lib: makeRequireFunction patch when experimental policy

RafaelGSS · richardlau · commit f7892c16be65 · 2023-02-15T13:31:05.000Z
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com> Backport-PR-URL: nodejs-private/node-private#373 Refs: https://hackerone.com/bugs?subject=nodejs&report_id=1747642 CVE-ID: CVE-2023-23918 PR-URL: nodejs-private/node-private#358 Reviewed-by: Bradley Farias <bradley.meck@gmail.com> Reviewed-by: Michael Dawson <midawson@redhat.com>
diff --git a/lib/internal/modules/cjs/helpers.js b/lib/internal/modules/cjs/helpers.js
@@ -103,7 +103,8 @@ function makeRequireFunction(mod, redirects) {
     };
   } else {
     require = function require(path) {
-      return mod[require_private_symbol](mod, path);
+      // When no policy manifest, the original prototype.require is sustained
+      return mod.require(path);
     };
   }
 
diff --git a/lib/internal/modules/cjs/loader.js b/lib/internal/modules/cjs/loader.js
@@ -194,10 +194,9 @@ function Module(id = '', parent) {
   if (policy?.manifest) {
     const moduleURL = pathToFileURL(id);
     redirects = policy.manifest.getDependencyMapper(moduleURL);
+    // TODO(rafaelgss): remove the necessity of this branch
+    setOwnProperty(this, 'require', makeRequireFunction(this, redirects));
   }
-  setOwnProperty(this, 'require', makeRequireFunction(this, redirects));
-  // Loads a module at the given file path. Returns that module's
-  // `exports` property.
   this[require_private_symbol] = internalRequire;
 }
 
@@ -990,6 +989,23 @@ Module.prototype.load = function(filename) {
     ESMLoader.cjsCache.set(this, exports);
 };
 
+// Loads a module at the given file path. Returns that module's
+// `exports` property.
+// When using the experimental policy mechanism this function is overridden
+Module.prototype.require = function(id) {
+  validateString(id, 'id');
+  if (id === '') {
+    throw new ERR_INVALID_ARG_VALUE('id', id,
+                                    'must be a non-empty string');
+  }
+  requireDepth++;
+  try {
+    return Module._load(id, this, /* isMain */ false);
+  } finally {
+    requireDepth--;
+  }
+};
+
 // Resolved path to process.argv[1] will be lazily placed here
 // (needed for setting breakpoint when called with --inspect-brk)
 let resolvedArgv;
@@ -1050,10 +1066,12 @@ function wrapSafe(filename, content, cjsModuleInstance) {
 // Returns exception, if any.
 Module.prototype._compile = function(content, filename) {
   let moduleURL;
-  if (policy?.manifest) {
+  let redirects;
+  const manifest = policy?.manifest;
+  if (manifest) {
     moduleURL = pathToFileURL(filename);
-    policy.manifest.getDependencyMapper(moduleURL);
-    policy.manifest.assertIntegrity(moduleURL, content);
+    redirects = manifest.getDependencyMapper(moduleURL);
+    manifest.assertIntegrity(moduleURL, content);
   }
 
   maybeCacheSourceMap(filename, content, this);
@@ -1083,17 +1101,18 @@ Module.prototype._compile = function(content, filename) {
     }
   }
   const dirname = path.dirname(filename);
+  const require = makeRequireFunction(this, redirects);
   let result;
   const exports = this.exports;
   const thisValue = exports;
   const module = this;
   if (requireDepth === 0) statCache = new SafeMap();
   if (inspectorWrapper) {
     result = inspectorWrapper(compiledWrapper, thisValue, exports,
-                              module.require, module, filename, dirname);
+                              require, module, filename, dirname);
   } else {
     result = ReflectApply(compiledWrapper, thisValue,
-                          [exports, module.require, module, filename, dirname]);
+                          [exports, require, module, filename, dirname]);
   }
   hasLoadedAnyUserCJSModule = true;
   if (requireDepth === 0) statCache = null;
diff --git a/test/message/source_map_disabled_by_api.out b/test/message/source_map_disabled_by_api.out
@@ -8,7 +8,7 @@ Error: an error!
     at Object.Module._extensions..js (internal/modules/cjs/loader.js:*)
     at Module.load (internal/modules/cjs/loader.js:*)
     at Function.Module._load (internal/modules/cjs/loader.js:*)
-    at Module.internalRequire (internal/modules/cjs/loader.js:*)
+    at Module.require (internal/modules/cjs/loader.js:*)
 *enclosing-call-site.js:16
       throw new Error('an error!')
                 ^
@@ -23,4 +23,4 @@ Error: an error!
     at Object.Module._extensions..js (internal/modules/cjs/loader.js:*)
     at Module.load (internal/modules/cjs/loader.js:*)
     at Function.Module._load (internal/modules/cjs/loader.js:*)
-    at Module.internalRequire (internal/modules/cjs/loader.js:*)
+    at Module.require (internal/modules/cjs/loader.js:*)
diff --git a/test/message/source_map_enabled_by_api.out b/test/message/source_map_enabled_by_api.out
@@ -12,7 +12,7 @@ Error: an error!
     at Object.Module._extensions..js (internal/modules/cjs/loader.js:*)
     at Module.load (internal/modules/cjs/loader.js:*)
     at Function.Module._load (internal/modules/cjs/loader.js:*)
-    at Module.internalRequire (internal/modules/cjs/loader.js:*)
+    at Module.require (internal/modules/cjs/loader.js:*)
 *enclosing-call-site-min.js:1
 var functionA=function(){functionB()};function functionB(){functionC()}var functionC=function(){functionD()},functionD=function(){if(0<Math.random())throw Error("an error!");},thrower=functionA;try{functionA()}catch(a){throw a;};
                                                                                                                                                                                                                            ^
@@ -27,4 +27,4 @@ Error: an error!
     at Object.Module._extensions..js (internal/modules/cjs/loader.js:*)
     at Module.load (internal/modules/cjs/loader.js:*)
     at Function.Module._load (internal/modules/cjs/loader.js:*)
-    at Module.internalRequire (internal/modules/cjs/loader.js:*)
+    at Module.require (internal/modules/cjs/loader.js:*)
diff --git a/test/message/source_map_enclosing_function.out b/test/message/source_map_enclosing_function.out
@@ -12,4 +12,4 @@ Error: an error!
     at Object.Module._extensions..js (internal/modules/cjs/loader.js:*)
     at Module.load (internal/modules/cjs/loader.js:*)
     at Function.Module._load (internal/modules/cjs/loader.js:*)
-    at Module.internalRequire (internal/modules/cjs/loader.js:*)
+    at Module.require (internal/modules/cjs/loader.js:*)
diff --git a/test/message/source_map_reference_error_tabs.out b/test/message/source_map_reference_error_tabs.out
@@ -9,7 +9,7 @@ ReferenceError: alert is not defined
     at Object.Module._extensions..js (internal/modules/cjs/loader.js:*
     at Module.load (internal/modules/cjs/loader.js:*
     at Function.Module._load (internal/modules/cjs/loader.js:*
-    at Module.internalRequire (internal/modules/cjs/loader.js:*
+    at Module.require (internal/modules/cjs/loader.js:*
     at require (internal/modules/cjs/helpers.js:*
     at Object.<anonymous> (*source_map_reference_error_tabs.js:*
     at Module._compile (internal/modules/cjs/loader.js:*
diff --git a/test/message/source_map_throw_catch.out b/test/message/source_map_throw_catch.out
@@ -9,7 +9,7 @@ Error: an exception
     at Object.Module._extensions..js (internal/modules/cjs/loader.js:*)
     at Module.load (internal/modules/cjs/loader.js:*)
     at Function.Module._load (internal/modules/cjs/loader.js:*)
-    at Module.internalRequire (internal/modules/cjs/loader.js:*)
+    at Module.require (internal/modules/cjs/loader.js:*)
     at require (internal/modules/cjs/helpers.js:*)
     at Object.<anonymous> (*source_map_throw_catch.js:6:3)
     at Module._compile (internal/modules/cjs/loader.js:*)
diff --git a/test/message/source_map_throw_first_tick.out b/test/message/source_map_throw_first_tick.out
@@ -9,7 +9,7 @@ Error: an exception
     at Object.Module._extensions..js (internal/modules/cjs/loader.js:*)
     at Module.load (internal/modules/cjs/loader.js:*)
     at Function.Module._load (internal/modules/cjs/loader.js:*)
-    at Module.internalRequire (internal/modules/cjs/loader.js:*)
+    at Module.require (internal/modules/cjs/loader.js:*)
     at require (internal/modules/cjs/helpers.js:*)
     at Object.<anonymous> (*source_map_throw_first_tick.js:5:1)
     at Module._compile (internal/modules/cjs/loader.js:*)
diff --git a/test/message/source_map_throw_icu.out b/test/message/source_map_throw_icu.out
@@ -9,7 +9,7 @@ Error: an error
     at Object.Module._extensions..js (internal/modules/cjs/loader.js:*
     at Module.load (internal/modules/cjs/loader.js:*
     at Function.Module._load (internal/modules/cjs/loader.js:*
-    at Module.internalRequire (internal/modules/cjs/loader.js:*
+    at Module.require (internal/modules/cjs/loader.js:*
     at require (internal/modules/cjs/helpers.js:*
     at Object.<anonymous> (*source_map_throw_icu.js:*
     at Module._compile (internal/modules/cjs/loader.js:*

Original file line number	Diff line number	Diff line change
`@@ -103,7 +103,8 @@ function makeRequireFunction(mod, redirects) {`
`103`	`103`	`};`
`104`	`104`	`} else {`
`105`	`105`	`require = function require(path) {`
`106`		`- return mod[require_private_symbol](mod, path);`
	`106`	`+ // When no policy manifest, the original prototype.require is sustained`
	`107`	`+ return mod.require(path);`
`107`	`108`	`};`
`108`	`109`	`}`
`109`	`110`