stream: refactor duplexify to be less suceptible to prototype pollution · nodejs/node@d73dbb9
@@ -63,23 +63,23 @@ module.exports = function duplexify(body, name) {
6363}
64646565if (isReadableNodeStream(body)) {
66-return _duplexify({ readable: body });
66+return _duplexify({ __proto__: null, readable: body });
6767}
68686969if (isWritableNodeStream(body)) {
70-return _duplexify({ writable: body });
70+return _duplexify({ __proto__: null, writable: body });
7171}
72727373if (isNodeStream(body)) {
74-return _duplexify({ writable: false, readable: false });
74+return _duplexify({ __proto__: null, writable: false, readable: false });
7575}
76767777if (isReadableStream(body)) {
78-return _duplexify({ readable: Readable.fromWeb(body) });
78+return _duplexify({ __proto__: null, readable: Readable.fromWeb(body) });
7979}
80808181if (isWritableStream(body)) {
82-return _duplexify({ writable: Writable.fromWeb(body) });
82+return _duplexify({ __proto__: null, writable: Writable.fromWeb(body) });
8383}
84848585if (typeof body === 'function') {
@@ -173,7 +173,7 @@ module.exports = function duplexify(body, name) {
173173duplexify(body.writable) :
174174undefined;
175175176-return _duplexify({ readable, writable });
176+return _duplexify({ __proto__: null, readable, writable });
177177}
178178179179const then = body?.then;
@@ -231,12 +231,12 @@ function fromAsyncGen(fn) {
231231write(chunk, encoding, cb) {
232232const _resolve = resolve;
233233resolve = null;
234-_resolve({ chunk, done: false, cb });
234+_resolve({ __proto__: null, chunk, done: false, cb });
235235},
236236final(cb) {
237237const _resolve = resolve;
238238resolve = null;
239-_resolve({ done: true, cb });
239+_resolve({ __proto__: null, done: true, cb });
240240},
241241destroy(err, cb) {
242242ac.abort();