src: minor cleanup for node_revert

jasnell · jasnell · commit 714c71694503 · 2017-08-18T15:01:26.000-07:00
Make the revert related functions inline to eliminate the need
for node_revert.cc, prefix the constants and the def, other misc
cleanup
diff --git a/node.gyp b/node.gyp
@@ -191,7 +191,6 @@
         'src/node_main.cc',
         'src/node_os.cc',
         'src/node_platform.cc',
-        'src/node_revert.cc',
         'src/node_serdes.cc',
         'src/node_url.cc',
         'src/node_util.cc',
@@ -647,7 +646,6 @@
         '<(OBJ_PATH)<(OBJ_SEPARATOR)string_search.<(OBJ_SUFFIX)',
         '<(OBJ_PATH)<(OBJ_SEPARATOR)stream_base.<(OBJ_SUFFIX)',
         '<(OBJ_PATH)<(OBJ_SEPARATOR)node_constants.<(OBJ_SUFFIX)',
-        '<(OBJ_PATH)<(OBJ_SEPARATOR)node_revert.<(OBJ_SUFFIX)',
         '<(OBJ_TRACING_PATH)<(OBJ_SEPARATOR)agent.<(OBJ_SUFFIX)',
         '<(OBJ_TRACING_PATH)<(OBJ_SEPARATOR)node_trace_buffer.<(OBJ_SUFFIX)',
         '<(OBJ_TRACING_PATH)<(OBJ_SEPARATOR)node_trace_writer.<(OBJ_SUFFIX)',
diff --git a/src/node.cc b/src/node.cc
@@ -184,6 +184,9 @@ static bool trace_enabled = false;
 static std::string trace_enabled_categories;  // NOLINT(runtime/string)
 static bool abort_on_uncaught_exception = false;
 
+// Bit flag used to track security reverts (see node_revert.h)
+unsigned int reverted = 0;
+
 #if defined(NODE_HAVE_I18N_SUPPORT)
 // Path to ICU data (for i18n / Intl)
 std::string icu_data_dir;  // NOLINT(runtime/string)
@@ -3437,11 +3440,11 @@ void SetupProcessObject(Environment* env,
   // --security-revert flags
 #define V(code, _, __)                                                        \
   do {                                                                        \
-    if (IsReverted(REVERT_ ## code)) {                                        \
+    if (IsReverted(SECURITY_REVERT_ ## code)) {                               \
       READONLY_PROPERTY(process, "REVERT_" #code, True(env->isolate()));      \
     }                                                                         \
   } while (0);
-  REVERSIONS(V)
+  SECURITY_REVERSIONS(V)
 #undef V
 
   size_t exec_path_len = 2 * PATH_MAX;
diff --git a/src/node_config.cc b/src/node_config.cc
@@ -6,7 +6,6 @@
 #include "util-inl.h"
 #include "node_debug_options.h"
 
-
 namespace node {
 
 using v8::Boolean;
diff --git a/src/node_revert.cc b/src/node_revert.cc
diff --git a/src/node_revert.h b/src/node_revert.h
@@ -6,40 +6,61 @@
 #include "node.h"
 
 /**
- * Note that it is expected for this list to vary across specific LTS and 
- * Stable versions! Only CVE's whose fixes require *breaking* changes within 
- * a given LTS or Stable may be added to this list, and only with CTC 
- * consensus. 
+ * Note that it is expected for this list to vary across specific LTS and
+ * Stable versions! Only CVE's whose fixes require *breaking* changes within
+ * a given LTS or Stable may be added to this list, and only with CTC
+ * consensus.
  *
  * For *master* this list should always be empty!
- *
  **/
-#define REVERSIONS(XX)
-//  XX(CVE_2016_PEND, "CVE-2016-PEND", "Vulnerability Title")
-
 namespace node {
 
-typedef enum {
-#define V(code, _, __) REVERT_ ## code,
-  REVERSIONS(V)
-#undef V
-} reversions_t;
+#define SECURITY_REVERSIONS(XX)
+//  XX(CVE_2016_PEND, "CVE-2016-PEND", "Vulnerability Title")
 
+enum reversion {
+#define V(code, ...) SECURITY_REVERT_##code,
+  SECURITY_REVERSIONS(V)
+#undef V
+};
 
-/* A bit field for tracking the active reverts */
 extern unsigned int reverted;
 
-/* Revert the given CVE (see reversions_t enum) */
-void Revert(const unsigned int cve);
+inline const char* RevertMessage(const reversion cve) {
+#define V(code, label, msg) case SECURITY_REVERT_##code: return label ": " msg;
+  switch (cve) {
+    SECURITY_REVERSIONS(V)
+    default:
+      return "Unknown";
+  }
+#undef V
+}
 
-/* Revert the given CVE by label */
-void Revert(const char* cve);
+inline void Revert(const reversion cve) {
+  reverted |= 1 << cve;
+  printf("SECURITY WARNING: Reverting %s\n", RevertMessage(cve));
+}
 
-/* true if the CVE has been reverted **/
-bool IsReverted(const unsigned int cve);
+inline void Revert(const char* cve) {
+#define V(code, label, _)                                                     \
+  if (strcmp(cve, label) == 0) return Revert(SECURITY_REVERT_##code);
+  SECURITY_REVERSIONS(V)
+#undef V
+  printf("Error: Attempt to revert an unknown CVE [%s]\n", cve);
+  exit(12);
+}
 
-/* true if the CVE has been reverted **/
-bool IsReverted(const char * cve);
+inline bool IsReverted(const reversion cve) {
+  return reverted & (1 << cve);
+}
+
+inline bool IsReverted(const char* cve) {
+#define V(code, label, _)                                                     \
+  if (strcmp(cve, label) == 0) return IsReverted(SECURITY_REVERT_##code);
+  SECURITY_REVERSIONS(V)
+  return false;
+#undef V
+}
 
 }  // namespace node
 
