lib: avoid unsafe String methods that depend on RegExp prototype methods

Author: ExE-Boss

lib/_tls_common.js

@@ -27,7 +27,7 @@ const {
   ArrayPrototypeJoin,
   ArrayPrototypePush,
   ObjectCreate,
-  StringPrototypeReplace,
+  RegExpPrototypeSymbolReplace,
   StringPrototypeSplit,
   StringPrototypeStartsWith,
 } = primordials;
@@ -394,13 +394,15 @@ exports.translatePeerCertificate = function translatePeerCertificate(c) {
     c.infoAccess = ObjectCreate(null);
 
     // XXX: More key validation?
-    StringPrototypeReplace(info, /([^\n:]*):([^\n]*)(?:\n|$)/g,
-                           (all, key, val) => {
-                             if (key in c.infoAccess)
-                               ArrayPrototypePush(c.infoAccess[key], val);
-                             else
-                               c.infoAccess[key] = [val];
-                           });
+    RegExpPrototypeSymbolReplace(
+      /([^\n:]*):([^\n]*)(?:\n|$)/g,
+      info,
+      (all, key, val) => {
+        if (key in c.infoAccess)
+          ArrayPrototypePush(c.infoAccess[key], val);
+        else
+          c.infoAccess[key] = [val];
+      });
   }
   return c;
 };

lib/_tls_wrap.js

@@ -31,8 +31,9 @@ const {
   ObjectSetPrototypeOf,
   ReflectApply,
   RegExp,
+  RegExpPrototypeSymbolReplace,
   RegExpPrototypeTest,
-  StringPrototypeReplace,
+  StringPrototypeReplaceAll,
   StringPrototypeSlice,
   Symbol,
   SymbolFor,
@@ -1433,9 +1434,10 @@ Server.prototype.addContext = function(servername, context) {
     throw new ERR_TLS_REQUIRED_SERVER_NAME();
   }
 
-  const re = new RegExp('^' + StringPrototypeReplace(
-    StringPrototypeReplace(servername, /([.^$+?\-\\[\]{}])/g, '\\$1'),
-    /\*/g, '[^.]*'
+  const re = new RegExp('^' + StringPrototypeReplaceAll(
+    RegExpPrototypeSymbolReplace(/([.^$+?\-\\[\]{}])/g, servername, '\\$1'),
+    '*',
+    '[^.]*',
   ) + '$');
   ArrayPrototypePush(this._contexts,
                      [re, tls.createSecureContext(context).context]);

lib/assert.js

@@ -35,13 +35,14 @@ const {
   ObjectKeys,
   ObjectPrototypeIsPrototypeOf,
   ReflectApply,
+  RegExpPrototypeSymbolReplace,
   RegExpPrototypeTest,
   SafeMap,
   String,
   StringPrototypeCharCodeAt,
   StringPrototypeIncludes,
   StringPrototypeIndexOf,
-  StringPrototypeReplace,
+  StringPrototypeReplaceAll,
   StringPrototypeSlice,
   StringPrototypeSplit,
   StringPrototypeStartsWith,
@@ -271,9 +272,10 @@ function parseCode(code, offset) {
 
   return [
     node.node.start,
-    StringPrototypeReplace(StringPrototypeSlice(code,
-                                                node.node.start, node.node.end),
-                           escapeSequencesRegExp, escapeFn)
+    RegExpPrototypeSymbolReplace(
+      escapeSequencesRegExp,
+      StringPrototypeSlice(code, node.node.start, node.node.end),
+      escapeFn)
   ];
 }
 
@@ -345,7 +347,7 @@ function getErrMessage(message, fn) {
     // Always normalize indentation, otherwise the message could look weird.
     if (StringPrototypeIncludes(message, '\n')) {
       if (EOL === '\r\n') {
-        message = StringPrototypeReplace(message, /\r\n/g, '\n');
+        message = StringPrototypeReplaceAll(message, '\r\n', '\n');
       }
       const frames = StringPrototypeSplit(message, '\n');
       message = ArrayPrototypeShift(frames);

lib/buffer.js

@@ -36,8 +36,8 @@ const {
   ObjectDefineProperties,
   ObjectDefineProperty,
   ObjectSetPrototypeOf,
+  RegExpPrototypeSymbolReplace,
   StringPrototypeCharCodeAt,
-  StringPrototypeReplace,
   StringPrototypeSlice,
   StringPrototypeToLowerCase,
   StringPrototypeTrim,
@@ -812,8 +812,8 @@ Buffer.prototype[customInspectSymbol] = function inspect(recurseTimes, ctx) {
   const max = INSPECT_MAX_BYTES;
   const actualMax = MathMin(max, this.length);
   const remaining = this.length - max;
-  let str = StringPrototypeTrim(StringPrototypeReplace(
-    this.hexSlice(0, actualMax), /(.{2})/g, '$1 '));
+  let str = StringPrototypeTrim(RegExpPrototypeSymbolReplace(
+    /(.{2})/g, this.hexSlice(0, actualMax), '$1 '));
   if (remaining > 0)
     str += ` ... ${remaining} more byte${remaining > 1 ? 's' : ''}`;
   // Inspect special properties as well, if possible.

lib/internal/console/constructor.js

@@ -25,7 +25,7 @@ const {
   StringPrototypeIncludes,
   StringPrototypePadStart,
   StringPrototypeRepeat,
-  StringPrototypeReplace,
+  StringPrototypeReplaceAll,
   StringPrototypeSlice,
   StringPrototypeSplit,
   Symbol,
@@ -266,7 +266,7 @@ ObjectDefineProperties(Console.prototype, {
 
       if (groupIndent.length !== 0) {
         if (StringPrototypeIncludes(string, '\n')) {
-          string = StringPrototypeReplace(string, /\n/g, `\n${groupIndent}`);
+          string = StringPrototypeReplaceAll(string, '\n', `\n${groupIndent}`);
         }
         string = groupIndent + string;
       }

lib/internal/dns/utils.js

@@ -8,8 +8,8 @@ const {
   ArrayPrototypePush,
   FunctionPrototypeBind,
   NumberParseInt,
-  StringPrototypeMatch,
-  StringPrototypeReplace,
+  RegExpPrototypeExec,
+  RegExpPrototypeSymbolReplace,
 } = primordials;
 
 const errors = require('internal/errors');
@@ -79,21 +79,22 @@ class Resolver {
       if (ipVersion !== 0)
         return ArrayPrototypePush(newSet, [ipVersion, serv, IANA_DNS_PORT]);
 
-      const match = StringPrototypeMatch(serv, IPv6RE);
+      const match = RegExpPrototypeExec(IPv6RE, serv);
 
       // Check for an IPv6 in brackets.
       if (match) {
         ipVersion = isIP(match[1]);
 
         if (ipVersion !== 0) {
           const port = NumberParseInt(
-            StringPrototypeReplace(serv, addrSplitRE, '$2')) || IANA_DNS_PORT;
+            RegExpPrototypeSymbolReplace(addrSplitRE, serv, '$2')
+          ) || IANA_DNS_PORT;
           return ArrayPrototypePush(newSet, [ipVersion, match[1], port]);
         }
       }
 
       // addr::port
-      const addrSplitMatch = StringPrototypeMatch(serv, addrSplitRE);
+      const addrSplitMatch = RegExpPrototypeExec(addrSplitRE, serv);
 
       if (addrSplitMatch) {
         const hostIP = addrSplitMatch[1];

lib/internal/errors.js

@@ -34,13 +34,13 @@ const {
   ObjectKeys,
   RangeError,
   ReflectApply,
+  RegExpPrototypeExec,
   RegExpPrototypeTest,
   SafeMap,
   SafeWeakMap,
   String,
   StringPrototypeEndsWith,
   StringPrototypeIncludes,
-  StringPrototypeMatch,
   StringPrototypeSlice,
   StringPrototypeSplit,
   StringPrototypeStartsWith,
@@ -381,7 +381,7 @@ function getMessage(key, args, self) {
   }
 
   const expectedLength =
-    (StringPrototypeMatch(msg, /%[dfijoOs]/g) || []).length;
+    (RegExpPrototypeExec(/%[dfijoOs]/g, msg) || []).length;
   assert(
     expectedLength === args.length,
     `Code: ${key}; The provided arguments length (${args.length}) does not ` +

lib/internal/fs/utils.js

@@ -18,7 +18,7 @@ const {
   ReflectOwnKeys,
   StringPrototypeEndsWith,
   StringPrototypeIncludes,
-  StringPrototypeReplace,
+  StringPrototypeReplaceAll,
   Symbol,
   TypedArrayPrototypeIncludes,
 } = primordials;
@@ -369,7 +369,7 @@ function preprocessSymlinkDestination(path, type, linkPath) {
     return pathModule.toNamespacedPath(path);
   }
   // Windows symlinks don't tolerate forward slashes.
-  return StringPrototypeReplace(path, /\//g, '\\');
+  return StringPrototypeReplaceAll(path, '/', '\\');
 }
 
 // Constructor for file stats.

lib/internal/main/print_help.js

@@ -8,9 +8,9 @@ const {
   MathMax,
   ObjectKeys,
   RegExp,
+  RegExpPrototypeSymbolReplace,
   StringPrototypeTrimLeft,
   StringPrototypeRepeat,
-  StringPrototypeReplace,
   SafeMap,
 } = primordials;
 
@@ -72,14 +72,14 @@ const envVars = new SafeMap(ArrayPrototypeConcat([
 
 
 function indent(text, depth) {
-  return StringPrototypeReplace(text, /^/gm, StringPrototypeRepeat(' ', depth));
+  return RegExpPrototypeSymbolReplace(/^/gm, text, StringPrototypeRepeat(' ', depth));
 }
 
 function fold(text, width) {
-  return StringPrototypeReplace(text,
-                                new RegExp(`([^\n]{0,${width}})( |$)`, 'g'),
-                                (_, newLine, end) =>
-                                  newLine + (end === ' ' ? '\n' : ''));
+  return RegExpPrototypeSymbolReplace(
+    new RegExp(`([^\n]{0,${width}})( |$)`, 'g'),
+    text,
+    (_, newLine, end) => newLine + (end === ' ' ? '\n' : ''));
 }
 
 function getArgDescription(type) {

lib/internal/modules/cjs/loader.js

@@ -46,6 +46,7 @@ const {
   ObjectSetPrototypeOf,
   ReflectApply,
   ReflectSet,
+  RegExpPrototypeExec,
   RegExpPrototypeTest,
   SafeMap,
   SafeWeakMap,
@@ -55,7 +56,6 @@ const {
   StringPrototypeEndsWith,
   StringPrototypeLastIndexOf,
   StringPrototypeIndexOf,
-  StringPrototypeMatch,
   StringPrototypeSlice,
   StringPrototypeSplit,
   StringPrototypeStartsWith,
@@ -463,7 +463,7 @@ const EXPORTS_PATTERN = /^((?:@[^/\\%]+\/)?[^./\\%][^/\\%]*)(\/.*)?$/;
 function resolveExports(nmPath, request) {
   // The implementation's behavior is meant to mirror resolution in ESM.
   const [, name, expansion = ''] =
-    StringPrototypeMatch(request, EXPORTS_PATTERN) || [];
+    RegExpPrototypeExec(EXPORTS_PATTERN, request) || [];
   if (!name)
     return;
   const pkgPath = path.resolve(nmPath, name);