From 4a6ca7a1d42d861b1679d842c51cf2571bd7f8df Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= <tniessen@tnie.de>
Date: Thu, 18 Apr 2024 15:09:09 +0200
Subject: [PATCH] src: remove erroneous CVE-2024-27980 revert option

No security reverts should exist on the main branch.

PR-URL: https://github.com/nodejs/node/pull/52543
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Yagiz Nizipli <yagiz.nizipli@sentry.io>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
---
 src/node_revert.h                                   |  5 ++---
 src/util-inl.h                                      |  5 ++---
 .../test-child-process-spawn-windows-batch-file.js  | 13 +------------
 3 files changed, 5 insertions(+), 18 deletions(-)

diff --git a/src/node_revert.h b/src/node_revert.h
index 908a69750834bf..da212af076dfef 100644
--- a/src/node_revert.h
+++ b/src/node_revert.h
@@ -15,9 +15,8 @@
  **/
 namespace node {
 
-#define SECURITY_REVERSIONS(XX)                                            \
-  XX(CVE_2024_27980, "CVE-2024-27980", "Unsafe Windows batch file execution")
-//  XX(CVE_2016_PEND, "CVE-2016-PEND", "Vulnerability Title")
+#define SECURITY_REVERSIONS(XX)                                                \
+  //  XX(CVE_2016_PEND, "CVE-2016-PEND", "Vulnerability Title")
 
 enum reversion {
 #define V(code, ...) SECURITY_REVERT_##code,
diff --git a/src/util-inl.h b/src/util-inl.h
index dc13d1063d3721..463f982c91c71b 100644
--- a/src/util-inl.h
+++ b/src/util-inl.h
@@ -648,9 +648,8 @@ bool IsWindowsBatchFile(const char* filename) {
   static constexpr bool kIsWindows = false;
 #endif  // _WIN32
   if (kIsWindows)
-    if (!IsReverted(SECURITY_REVERT_CVE_2024_27980))
-      if (const char* p = strrchr(filename, '.'))
-        return StringEqualNoCase(p, ".bat") || StringEqualNoCase(p, ".cmd");
+    if (const char* p = strrchr(filename, '.'))
+      return StringEqualNoCase(p, ".bat") || StringEqualNoCase(p, ".cmd");
   return false;
 }
 
diff --git a/test/parallel/test-child-process-spawn-windows-batch-file.js b/test/parallel/test-child-process-spawn-windows-batch-file.js
index 81d0c64500d7ed..242f2d2d1bb468 100644
--- a/test/parallel/test-child-process-spawn-windows-batch-file.js
+++ b/test/parallel/test-child-process-spawn-windows-batch-file.js
@@ -19,24 +19,13 @@ const cp = require('child_process');
 const assert = require('assert');
 const { isWindows } = common;
 
-const arg = '--security-revert=CVE-2024-27980';
-const isRevert = process.execArgv.includes(arg);
-
-const expectedCode = isWindows && !isRevert ? 'EINVAL' : 'ENOENT';
+const expectedCode = isWindows ? 'EINVAL' : 'ENOENT';
 const expectedStatus = isWindows ? 1 : 127;
 
 const suffixes =
     'BAT bAT BaT baT BAt bAt Bat bat CMD cMD CmD cmD CMd cMd Cmd cmd'
     .split(' ');
 
-if (process.argv[2] === undefined) {
-  const a = cp.spawnSync(process.execPath, [__filename, 'child']);
-  const b = cp.spawnSync(process.execPath, [arg, __filename, 'child']);
-  assert.strictEqual(a.status, 0);
-  assert.strictEqual(b.status, 0);
-  return;
-}
-
 function testExec(filename) {
   return new Promise((resolve) => {
     cp.exec(filename).once('exit', common.mustCall(function(status) {