From 49ff323c1e913ddb3a93ce53be96c7095353de78 Mon Sep 17 00:00:00 2001 From: Antoine du Hamel Date: Wed, 1 Jul 2026 20:17:13 +0200 Subject: [PATCH] lib: use `__proto__: null` when calling `ObjectDefineProperty` Signed-off-by: Antoine du Hamel --- lib/internal/debugger/inspect_repl.js | 20 ++++++++++++-------- lib/internal/http2/core.js | 1 + lib/internal/per_context/domexception.js | 2 +- lib/internal/test_runner/mock/mock.js | 17 +++++++++++------ lib/internal/test_runner/mock/mock_timers.js | 5 +++-- 5 files changed, 28 insertions(+), 17 deletions(-) diff --git a/lib/internal/debugger/inspect_repl.js b/lib/internal/debugger/inspect_repl.js index 87388b41a47b2c..548df089fb14e2 100644 --- a/lib/internal/debugger/inspect_repl.js +++ b/lib/internal/debugger/inspect_repl.js @@ -19,15 +19,17 @@ const { JSONStringify, MathMax, ObjectAssign, + ObjectDefineProperties, ObjectDefineProperty, + ObjectGetOwnPropertyDescriptors, ObjectKeys, + ObjectSetPrototypeOf, ObjectValues, Promise, PromisePrototypeThen, PromiseResolve, PromiseWithResolvers, ReflectGetOwnPropertyDescriptor, - ReflectOwnKeys, RegExpPrototypeExec, SafeMap, SafePromiseAllReturnArrayLike, @@ -347,18 +349,20 @@ class ScopeSnapshot { } function copyOwnProperties(target, source) { - ArrayPrototypeForEach( - ReflectOwnKeys(source), - (prop) => { - const desc = ReflectGetOwnPropertyDescriptor(source, prop); - ObjectDefineProperty(target, prop, desc); - }); + const descriptors = ObjectGetOwnPropertyDescriptors(source); + + const descValues = ObjectValues(descriptors); + for (let i = 0; i < descValues.length; ++i) { + ObjectSetPrototypeOf(descValues[i], null); + } + + ObjectDefineProperties(target, descriptors); } function aliasProperties(target, mapping) { ArrayPrototypeForEach(ObjectKeys(mapping), (key) => { const desc = ReflectGetOwnPropertyDescriptor(target, key); - ObjectDefineProperty(target, mapping[key], desc); + ObjectDefineProperty(target, mapping[key], { __proto__: null, ...desc }); }); } diff --git a/lib/internal/http2/core.js b/lib/internal/http2/core.js index 3fe6380732a482..3361c955c2aad1 100644 --- a/lib/internal/http2/core.js +++ b/lib/internal/http2/core.js @@ -3321,6 +3321,7 @@ function handleHeaderContinue(headers) { } const setTimeoutValue = { + __proto__: null, configurable: true, enumerable: true, writable: true, diff --git a/lib/internal/per_context/domexception.js b/lib/internal/per_context/domexception.js index 05a2002a399043..67def5017ed626 100644 --- a/lib/internal/per_context/domexception.js +++ b/lib/internal/per_context/domexception.js @@ -199,7 +199,7 @@ for (const { 0: name, 1: codeName, 2: value } of [ // There are some more error names, but since they don't have codes assigned, // we don't need to care about them. ]) { - const desc = { enumerable: true, value }; + const desc = { __proto__: null, enumerable: true, value }; ObjectDefineProperty(DOMException, codeName, desc); ObjectDefineProperty(DOMExceptionPrototype, codeName, desc); nameToCodeMap.set(name, value); diff --git a/lib/internal/test_runner/mock/mock.js b/lib/internal/test_runner/mock/mock.js index d15ace222b2132..970356bcae3aa0 100644 --- a/lib/internal/test_runner/mock/mock.js +++ b/lib/internal/test_runner/mock/mock.js @@ -7,10 +7,14 @@ const { FunctionPrototypeBind, FunctionPrototypeCall, ObjectAssign, + ObjectDefineProperties, ObjectDefineProperty, ObjectGetOwnPropertyDescriptor, + ObjectGetOwnPropertyDescriptors, ObjectGetPrototypeOf, ObjectKeys, + ObjectSetPrototypeOf, + ObjectValues, Proxy, ReflectApply, ReflectConstruct, @@ -146,7 +150,7 @@ class MockFunctionContext { if (typeof methodName === 'string') { // This is an object method spy. - ObjectDefineProperty(object, methodName, descriptor); + ObjectDefineProperty(object, methodName, { __proto__: null, ...descriptor }); } else { // This is a bare function spy. There isn't much to do here but make // the mock call the original function. @@ -880,13 +884,14 @@ function normalizeModuleMockOptions(options) { function copyOwnProperties(from, to) { - const keys = ObjectKeys(from); + const descriptors = ObjectGetOwnPropertyDescriptors(from); - for (let i = 0; i < keys.length; ++i) { - const key = keys[i]; - const descriptor = ObjectGetOwnPropertyDescriptor(from, key); - ObjectDefineProperty(to, key, descriptor); + const descValues = ObjectValues(descriptors); + for (let i = 0; i < descValues.length; ++i) { + ObjectSetPrototypeOf(descValues[i], null); } + + ObjectDefineProperties(to, descriptors); } function setupSharedModuleState() { diff --git a/lib/internal/test_runner/mock/mock_timers.js b/lib/internal/test_runner/mock/mock_timers.js index 57f68fc290da6b..77c54aee815362 100644 --- a/lib/internal/test_runner/mock/mock_timers.js +++ b/lib/internal/test_runner/mock/mock_timers.js @@ -12,6 +12,7 @@ const { ObjectDefineProperty, ObjectGetOwnPropertyDescriptor, ObjectGetOwnPropertyDescriptors, + ObjectSetPrototypeOf, PromiseWithResolvers, ReflectApply, Symbol, @@ -325,7 +326,7 @@ class MockTimers { } #restoreOriginalAbortSignalTimeout() { - ObjectDefineProperty(AbortSignal, 'timeout', this.#realAbortSignalTimeout); + ObjectDefineProperty(AbortSignal, 'timeout', ObjectSetPrototypeOf(this.#realAbortSignalTimeout, null)); } #createTimer(isInterval, callback, delay, ...args) { @@ -633,7 +634,7 @@ class MockTimers { ); }, 'Date': () => { - this.#nativeDateDescriptor = ObjectGetOwnPropertyDescriptor(globalThis, 'Date'); + this.#nativeDateDescriptor = ObjectSetPrototypeOf(ObjectGetOwnPropertyDescriptor(globalThis, 'Date'), null); globalThis.Date = this.#createDate(); }, 'AbortSignal.timeout': () => {