/src/node/src/node_revert.h
Line | Count | Source |
1 | | #ifndef SRC_NODE_REVERT_H_ |
2 | | #define SRC_NODE_REVERT_H_ |
3 | | |
4 | | #if defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS |
5 | | |
6 | | #include "node.h" |
7 | | |
8 | | /** |
9 | | * Note that it is expected for this list to vary across specific LTS and |
10 | | * Stable versions! Only CVE's whose fixes require *breaking* changes within |
11 | | * a given LTS or Stable may be added to this list, and only with TSC |
12 | | * consensus. |
13 | | * |
14 | | * For *main* this list should always be empty! |
15 | | **/ |
16 | | namespace node { |
17 | | |
18 | | #define SECURITY_REVERSIONS(XX) \ |
19 | | // XX(CVE_2016_PEND, "CVE-2016-PEND", "Vulnerability Title") |
20 | | |
21 | | enum reversion { |
22 | | #define V(code, ...) SECURITY_REVERT_##code, |
23 | | SECURITY_REVERSIONS(V) |
24 | | #undef V |
25 | | }; |
26 | | |
27 | | namespace per_process { |
28 | | extern unsigned int reverted_cve; |
29 | | } |
30 | | |
31 | | #ifdef _MSC_VER |
32 | | #pragma warning(push) |
33 | | // MSVC C4065: switch statement contains 'default' but no 'case' labels |
34 | | #pragma warning(disable : 4065) |
35 | | #endif |
36 | | |
37 | 0 | inline const char* RevertMessage(const reversion cve) { |
38 | 0 | #define V(code, label, msg) case SECURITY_REVERT_##code: return label ": " msg; |
39 | 0 | switch (cve) { |
40 | 0 | SECURITY_REVERSIONS(V) |
41 | 0 | default: |
42 | 0 | return "Unknown"; |
43 | 0 | } |
44 | 0 | #undef V |
45 | 0 | } |
46 | | |
47 | | #ifdef _MSC_VER |
48 | | #pragma warning(pop) |
49 | | #endif |
50 | | |
51 | 0 | inline void Revert(const reversion cve) { |
52 | 0 | per_process::reverted_cve |= 1 << cve; |
53 | 0 | printf("SECURITY WARNING: Reverting %s\n", RevertMessage(cve)); |
54 | 0 | } |
55 | | |
56 | 0 | inline void Revert(const char* cve, std::string* error) { |
57 | 0 | #define V(code, label, _) \ |
58 | 0 | if (strcmp(cve, label) == 0) return Revert(SECURITY_REVERT_##code); |
59 | 0 | SECURITY_REVERSIONS(V) |
60 | 0 | #undef V |
61 | 0 | *error = "Error: Attempt to revert an unknown CVE ["; |
62 | 0 | *error += cve; |
63 | 0 | *error += ']'; |
64 | 0 | } |
65 | | |
66 | 0 | inline bool IsReverted(const reversion cve) { |
67 | 0 | return per_process::reverted_cve & (1 << cve); |
68 | 0 | } |
69 | | |
70 | 0 | inline bool IsReverted(const char* cve) { |
71 | 0 | #define V(code, label, _) \ |
72 | 0 | if (strcmp(cve, label) == 0) return IsReverted(SECURITY_REVERT_##code); |
73 | 0 | SECURITY_REVERSIONS(V) |
74 | 0 | return false; |
75 | 0 | #undef V |
76 | 0 | } |
77 | | |
78 | | } // namespace node |
79 | | |
80 | | #endif // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS |
81 | | |
82 | | #endif // SRC_NODE_REVERT_H_ |