src: minor cleanup for node_revert

Make the revert related functions inline to eliminate the need
for node_revert.cc, prefitx the constants and the def, other misc
cleanup

PR-URL: #14864
Reviewed-By: Anna Henningsen <anna@addaleax.net>

node.gyp

@@ -252,7 +252,6 @@
         'src/node_file.cc',
         'src/node_http_parser.cc',
         'src/node_os.cc',
-        'src/node_revert.cc',
         'src/node_url.cc',
         'src/node_util.cc',
         'src/node_v8.cc',
@@ -887,7 +886,6 @@
         '<(OBJ_PATH)/string_search.<(OBJ_SUFFIX)',
         '<(OBJ_PATH)/stream_base.<(OBJ_SUFFIX)',
         '<(OBJ_PATH)/node_constants.<(OBJ_SUFFIX)',
-        '<(OBJ_PATH)/node_revert.<(OBJ_SUFFIX)',
       ],
 
       'defines': [

src/node.cc

@@ -162,6 +162,9 @@ static node_module* modlist_builtin;
 static node_module* modlist_linked;
 static node_module* modlist_addon;
 
+// Bit flag used to track security reverts (see node_revert.h)
+unsigned int reverted = 0;
+
 #if defined(NODE_HAVE_I18N_SUPPORT)
 // Path to ICU data (for i18n / Intl)
 static std::string icu_data_dir;  // NOLINT(runtime/string)
@@ -3413,11 +3416,11 @@ void SetupProcessObject(Environment* env,
   // --security-revert flags
 #define V(code, _, __)                                                        \
   do {                                                                        \
-    if (IsReverted(REVERT_ ## code)) {                                        \
+    if (IsReverted(SECURITY_REVERT_ ## code)) {                               \
       READONLY_PROPERTY(process, "REVERT_" #code, True(env->isolate()));      \
     }                                                                         \
   } while (0);
-  REVERSIONS(V)
+  SECURITY_REVERSIONS(V)
 #undef V
 
   size_t exec_path_len = 2 * PATH_MAX;

src/node_config.cc

@@ -3,7 +3,6 @@
 #include "env-inl.h"
 #include "util-inl.h"
 
-
 namespace node {
 
 using v8::Context;

src/node_revert.h

@@ -12,34 +12,55 @@
  * consensus. 
  *
  * For *master* this list should always be empty!
- *
  **/
-#define REVERSIONS(XX)
-//  XX(CVE_2016_PEND, "CVE-2016-PEND", "Vulnerability Title")
-
 namespace node {
 
-typedef enum {
-#define V(code, _, __) REVERT_ ## code,
-  REVERSIONS(V)
-#undef V
-} reversions_t;
+#define SECURITY_REVERSIONS(XX)
+//  XX(CVE_2016_PEND, "CVE-2016-PEND", "Vulnerability Title")
 
+enum reversion {
+#define V(code, ...) SECURITY_REVERT_##code,
+  SECURITY_REVERSIONS(V)
+#undef V
+};
 
-/* A bit field for tracking the active reverts */
 extern unsigned int reverted;
 
-/* Revert the given CVE (see reversions_t enum) */
-void Revert(const unsigned int cve);
+inline const char* RevertMessage(const reversion cve) {
+#define V(code, label, msg) case SECURITY_REVERT_##code: return label ": " msg;
+  switch (cve) {
+    SECURITY_REVERSIONS(V)
+    default:
+      return "Unknown";
+  }
+#undef V
+}
 
-/* Revert the given CVE by label */
-void Revert(const char* cve);
+inline void Revert(const reversion cve) {
+  reverted |= 1 << cve;
+  printf("SECURITY WARNING: Reverting %s\n", RevertMessage(cve));
+}
 
-/* true if the CVE has been reverted **/
-bool IsReverted(const unsigned int cve);
+inline void Revert(const char* cve) {
+#define V(code, label, _)                                                     \
+  if (strcmp(cve, label) == 0) return Revert(SECURITY_REVERT_##code);
+  SECURITY_REVERSIONS(V)
+#undef V
+  printf("Error: Attempt to revert an unknown CVE [%s]\n", cve);
+  exit(12);
+}
 
-/* true if the CVE has been reverted **/
-bool IsReverted(const char * cve);
+inline bool IsReverted(const reversion cve) {
+  return reverted & (1 << cve);
+}
+
+inline bool IsReverted(const char* cve) {
+#define V(code, label, _)                                                     \
+  if (strcmp(cve, label) == 0) return IsReverted(SECURITY_REVERT_##code);
+  SECURITY_REVERSIONS(V)
+  return false;
+#undef V
+}
 
 }  // namespace node