mirror of
https://github.com/zebrajr/node.git
synced 2026-01-15 12:15:26 +00:00
4e782c9deb
As the comment in `node_revert.h` indicates, the master branch should not provide security revert flags. Refs: https://github.com/nodejs/node/pull/29122 PR-URL: https://github.com/nodejs/node/pull/29141 Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
73 lines
1.9 KiB
C++
73 lines
1.9 KiB
C++
#ifndef SRC_NODE_REVERT_H_
|
|
#define SRC_NODE_REVERT_H_
|
|
|
|
#if defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
|
|
|
|
#include "node.h"
|
|
|
|
/**
|
|
* Note that it is expected for this list to vary across specific LTS and
|
|
* Stable versions! Only CVE's whose fixes require *breaking* changes within
|
|
* a given LTS or Stable may be added to this list, and only with TSC
|
|
* consensus.
|
|
*
|
|
* For *master* this list should always be empty!
|
|
**/
|
|
namespace node {
|
|
|
|
#define SECURITY_REVERSIONS(XX) \
|
|
// XX(CVE_2016_PEND, "CVE-2016-PEND", "Vulnerability Title")
|
|
|
|
enum reversion {
|
|
#define V(code, ...) SECURITY_REVERT_##code,
|
|
SECURITY_REVERSIONS(V)
|
|
#undef V
|
|
};
|
|
|
|
namespace per_process {
|
|
extern unsigned int reverted_cve;
|
|
}
|
|
|
|
inline const char* RevertMessage(const reversion cve) {
|
|
#define V(code, label, msg) case SECURITY_REVERT_##code: return label ": " msg;
|
|
switch (cve) {
|
|
SECURITY_REVERSIONS(V)
|
|
default:
|
|
return "Unknown";
|
|
}
|
|
#undef V
|
|
}
|
|
|
|
inline void Revert(const reversion cve) {
|
|
per_process::reverted_cve |= 1 << cve;
|
|
printf("SECURITY WARNING: Reverting %s\n", RevertMessage(cve));
|
|
}
|
|
|
|
inline void Revert(const char* cve, std::string* error) {
|
|
#define V(code, label, _) \
|
|
if (strcmp(cve, label) == 0) return Revert(SECURITY_REVERT_##code);
|
|
SECURITY_REVERSIONS(V)
|
|
#undef V
|
|
*error = "Error: Attempt to revert an unknown CVE [";
|
|
*error += cve;
|
|
*error += ']';
|
|
}
|
|
|
|
inline bool IsReverted(const reversion cve) {
|
|
return per_process::reverted_cve & (1 << cve);
|
|
}
|
|
|
|
inline bool IsReverted(const char* cve) {
|
|
#define V(code, label, _) \
|
|
if (strcmp(cve, label) == 0) return IsReverted(SECURITY_REVERT_##code);
|
|
SECURITY_REVERSIONS(V)
|
|
return false;
|
|
#undef V
|
|
}
|
|
|
|
} // namespace node
|
|
|
|
#endif // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
|
|
|
|
#endif // SRC_NODE_REVERT_H_
|