lib: avoid unsafe String methods that depend on RegExp prototype methods

lib/_tls_common.js

@@ -27,7 +27,7 @@ const {
   ArrayPrototypeJoin,
   ArrayPrototypePush,
   ObjectCreate,
-  StringPrototypeReplace,
+  RegExpPrototypeSymbolReplace,
   StringPrototypeSplit,
   StringPrototypeStartsWith,
 } = primordials;
@@ -394,13 +394,15 @@ exports.translatePeerCertificate = function translatePeerCertificate(c) {
     c.infoAccess = ObjectCreate(null);
 
     // XXX: More key validation?
-    StringPrototypeReplace(info, /([^\n:]*):([^\n]*)(?:\n|$)/g,
-                           (all, key, val) => {
-                             if (key in c.infoAccess)
-                               ArrayPrototypePush(c.infoAccess[key], val);
-                             else
-                               c.infoAccess[key] = [val];
-                           });
+    RegExpPrototypeSymbolReplace(
+      /([^\n:]*):([^\n]*)(?:\n|$)/g,
+      info,
+      (all, key, val) => {
+        if (key in c.infoAccess)
+          ArrayPrototypePush(c.infoAccess[key], val);
+        else
+          c.infoAccess[key] = [val];
+      });
   }
   return c;
 };

lib/_tls_wrap.js

@@ -31,8 +31,9 @@ const {
   ObjectSetPrototypeOf,
   ReflectApply,
   RegExp,
+  RegExpPrototypeSymbolReplace,
   RegExpPrototypeTest,
-  StringPrototypeReplace,
+  StringPrototypeReplaceAll,
   StringPrototypeSlice,
   Symbol,
   SymbolFor,
@@ -1433,9 +1434,10 @@ Server.prototype.addContext = function(servername, context) {
     throw new ERR_TLS_REQUIRED_SERVER_NAME();
   }
 
-  const re = new RegExp('^' + StringPrototypeReplace(
-    StringPrototypeReplace(servername, /([.^$+?\-\\[\]{}])/g, '\\$1'),
-    /\*/g, '[^.]*'
+  const re = new RegExp('^' + StringPrototypeReplaceAll(
+    RegExpPrototypeSymbolReplace(/([.^$+?\-\\[\]{}])/g, servername, '\\$1'),
+    '*',
+    '[^.]*',
   ) + '$');
   ArrayPrototypePush(this._contexts,
                      [re, tls.createSecureContext(context).context]);

lib/assert.js

@@ -35,13 +35,14 @@ const {
   ObjectKeys,
   ObjectPrototypeIsPrototypeOf,
   ReflectApply,
+  RegExpPrototypeSymbolReplace,
   RegExpPrototypeTest,
   SafeMap,
   String,
   StringPrototypeCharCodeAt,
   StringPrototypeIncludes,
   StringPrototypeIndexOf,
-  StringPrototypeReplace,
+  StringPrototypeReplaceAll,
   StringPrototypeSlice,
   StringPrototypeSplit,
   StringPrototypeStartsWith,
@@ -271,9 +272,10 @@ function parseCode(code, offset) {
 
   return [
     node.node.start,
-    StringPrototypeReplace(StringPrototypeSlice(code,
-                                                node.node.start, node.node.end),
-                           escapeSequencesRegExp, escapeFn)
+    RegExpPrototypeSymbolReplace(
+      escapeSequencesRegExp,
+      StringPrototypeSlice(code, node.node.start, node.node.end),
+      escapeFn)
   ];
 }
 
@@ -345,7 +347,7 @@ function getErrMessage(message, fn) {
     // Always normalize indentation, otherwise the message could look weird.
     if (StringPrototypeIncludes(message, '\n')) {
       if (EOL === '\r\n') {
-        message = StringPrototypeReplace(message, /\r\n/g, '\n');
+        message = StringPrototypeReplaceAll(message, '\r\n', '\n');
       }
       const frames = StringPrototypeSplit(message, '\n');
       message = ArrayPrototypeShift(frames);

lib/buffer.js

@@ -36,8 +36,8 @@ const {
   ObjectDefineProperties,
   ObjectDefineProperty,
   ObjectSetPrototypeOf,
+  RegExpPrototypeSymbolReplace,
   StringPrototypeCharCodeAt,
-  StringPrototypeReplace,
   StringPrototypeSlice,
   StringPrototypeToLowerCase,
   StringPrototypeTrim,
@@ -812,8 +812,8 @@ Buffer.prototype[customInspectSymbol] = function inspect(recurseTimes, ctx) {
   const max = INSPECT_MAX_BYTES;
   const actualMax = MathMin(max, this.length);
   const remaining = this.length - max;
-  let str = StringPrototypeTrim(StringPrototypeReplace(
-    this.hexSlice(0, actualMax), /(.{2})/g, '$1 '));
+  let str = StringPrototypeTrim(RegExpPrototypeSymbolReplace(
+    /(.{2})/g, this.hexSlice(0, actualMax), '$1 '));
   if (remaining > 0)
     str += ` ... ${remaining} more byte${remaining > 1 ? 's' : ''}`;
   // Inspect special properties as well, if possible.

lib/internal/console/constructor.js

@@ -25,7 +25,7 @@ const {
   StringPrototypeIncludes,
   StringPrototypePadStart,
   StringPrototypeRepeat,
-  StringPrototypeReplace,
+  StringPrototypeReplaceAll,
   StringPrototypeSlice,
   StringPrototypeSplit,
   Symbol,
@@ -266,7 +266,7 @@ ObjectDefineProperties(Console.prototype, {
 
       if (groupIndent.length !== 0) {
         if (StringPrototypeIncludes(string, '\n')) {
-          string = StringPrototypeReplace(string, /\n/g, `\n${groupIndent}`);
+          string = StringPrototypeReplaceAll(string, '\n', `\n${groupIndent}`);
         }
         string = groupIndent + string;
       }

lib/internal/dns/utils.js

@@ -8,8 +8,8 @@ const {
   ArrayPrototypePush,
   FunctionPrototypeBind,
   NumberParseInt,
-  StringPrototypeMatch,
-  StringPrototypeReplace,
+  RegExpPrototypeExec,
+  RegExpPrototypeSymbolReplace,
 } = primordials;
 
 const errors = require('internal/errors');
@@ -79,21 +79,22 @@ class Resolver {
       if (ipVersion !== 0)
         return ArrayPrototypePush(newSet, [ipVersion, serv, IANA_DNS_PORT]);
 
-      const match = StringPrototypeMatch(serv, IPv6RE);
+      const match = RegExpPrototypeExec(IPv6RE, serv);
 
       // Check for an IPv6 in brackets.
       if (match) {
         ipVersion = isIP(match[1]);
 
         if (ipVersion !== 0) {
           const port = NumberParseInt(
-            StringPrototypeReplace(serv, addrSplitRE, '$2')) || IANA_DNS_PORT;
+            RegExpPrototypeSymbolReplace(addrSplitRE, serv, '$2')
+          ) || IANA_DNS_PORT;
           return ArrayPrototypePush(newSet, [ipVersion, match[1], port]);
         }
       }
 
       // addr::port
-      const addrSplitMatch = StringPrototypeMatch(serv, addrSplitRE);
+      const addrSplitMatch = RegExpPrototypeExec(addrSplitRE, serv);
 
       if (addrSplitMatch) {
         const hostIP = addrSplitMatch[1];

lib/internal/errors.js

@@ -34,13 +34,13 @@ const {
   ObjectKeys,
   RangeError,
   ReflectApply,
+  RegExpPrototypeExec,
   RegExpPrototypeTest,
   SafeMap,
   SafeWeakMap,
   String,
   StringPrototypeEndsWith,
   StringPrototypeIncludes,
-  StringPrototypeMatch,
   StringPrototypeSlice,
   StringPrototypeSplit,
   StringPrototypeStartsWith,
@@ -381,7 +381,7 @@ function getMessage(key, args, self) {
   }
 
   const expectedLength =
-    (StringPrototypeMatch(msg, /%[dfijoOs]/g) || []).length;
+    (RegExpPrototypeExec(/%[dfijoOs]/g, msg) || []).length;
   assert(
     expectedLength === args.length,
     `Code: ${key}; The provided arguments length (${args.length}) does not ` +

lib/internal/fs/utils.js

@@ -18,7 +18,7 @@ const {
   ReflectOwnKeys,
   StringPrototypeEndsWith,
   StringPrototypeIncludes,
-  StringPrototypeReplace,
+  StringPrototypeReplaceAll,
   Symbol,
   TypedArrayPrototypeIncludes,
 } = primordials;
@@ -369,7 +369,7 @@ function preprocessSymlinkDestination(path, type, linkPath) {
     return pathModule.toNamespacedPath(path);
   }
   // Windows symlinks don't tolerate forward slashes.
-  return StringPrototypeReplace(path, /\//g, '\\');
+  return StringPrototypeReplaceAll(path, '/', '\\');
 }
 
 // Constructor for file stats.

lib/internal/main/print_help.js

@@ -8,9 +8,9 @@ const {
   MathMax,
   ObjectKeys,
   RegExp,
+  RegExpPrototypeSymbolReplace,
   StringPrototypeTrimLeft,
   StringPrototypeRepeat,
-  StringPrototypeReplace,
   SafeMap,
 } = primordials;
 
@@ -72,14 +72,14 @@ const envVars = new SafeMap(ArrayPrototypeConcat([
 
 
 function indent(text, depth) {
-  return StringPrototypeReplace(text, /^/gm, StringPrototypeRepeat(' ', depth));
+  return RegExpPrototypeSymbolReplace(/^/gm, text, StringPrototypeRepeat(' ', depth));
 }
 
 function fold(text, width) {
-  return StringPrototypeReplace(text,
-                                new RegExp(`([^\n]{0,${width}})( |$)`, 'g'),
-                                (_, newLine, end) =>
-                                  newLine + (end === ' ' ? '\n' : ''));
+  return RegExpPrototypeSymbolReplace(
+    new RegExp(`([^\n]{0,${width}})( |$)`, 'g'),
+    text,
+    (_, newLine, end) => newLine + (end === ' ' ? '\n' : ''));
 }
 
 function getArgDescription(type) {

lib/internal/modules/cjs/loader.js

@@ -46,6 +46,7 @@ const {
   ObjectSetPrototypeOf,
   ReflectApply,
   ReflectSet,
+  RegExpPrototypeExec,
   RegExpPrototypeTest,
   SafeMap,
   SafeWeakMap,
@@ -55,7 +56,6 @@ const {
   StringPrototypeEndsWith,
   StringPrototypeLastIndexOf,
   StringPrototypeIndexOf,
-  StringPrototypeMatch,
   StringPrototypeSlice,
   StringPrototypeSplit,
   StringPrototypeStartsWith,
@@ -463,7 +463,7 @@ const EXPORTS_PATTERN = /^((?:@[^/\\%]+\/)?[^./\\%][^/\\%]*)(\/.*)?$/;
 function resolveExports(nmPath, request) {
   // The implementation's behavior is meant to mirror resolution in ESM.
   const [, name, expansion = ''] =
-    StringPrototypeMatch(request, EXPORTS_PATTERN) || [];
+    RegExpPrototypeExec(EXPORTS_PATTERN, request) || [];
   if (!name)
     return;
   const pkgPath = path.resolve(nmPath, name);

lib/internal/modules/esm/module_job.js

@@ -10,10 +10,10 @@ const {
   PromiseResolve,
   PromisePrototypeCatch,
   ReflectApply,
+  RegExpPrototypeExec,
+  RegExpPrototypeSymbolReplace,
   SafeSet,
   StringPrototypeIncludes,
-  StringPrototypeMatch,
-  StringPrototypeReplace,
   StringPrototypeSplit,
 } = primordials;
 
@@ -109,8 +109,9 @@ class ModuleJob {
                                   ' does not provide an export named')) {
         const splitStack = StringPrototypeSplit(e.stack, '\n');
         const parentFileUrl = splitStack[0];
-        const [, childSpecifier, name] = StringPrototypeMatch(e.message,
-                                                              /module '(.*)' does not provide an export named '(.+)'/);
+        const [, childSpecifier, name] = RegExpPrototypeExec(
+          /module '(.*)' does not provide an export named '(.+)'/,
+          e.message);
         const childFileURL =
             await this.loader.resolve(childSpecifier, parentFileUrl);
         const format = await this.loader.getFormat(childFileURL);
@@ -120,9 +121,9 @@ class ModuleJob {
           // line which causes the error. For multi-line import statements we
           // cannot generate an equivalent object descructuring assignment by
           // just parsing the error stack.
-          const oneLineNamedImports = StringPrototypeMatch(importStatement, /{.*}/);
+          const oneLineNamedImports = RegExpPrototypeExec(/{.*}/, importStatement);
           const destructuringAssignment = oneLineNamedImports &&
-              StringPrototypeReplace(oneLineNamedImports, /\s+as\s+/g, ': ');
+            RegExpPrototypeSymbolReplace(/\s+as\s+/g, oneLineNamedImports, ': ');
           e.message = `Named export '${name}' not found. The requested module` +
             ` '${childSpecifier}' is a CommonJS module, which may not support` +
             ' all module.exports as named exports.\nCommonJS modules can ' +

lib/internal/modules/esm/resolve.js

@@ -9,15 +9,14 @@ const {
   ObjectFreeze,
   ObjectGetOwnPropertyNames,
   ObjectPrototypeHasOwnProperty,
-  RegExp,
   RegExpPrototypeTest,
   SafeMap,
   SafeSet,
   String,
   StringPrototypeEndsWith,
   StringPrototypeIndexOf,
   StringPrototypeLastIndexOf,
-  StringPrototypeReplace,
+  StringPrototypeReplaceAll,
   StringPrototypeSlice,
   StringPrototypeSplit,
   StringPrototypeStartsWith,
@@ -343,8 +342,6 @@ function throwInvalidPackageTarget(
 }
 
 const invalidSegmentRegEx = /(^|\\|\/)(\.\.?|node_modules)(\\|\/|$)/;
-const patternRegEx = /\*/g;
-
 function resolvePackageTargetString(
   target, subpath, match, packageJSONUrl, base, pattern, internal, conditions) {
   if (subpath !== '' && !pattern && target[target.length - 1] !== '/')
@@ -360,7 +357,7 @@ function resolvePackageTargetString(
       } catch {}
       if (!isURL) {
         const exportTarget = pattern ?
-          StringPrototypeReplace(target, patternRegEx, subpath) :
+          StringPrototypeReplaceAll(target, '*', subpath) :
           target + subpath;
         return packageResolve(exportTarget, packageJSONUrl, conditions);
       }
@@ -384,8 +381,7 @@ function resolvePackageTargetString(
     throwInvalidSubpath(match + subpath, packageJSONUrl, internal, base);
 
   if (pattern)
-    return new URL(StringPrototypeReplace(resolved.href, patternRegEx,
-                                          subpath));
+    return new URL(StringPrototypeReplaceAll(resolved.href, '*', subpath));
   return new URL(subpath, resolved);
 }
 
@@ -779,7 +775,7 @@ function resolveAsCommonJS(specifier, parentURL) {
     // Normalize the path separator to give a valid suggestion
     // on Windows
     if (process.platform === 'win32') {
-      found = StringPrototypeReplace(found, new RegExp(`\\${sep}`, 'g'), '/');
+      found = StringPrototypeReplaceAll(found, sep, '/');
     }
     return found;
   } catch {

lib/internal/modules/esm/translators.js

@@ -14,7 +14,7 @@ const {
   RegExpPrototypeTest,
   SafeMap,
   SafeSet,
-  StringPrototypeReplace,
+  StringPrototypeReplaceAll,
   StringPrototypeSlice,
   StringPrototypeSplit,
   StringPrototypeStartsWith,
@@ -174,13 +174,12 @@ function enrichCJSError(err) {
 
 // Strategy for loading a node-style CommonJS module
 const isWindows = process.platform === 'win32';
-const winSepRegEx = /\//g;
 translators.set('commonjs', async function commonjsStrategy(url, isMain) {
   debug(`Translating CJSModule ${url}`);
 
   let filename = internalURLModule.fileURLToPath(new URL(url));
   if (isWindows)
-    filename = StringPrototypeReplace(filename, winSepRegEx, '\\');
+    filename = StringPrototypeReplaceAll(filename, '/', '\\');
 
   if (!cjsParse) await initCJSParse();
   const { module, exportNames } = cjsPreparseModuleExports(filename);
@@ -299,7 +298,7 @@ translators.set('json', async function jsonStrategy(url) {
   let module;
   if (pathname) {
     modulePath = isWindows ?
-      StringPrototypeReplace(pathname, winSepRegEx, '\\') : pathname;
+      StringPrototypeReplaceAll(pathname, '/', '\\') : pathname;
     module = CJSModule._cache[modulePath];
     if (module && module.loaded) {
       const exports = module.exports;