fix: resist pollution

[shadowspawn]

Hopefully we do not cause prototype pollution, but we have two patterns which are affected by existing prototype pollution:

• destructuring assignment in function arguments
• accessing object properties, especially of option configuration, like optionConfig.type

Closes: #104

Refactor:

• be rigorous about getting only own properties
• use more ?? and null prototypes
• test string type value is a string (idea from earlier PR)
• split "check" and "store" into two functions (reduce max number of arguments, separation of concerns)
• some minor changes for hopefully clearer code

Before:

% git switch main
Switched to branch 'main'
Your branch is up to date with 'upstream/main'.
% npx tape test/pollution.js
TAP version 13
# when prototype has multiple then ignored
not ok 1 should be deeply equivalent
  ...
# when prototype has type then ignored
not ok 2 should throw
  ...
# when prototype has short then ignored
not ok 3 should throw
  ...
# when prototype has strict then ignored
not ok 4 should throw
  ...
# when prototype has args then ignored
not ok 5 should be falsy
  ...

1..5
# tests 5
# pass  0
# fail  5

After:

% git switch -
Switched to branch 'feature/pollution-proof'
Your branch is up to date with 'origin/feature/pollution-proof'.
% npx tape test/pollution.js
TAP version 13
# when prototype has multiple then ignored
ok 1 should be deeply equivalent
# when prototype has type then ignored
ok 2 should throw
# when prototype has short then ignored
ok 3 should throw
# when prototype has strict then ignored
ok 4 should throw
# when prototype has args then ignored
ok 5 should be falsy

1..5
# tests 5
# pass  5

# ok

[bcoe]

Looking good to me so far.

I think a test for the specific case @bakkot points out would be valuable.

[shadowspawn]

Is it ok to set Object prototype properties in tests? (And delete them afterwards.)

[bcoe]

Is it ok to set Object prototype properties in tests? (And delete them afterwards).

@shadowspawn this seems reasonable to me in our own prototype-pollution.js test file. I think I'd avoid upstreaming these into the Node.js codebase (out of concern for side-effects).

[aaronccasanova]

This is starting to look pretty robust 🙌

Realizing this is still in a draft state, the only thing I think would be helpful is having some brief JSDocs for the checkOptionUsage and storeOption utils. I found myself jumping around a bit to understand the shortOrLong param for checkOptionUsage was the raw option to use for the unknown option error and the values param for storeOption was a reference to the result.values object. These callouts a very non-blocking and think your WIP is looking great!

[shadowspawn]

some brief JSDocs for the checkOptionUsage and storeOption utils

Good suggestion. The long argument lists and few subtle arguments (like shortOrLong) have been irking me.

[shadowspawn]

Addressed feedback. Added tests. Moved out of Draft.

Thanks for the early comments reviewers, much appreciated commenting on the draft!