child_process: validate strings in exec and spawn

[puskin]

I went through the exec, execFile, spawn, execSync, execFileSync and spawnSync functions in child_process and edited all the functions to properly validate their string parameters

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 90.16%. Comparing base (3c2da4b) to head (e67638f).
Report is 1084 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #56148      +/-   ##
==========================================
+ Coverage   87.99%   90.16%   +2.17%     
==========================================
  Files         656      630      -26     
  Lines      188999   186467    -2532     
  Branches    35981    36616     +635     
==========================================
+ Hits       166301   168131    +1830     
+ Misses      15865    11125    -4740     
- Partials     6833     7211     +378     

Files with missing lines	Coverage Δ
lib/child_process.js	97.74% <100.00%> (+0.30%)	⬆️

... and 372 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[aduh95]

Can you please remove all the unrelated changes? It makes the PR hard to review. Please only include changes that are necessary to make the added test pass, and all the other changes should be made in a separate PR.

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/63969/

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/63992/

[aduh95]

It looks like the added test pass on main, meaning either the change in lib/ is only a refactor, or we are not adding sufficient coverage to avoid regression.

[puskin]

It looks like the added test pass on main, meaning either the change in lib/ is only a refactor, or we are not adding sufficient coverage to avoid regression.

it was mainly refactoring because, for example, when calling execFile, the validation was not done immediately but down the road when, at the very end, the method itself was calling the spawn function.
Tests are passing in main because the validation in spawn is already present; my change is mainly about doing it as soon as possible to reject as soon as possible in order to save some cycles and having a better stack trace

[aduh95]

in order to save some cycles and having a better stack trace

I don't think it's the right approach, we should optimize for the happy path, where there are no error thrown. IIUC, with this change we would be checking twice if the arguments are valid, so in order to save some cycles we should not land this.

[puskin]

in order to save some cycles and having a better stack trace

I don't think it's the right approach, we should optimize for the happy path, where there are no error thrown. IIUC, with this change we would be checking twice if the arguments are valid, so in order to save some cycles we should not land this.

gotcha. I went in that direction because I noticed that was the case already. With the latest push all the validation is done down the line and only once

[aduh95]

The added tests are passing on latest main. If we want to move forward with this, we should split this into two PRs/commits, one that increases the coverage, one that refactors the implementation

[aduh95]

The commit message of 80fcad1 should say it's a refactor, e.g. child_process: refactor string validation in exec and spawn.

The commit message of 2f43432 should be using test: subsystem, not child_process:, e.g. test: increase coverage of argument validation of cp methods.

IMO the order of commits should be reversed, tests should land first.

Addressed

[puskin]

Is anything else needed here?

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/64617/

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/64998/

[puskin]

can I please request a rerun of the pipeline?

[puskin]

anything else needed here?

[BridgeAR]

LGTM with the only the two obsolete validations removed.

[BridgeAR]

If we keep the changes as before, the compiler has to do less inlining.

Suggested change

	function validateStringParam(param, paramName) {
	validateString(param, paramName);
	validateArgumentNullCheck(param, paramName);
	if (param.length === 0) {
	throw new ERR_INVALID_ARG_VALUE(paramName, param, 'cannot be empty');
	}
	}
	if (file.length === 0)
	throw new ERR_INVALID_ARG_VALUE('file', file, 'cannot be empty');
	function normalizeSpawnArguments(file, args, options) {
	validateStringParam(file, 'file');
	function normalizeSpawnArguments(file, args, options) {
	validateString(file, 'file');
	validateArgumentNullCheck(file, 'file');
	if (file.length === 0) {
	throw new ERR_INVALID_ARG_VALUE(file, 'file', 'cannot be empty');
	}

[BridgeAR]

Suggested change

	throw new ERR_INVALID_ARG_VALUE(file, 'file', 'cannot be empty');
	throw new ERR_INVALID_ARG_VALUE('file', file, 'cannot be empty');