lib: make `Error` objects instantiation less vulnerable to prototype pollution
Having a more robust Error
instantiation makes sure the user would get the actual error rather than an unrelated one if the prototype was altered somewhere else.
Before this change:
$ node -e 'Object.defineProperty(Object.prototype, "code", {set(){throw new Error}});fs.readFile()'
[eval]:1
Object.defineProperty(Object.prototype, "code", {set(){throw new Error}});fs.readFile()
^
Error
at TypeError.set ([eval]:1:62)
at new NodeError (node:internal/errors:401:16)
at __node_internal_ (node:internal/validators:421:11)
at maybeCallback (node:fs:169:3)
at Object.readFile (node:fs:372:14)
at [eval]:1:78
at Script.runInThisContext (node:vm:129:12)
at Object.runInThisContext (node:vm:307:38)
at node:internal/process/execution:83:21
at [eval]-wrapper:6:24
Node.js v19.3.0
After this change:
$ node -e 'Object.defineProperty(Object.prototype, "code", {set(){throw new Error}});fs.readFile()'
node:internal/validators:421
throw new ERR_INVALID_ARG_TYPE(name, 'Function', value);
^
TypeError [ERR_INVALID_ARG_TYPE]: The "cb" argument must be of type function. Received undefined
at maybeCallback (node:fs:169:3)
at Object.readFile (node:fs:372:14)
at [eval]:1:78
at Script.runInThisContext (node:vm:128:12)
at Object.runInThisContext (node:vm:306:38)
at node:internal/process/execution:83:21
at [eval]-wrapper:6:24
at runScript (node:internal/process/execution:82:62)
at evalScript (node:internal/process/execution:104:10)
at node:internal/main/eval_string:50:3 {
code: 'ERR_INVALID_ARG_TYPE'
}
Node.js v20.0.0-pre