso)
    [#25852](#25852)
  * V8: cherry-pick 7803fa6 (Jon Kunkee)
    [#25852](#25852)
  * V8: cherry-pick 58cefed (Jon Kunkee)
    [#25852](#25852)
  * V8: cherry-pick d3308d0 (Michaël Zasso)
    [#25852](#25852)
  * V8: cherry-pick 74571c8 (Michaël Zasso)
    [#25852](#25852)
  * cherry-pick fc0ddf5 from upstream V8 (Anna Henningsen)
    [#25852](#25852)
  * sync V8 gypfiles with 7.3 (Ujjwal Sharma)
    [#25852](#25852)
  * sync V8 gypfiles with 7.2 (Michaël Zasso)
    [#25852](#25852)
  * update V8 to 7.3.492.25 (Michaël Zasso)
    [#25852](#25852)
  * add s390 asm rules for OpenSSL-1.1.1 (Shigeki Ohtsu)
    [#19794](#19794)
  * sync V8 gypfiles with 7.1 (Refael Ackermann)
    [#23423](#23423)
  * update V8 to 7.1.302.28 (Michaël Zasso)
    [#23423](#23423)
* doc:
  * update behaviour of fs.writeFile
    (Sakthipriyan Vairamani (thefourtheye))
    [#25080](#25080)
  * add internal functionality details of util.inherits
    (Ruben Bridgewater)
    [#24755](#24755)
* errors:
  * update error name (Ruben Bridgewater)
    [#26738](#26738)
* fs:
  * use proper .destroy() implementation for SyncWriteStream
    (Matteo Collina)
    [#26690](#26690)
  * improve mode validation (Ruben Bridgewater)
    [#26575](#26575)
  * harden validation of start option in createWriteStream (ZYSzys)
    [#25579](#25579)
  * make writeFile consistent with readFile wrt fd
    (Sakthipriyan Vairamani (thefourtheye))
    [#23709](#23709)
* http:
  * validate timeout in ClientRequest() (cjihrig)
    [#26214](#26214)
  * return HTTP 431 on HPE\_HEADER\_OVERFLOW error (Albert Still)
    [#25605](#25605)
  * switch default parser to llhttp (Anna Henningsen)
    [#24870](#24870)
  * change DEP0066 to a runtime deprecat