src: remove erroneous CVE-2024-27980 revert option

tniessen · RafaelGSS · commit 4a6ca7a1d42d · 2024-04-18T13:15:18.000-03:00
No security reverts should exist on the main branch. PR-URL: #52543 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Yagiz Nizipli <yagiz.nizipli@sentry.io> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
diff --git a/src/node_revert.h b/src/node_revert.h
@@ -15,9 +15,8 @@
  **/
 namespace node {
 
-#define SECURITY_REVERSIONS(XX)                                            \
-  XX(CVE_2024_27980, "CVE-2024-27980", "Unsafe Windows batch file execution")
-//  XX(CVE_2016_PEND, "CVE-2016-PEND", "Vulnerability Title")
+#define SECURITY_REVERSIONS(XX)                                                \
+  //  XX(CVE_2016_PEND, "CVE-2016-PEND", "Vulnerability Title")
 
 enum reversion {
 #define V(code, ...) SECURITY_REVERT_##code,
diff --git a/src/util-inl.h b/src/util-inl.h
@@ -648,9 +648,8 @@ bool IsWindowsBatchFile(const char* filename) {
   static constexpr bool kIsWindows = false;
 #endif  // _WIN32
   if (kIsWindows)
-    if (!IsReverted(SECURITY_REVERT_CVE_2024_27980))
-      if (const char* p = strrchr(filename, '.'))
-        return StringEqualNoCase(p, ".bat") || StringEqualNoCase(p, ".cmd");
+    if (const char* p = strrchr(filename, '.'))
+      return StringEqualNoCase(p, ".bat") || StringEqualNoCase(p, ".cmd");
   return false;
 }
 
diff --git a/test/parallel/test-child-process-spawn-windows-batch-file.js b/test/parallel/test-child-process-spawn-windows-batch-file.js
@@ -19,24 +19,13 @@ const cp = require('child_process');
 const assert = require('assert');
 const { isWindows } = common;
 
-const arg = '--security-revert=CVE-2024-27980';
-const isRevert = process.execArgv.includes(arg);
-
-const expectedCode = isWindows && !isRevert ? 'EINVAL' : 'ENOENT';
+const expectedCode = isWindows ? 'EINVAL' : 'ENOENT';
 const expectedStatus = isWindows ? 1 : 127;
 
 const suffixes =
     'BAT bAT BaT baT BAt bAt Bat bat CMD cMD CmD cmD CMd cMd Cmd cmd'
     .split(' ');
 
-if (process.argv[2] === undefined) {
-  const a = cp.spawnSync(process.execPath, [__filename, 'child']);
-  const b = cp.spawnSync(process.execPath, [arg, __filename, 'child']);
-  assert.strictEqual(a.status, 0);
-  assert.strictEqual(b.status, 0);
-  return;
-}
-
 function testExec(filename) {
   return new Promise((resolve) => {
     cp.exec(filename).once('exit', common.mustCall(function(status) {
