From 73a5663c333bb5d0064e7677d72eeebd2dbebf80 Mon Sep 17 00:00:00 2001
From: James M Snell <jasnell@gmail.com>
Date: Fri, 8 Apr 2016 12:22:36 -0700
Subject: [PATCH] process: make process.config read-only

Refs: https://github.com/nodejs/node/pull/6115
---
 doc/api/process.markdown                      | 22 ++++++++-------
 lib/internal/process.js                       | 28 ++++++++++++++++---
 test/parallel/test-process-config-readonly.js | 14 ++++++++++
 3 files changed, 50 insertions(+), 14 deletions(-)
 create mode 100644 test/parallel/test-process-config-readonly.js

diff --git a/doc/api/process.markdown b/doc/api/process.markdown
index 2e65e6a4b1efca..e488883f49e377 100644
--- a/doc/api/process.markdown
+++ b/doc/api/process.markdown
@@ -473,22 +473,24 @@ An example of the possible output looks like:
   variables:
    {
      host_arch: 'x64',
-     node_install_npm: 'true',
+     node_install_npm: true,
      node_prefix: '',
-     node_shared_cares: 'false',
-     node_shared_http_parser: 'false',
-     node_shared_libuv: 'false',
-     node_shared_zlib: 'false',
-     node_use_dtrace: 'false',
-     node_use_openssl: 'true',
-     node_shared_openssl: 'false',
-     strict_aliasing: 'true',
+     node_shared_cares: false,
+     node_shared_http_parser: false,
+     node_shared_libuv: false,
+     node_shared_zlib: false,
+     node_use_dtrace: false,
+     node_use_openssl: true,
+     node_shared_openssl: false,
+     strict_aliasing: true,
      target_arch: 'x64',
-     v8_use_snapshot: 'true'
+     v8_use_snapshot: true
    }
 }
 ```
 
+The `process.config` object is read-only and cannot be modified or extended.
+
 ## process.connected
 
 * {Boolean} Set to false after `process.disconnect()` is called
diff --git a/lib/internal/process.js b/lib/internal/process.js
index 17ca5bc326c08a..21584c8be69a2a 100644
--- a/lib/internal/process.js
+++ b/lib/internal/process.js
@@ -60,10 +60,30 @@ function setupConfig(_source) {
       .replace(/"/g, '\\"')
       .replace(/'/g, '"');
 
-  process.config = JSON.parse(config, function(key, value) {
-    if (value === 'true') return true;
-    if (value === 'false') return false;
-    return value;
+  // Use a lazy getter and freeze the config object on parse.
+  // This makes it slower but ensures that userland cannot
+  // overwrite the config.
+  var _config;
+  Object.defineProperty(process, 'config', {
+    configurable: false,
+    enumerable: true,
+    get: function() {
+      if (!_config) {
+        _config = JSON.parse(config, (key, value) => {
+          if (value === 'true') return true;
+          if (value === 'false') return false;
+          if (typeof value === 'object')
+            Object.freeze(value);
+          return value;
+        });
+      }
+      return _config;
+    },
+    set: function set(val) {
+      const err = TypeError('process.config is read-only.');
+      Error.captureStackTrace(err, set);
+      throw err;
+    }
   });
 }
 
diff --git a/test/parallel/test-process-config-readonly.js b/test/parallel/test-process-config-readonly.js
new file mode 100644
index 00000000000000..702603a0f6f160
--- /dev/null
+++ b/test/parallel/test-process-config-readonly.js
@@ -0,0 +1,14 @@
+'use strict';
+
+require('../common');
+const assert = require('assert');
+
+const config = process.config;
+
+assert(config);
+assert(config.variables);
+
+// These throw because the objects are frozen.
+assert.throws(() => process.config = {}, TypeError);
+assert.throws(() => process.config.a = 1, TypeError);
+assert.throws(() => process.config.variables.a = 1, TypeError);