This patch:
- Refactors the Console constructor: moves the property binding code
into and the writable streams binding code into two methods defined
on the Console.prototype with symbols.
- Refactors the global console creation: we only need to share the
property binding code from the Console constructor. To bind the
streams we can lazy load `process.stdio` and `process.stderr`
so that we don't create these streams when they are not used.
This significantly reduces the number of modules loaded during
bootstrap. Also, by calling the refactored-out method directly
we can skip the unnecessary typechecks when creating the global
console and there is no need to create a temporary Console
anymore.
- Refactors the error handler creation and the `write` method:
use a `kUseStdout` symbol to tell the internals which stream
should be loaded from the console instance. Also put the
`write` method on the Console prototype so it just loads
other properties directly off the console instance which simplifies
the call sites.
Also leaves a few TODOs for further refactoring of the console
bootstrap.
PR-URL: https://github.com/nodejs/node/pull/24534
Reviewed-By: Gus Caplan <me@gus.host>
CVE-2018-12122
An attacker can send a char/s within headers and exahust the resources
(file descriptors) of a system even with a tight max header length
protection. This PR destroys a socket if it has not received the headers
in 40s.
PR-URL: https://github.com/nodejs-private/node-private/pull/144
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
This commit adds a crypto check to suppress the crypto related
environment variables introduced in Commit
399bb3c95a ("doc: add NODE_DEBUG_NATIVE to API
docs").
Without this check, test/parallel/test-cli-node-print-help.js will fail
when configured --without-ssl, as it some of the descriptions for these
environment variables contain flags that the test is not expecting to find.
PR-URL: https://github.com/nodejs/node/pull/24556
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
The existing secureProtocol option only allows setting the allowed
protocol to a specific version, or setting it to "all supported
versions". It also used obscure strings based on OpenSSL C API
functions. Directly setting the min or max is easier to use and explain.
PR-URL: https://github.com/nodejs/node/pull/24405
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
For TCP servers, the dual-stack support is enable by default, i.e.
binding host "::" will also make "0.0.0.0" bound. This commit add
ipv6Only option in `net.Server.listen()` and `dgram.createSocket()`
methods which allows to disable dual-stack support. Support for
cluster module is also provided in this commit.
Fixes: https://github.com/nodejs/node/issues/17664
PR-URL: https://github.com/nodejs/node/pull/23798
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Make the http2 binding a bit more efficient by setting the callback
functions once when the module is loaded rather than for each
`Http2Session` and `Http2Stream`.
PR-URL: https://github.com/nodejs/node/pull/24063
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Note: Landed with one collaborator approval after PR
was open for 18 days
Instead of putting the source code and the cache in v8::Objects,
put them in per-process std::maps. This has the following benefits:
- It's slightly lighter in weight compared to storing things on the
v8 heap. Also it may be slightly faster since the preivous v8::Object
is already in dictionary mode - though the difference is very small
given the number of native modules is limited.
- The source and code cache generation templates are now much simpler
since they just initialize static arrays and manipulate STL
constructs.
- The static native module data can be accessed independently of any
Environment or Isolate, and it's easy to look them up from the
C++'s side.
- It's now impossible to mutate the source code used to compile
native modules from the JS land since it's completely separate
from the v8 heap. We can still get the constant strings from
process.binding('natives') but that's all.
A few drive-by fixes:
- Remove DecorateErrorStack in LookupAndCompile - We don't need to
capture the exception to decorate when we encounter
errors during native module compilation, as those errors should be
syntax errors and v8 is able to decorate them well. We use
CompileFunctionInContext so there is no need to worry about
wrappers either.
- The code cache could be rejected when node is started with v8 flags.
Instead of aborting in that case, simply keep a record in the
native_module_without_cache set.
- Refactor js2c.py a bit, reduce code duplication and inline Render()
to make the one-byte/two-byte special treatment easier to read.
PR-URL: https://github.com/nodejs/node/pull/24384
Fixes: https://github.com/Remove
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
The default encoding can be retrieved via
`require('internal/crypto/util').getDefaultEncoding` instead of
the deprecated crypto.DEFAULT_ENCODING which triggers a warning.
Background:
The require chain goes like this:
```
internal/streams/lazy_transform.js
-> crypto.js
-> internal/crypto/cipher.js (uses LazyTransform in the global scope)
-> internal/streams/lazy_transform.js
```
So when `internal/streams/lazy_transform.js` is required before
`lib/crypto.js`, we have a circular dependency and since
`internal/crypto/cipher.js` uses destructuring to use LazyTransform
we will get an error. And it can also trigger a warning if
lazy_transform.js is the first file that touches
crypto.DEFAULT_ENCODING.
PR-URL: https://github.com/nodejs/node/pull/24396
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
This reverts commit ac7450a09a.
This fully reverts the changes to util.inspect depth.
It has caused breakage in logging to existing apps, and even
something as simple as `console.log(require)` will cause >1m freezes.
I've heard nothing but negative feedback (seriously not a single
person has expressed anything positive about this change) and
personally i find this change extremely annoying.
PR-URL: https://github.com/nodejs/node/pull/24326
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: John-David Dalton <john.david.dalton@gmail.com>
