From 06bcd1ab9b37fcff4b3e694bb887fc1aad194f3a Mon Sep 17 00:00:00 2001
From: Vighnesh Raut <vighnesh.raut13@gmail.com>
Date: Thu, 2 Jan 2020 08:42:19 +0530
Subject: [PATCH] https: prevent options object from being mutated

Previously, when passing options object to the agent.createConnection
method, the same options object got modified within the method. Now,
any modification will happen on only a copy of the object.

Fixes: https://github.com/nodejs/node/issues/31119

PR-URL: https://github.com/nodejs/node/pull/31151
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anto Aravinth <anto.aravinth.cse@gmail.com>
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
---
 lib/https.js                                  |  4 +++-
 .../test-https-agent-create-connection.js     | 24 +++++++++++++++++++
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/lib/https.js b/lib/https.js
index 4b5fbea0b3ba18..48f9b42dc95b7e 100644
--- a/lib/https.js
+++ b/lib/https.js
@@ -96,9 +96,11 @@ function createConnection(port, host, options) {
   if (port !== null && typeof port === 'object') {
     options = port;
   } else if (host !== null && typeof host === 'object') {
-    options = host;
+    options = { ...host };
   } else if (options === null || typeof options !== 'object') {
     options = {};
+  } else {
+    options = { ...options };
   }
 
   if (typeof port === 'number') {
diff --git a/test/parallel/test-https-agent-create-connection.js b/test/parallel/test-https-agent-create-connection.js
index 1bb3da5f1e1501..d4840298aa6e08 100644
--- a/test/parallel/test-https-agent-create-connection.js
+++ b/test/parallel/test-https-agent-create-connection.js
@@ -132,3 +132,27 @@ function createServer() {
     }));
   }));
 }
+
+// `options` should not be modified
+{
+  const server = createServer();
+  server.listen(0, common.mustCall(() => {
+    const port = server.address().port;
+    const host = 'localhost';
+    const options = {
+      port: 3000,
+      rejectUnauthorized: false
+    };
+
+    const socket = agent.createConnection(port, host, options);
+    socket.on('connect', common.mustCall((data) => {
+      socket.end();
+    }));
+    socket.on('end', common.mustCall(() => {
+      assert.deepStrictEqual(options, {
+        port: 3000, rejectUnauthorized: false
+      });
+      server.close();
+    }));
+  }));
+}