[squash] buffer: add "strict" harden mode (default)

Author: ChALkeR

lib/buffer.js

@@ -113,7 +113,12 @@ const zeroFill = bindingZeroFill || [0];
 // Hardening Buffer enables Buffer constructor runtime deprecation,
 // disables pooling, and enables mandratory zero-fill. This is more secure, but
 // has potential performance impact, depending on the usecase.
-let hardened = false;
+const harden = {
+  NONE: 0, // falsy
+  STRICT: 1,
+  LAX: 2,
+};
+let hardened = harden.NONE;
 
 function createUnsafeBuffer(size) {
   zeroFill[0] = hardened ? 1 : 0;
@@ -147,10 +152,13 @@ const bufferWarning = 'Buffer() is deprecated due to security and usability ' +
 
 function showFlaggedDeprecation() {
   if (hardened) {
+    if (hardened !== harden.LAX) {
+      throw new ERR_ASSERTION(
+        'Unsafe Buffer() API is forbidden by Buffer strict hardening opt-in.'
+      );
+    }
     if (bufferWarningAlreadyEmitted) return;
-    process.emitWarning(
-      bufferWarning + ' Buffer() will soon throw in hardened mode.',
-      'DeprecationWarning', 'DEP0XXX');
+    process.emitWarning(bufferWarning, 'DeprecationWarning', 'DEP0005');
     bufferWarningAlreadyEmitted = true;
     return;
   }
@@ -173,15 +181,20 @@ function showFlaggedDeprecation() {
 }
 
 // Calling this method does not affect existing buffers, only new ones.
-Buffer.harden = function() {
-  if (hardened) return;
+Buffer.harden = function({ strict = true } = {}) {
+  if (hardened) {
+    // So that params are not changed afterwards
+    throw new ERR_ASSERTION(
+      'Buffer.harden can be called only once'
+    );
+  }
   if (isInsideNodeModules()) {
     throw new ERR_ASSERTION(
       'Buffer.harden() should be called only from the top-level module. ' +
       'Calling Buffer.harden() from dependencies is not supported.'
     );
   }
-  hardened = true;
+  hardened = strict ? harden.STRICT : harden.LAX;
   Object.defineProperty(Buffer, 'poolSize', {
     enumerable: true,
     get: () => 0,