child_process: validate strings in exec and spawn

[puskin94]

I went through the exec, execFile, spawn, execSync, execFileSync and spawnSync functions in child_process and edited all the functions to properly validate their string parameters

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 89.17%. Comparing base (3c2da4b) to head (446cf6a).
Report is 203 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #56148      +/-   ##
==========================================
+ Coverage   87.99%   89.17%   +1.18%     
==========================================
  Files         656      662       +6     
  Lines      188999   191670    +2671     
  Branches    35981    36892     +911     
==========================================
+ Hits       166301   170913    +4612     
+ Misses      15865    13623    -2242     
- Partials     6833     7134     +301     

Files with missing lines	Coverage Δ
lib/child_process.js	97.73% <100.00%> (+0.30%)	⬆️

... and 205 files with indirect coverage changes

[aduh95]

Can you please remove all the unrelated changes? It makes the PR hard to review. Please only include changes that are necessary to make the added test pass, and all the other changes should be made in a separate PR.

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/63969/

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/63992/

[aduh95]

It looks like the added test pass on main, meaning either the change in lib/ is only a refactor, or we are not adding sufficient coverage to avoid regression.

[puskin94]

It looks like the added test pass on main, meaning either the change in lib/ is only a refactor, or we are not adding sufficient coverage to avoid regression.

it was mainly refactoring because, for example, when calling execFile, the validation was not done immediately but down the road when, at the very end, the method itself was calling the spawn function.
Tests are passing in main because the validation in spawn is already present; my change is mainly about doing it as soon as possible to reject as soon as possible in order to save some cycles and having a better stack trace

[aduh95]

in order to save some cycles and having a better stack trace

I don't think it's the right approach, we should optimize for the happy path, where there are no error thrown. IIUC, with this change we would be checking twice if the arguments are valid, so in order to save some cycles we should not land this.

[puskin94]

in order to save some cycles and having a better stack trace

I don't think it's the right approach, we should optimize for the happy path, where there are no error thrown. IIUC, with this change we would be checking twice if the arguments are valid, so in order to save some cycles we should not land this.

gotcha. I went in that direction because I noticed that was the case already. With the latest push all the validation is done down the line and only once

[aduh95]

The added tests are passing on latest main. If we want to move forward with this, we should split this into two PRs/commits, one that increases the coverage, one that refactors the implementation

[aduh95]

The commit message of 80fcad1 should say it's a refactor, e.g. child_process: refactor string validation in exec and spawn.

The commit message of 2f43432 should be using test: subsystem, not child_process:, e.g. test: increase coverage of argument validation of cp methods.

IMO the order of commits should be reversed, tests should land first.