Overview

File CVE-2023-30581.patch of Package nodejs12.31272

commit a6f4e87bc913ff18c1859b8a350c24f744355e66
Author: RafaelGSS <rafael.nunu@hotmail.com>
Date:   Mon May 29 16:40:15 2023 -0300

    policy: handle mainModule.__proto__ bypass
    
    Backport-PR-URL: https://github.com/nodejs-private/node-private/pull/418
    PR-URL: https://github.com/nodejs-private/node-private/pull/416
    Fixes: https://hackerone.com/bugs?subject=nodejs&report_id=1877919
    Reviewed-By: Rich Trott <rtrott@gmail.com>
    CVE-ID: CVE-2023-30581

Index: node-v12.22.12/lib/internal/modules/cjs/loader.js
===================================================================
--- node-v12.22.12.orig/lib/internal/modules/cjs/loader.js
+++ node-v12.22.12/lib/internal/modules/cjs/loader.js
@@ -167,6 +167,7 @@ function Module(id = '', parent) {
   if (manifest) {
     const moduleURL = pathToFileURL(id);
     redirects = manifest.getRedirector(moduleURL);
+    setOwnProperty(this.__proto__, 'require', makeRequireFunction(this, redirects));
   }
   setOwnProperty(this, 'require', makeRequireFunction(this, redirects));
   // Loads a module at the given file path. Returns that module's
@@ -708,7 +709,7 @@ Module._load = function(request, parent,
   const module = cachedModule || new Module(filename, parent);
 
   if (isMain) {
-    process.mainModule = module;
+    setOwnProperty(process, 'mainModule', module);
     setOwnProperty(module.require, 'main', process.mainModule);
     module.id = '.';
   }
Index: node-v12.22.12/test/fixtures/policy-manifest/main-module-proto-bypass.js
===================================================================
--- /dev/null
+++ node-v12.22.12/test/fixtures/policy-manifest/main-module-proto-bypass.js
@@ -0,0 +1 @@
+process.mainModule.__proto__.require("os")
Index: node-v12.22.12/test/parallel/test-policy-manifest.js
===================================================================
--- node-v12.22.12.orig/test/parallel/test-policy-manifest.js
+++ node-v12.22.12/test/parallel/test-policy-manifest.js
@@ -61,3 +61,18 @@ const fixtures = require('../common/fixt
 
   assert.strictEqual(result.status, 0);
 }
+{
+  const policyFilepath = fixtures.path('policy-manifest', 'onerror-exit.json');
+  const mainModuleBypass = fixtures.path('policy-manifest', 'main-module-proto-bypass.js');
+  const result = spawnSync(process.execPath, [
+    '--experimental-policy',
+    policyFilepath,
+    mainModuleBypass,
+  ]);
+
+  assert.notStrictEqual(result.status, 0);
+  const stderr = result.stderr.toString();
+  assert.match(stderr, /ERR_MANIFEST_ASSERT_INTEGRITY/);
+  assert.match(stderr, /The resource was not found in the policy/);
+}
+
openSUSE Build Service is sponsored by
Places