From c6ae8a28109fc19ea30a5d785b2215345564c0bb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C3=ABl=20Zasso?= <targos@protonmail.com>
Date: Thu, 8 Mar 2018 10:24:43 +0100
Subject: [PATCH] build: disable V8 untrusted code mitigations

Refs: https://github.com/v8/v8/wiki/Untrusted-code-mitigations

PR-URL: https://github.com/nodejs/node/pull/19222
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Yang Guo <yangguo@chromium.org>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Benedikt Meurer <benedikt.meurer@gmail.com>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
---
 common.gypi                                    |  4 ++++
 .../test-v8-untrusted-code-mitigations.js      | 18 ++++++++++++++++++
 2 files changed, 22 insertions(+)
 create mode 100644 test/parallel/test-v8-untrusted-code-mitigations.js

diff --git a/common.gypi b/common.gypi
index b2fa7874c26..2d2bc4f5d56 100644
--- a/common.gypi
+++ b/common.gypi
@@ -35,6 +35,10 @@
     # Don't bake anything extra into the snapshot.
     'v8_use_external_startup_data%': 0,
 
+    # Disable V8 untrusted code mitigations.
+    # See https://github.com/v8/v8/wiki/Untrusted-code-mitigations
+    'v8_untrusted_code_mitigations': 'false',
+
     # Some STL containers (e.g. std::vector) do not preserve ABI compatibility
     # between debug and non-debug mode.
     'disable_glibcxx_debug': 1,
diff --git a/test/parallel/test-v8-untrusted-code-mitigations.js b/test/parallel/test-v8-untrusted-code-mitigations.js
new file mode 100644
index 00000000000..c9d89cd5a66
--- /dev/null
+++ b/test/parallel/test-v8-untrusted-code-mitigations.js
@@ -0,0 +1,18 @@
+'use strict';
+
+require('../common');
+const assert = require('assert');
+const { execFileSync } = require('child_process');
+
+// This test checks that untrusted code mitigations in V8 are disabled
+// by default.
+
+const v8Options = execFileSync(process.execPath, ['--v8-options']).toString();
+
+const untrustedFlag = v8Options.indexOf('--untrusted-code-mitigations');
+assert.notStrictEqual(untrustedFlag, -1);
+
+const nextFlag = v8Options.indexOf('--', untrustedFlag + 2);
+const slice = v8Options.substring(untrustedFlag, nextFlag);
+
+assert(slice.match(/type: bool  default: false/));