child_process: harden against prototype pollution (!48726) · Merge requests · Rodrigo Test / Test Group-nodejs / node · GitLab

Do not update/delete: Banner broadcast message test data

Do not update/delete: Notification broadcast message test data

Rodrigo Muino Tomonari requested to merge github/fork/LiviaMedeiros/childprocess-harden-protopollution into main Jul 10, 2023

Improve robustness against something like

Object.assign(Object.prototype, {
  cwd: '/etc',
  uid: 82, // www-data
  execFile: '/bin/rm', // using rm to "spawn" modules
  execArgv: [ ... ],
  shell: '...',
  env: { ... },
  ...
});