chore: protect internals against prototype tampering

PR-URL: nodejs/node#43578
Reviewed-By: Tobias Nießen <[email protected]>
Reviewed-By: Mohammed Keyvanzadeh <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: James M Snell <[email protected]>

lib/internal/test_runner/test.js

@@ -227,7 +227,7 @@ class Test extends AsyncResource {
       }
     }
 
-    const test = new Factory({ fn, name, parent, ...options, ...overrides })
+    const test = new Factory({ __proto__: null, fn, name, parent, ...options, ...overrides })
 
     if (parent.waitingOn === 0) {
       parent.waitingOn = test.testNumber

test/fixtures/test-runner/protoMutation.js

@@ -0,0 +1,3 @@
+'use strict'
+
+Object.prototype.skip = true // eslint-disable-line no-extend-native

test/parallel/test-runner-cli.js

@@ -35,6 +35,22 @@ const testFixtures = fixtures.path('test-runner')
   assert.match(stdout, /ok 4 - .+random\.cjs/)
 }
 
+{
+  // Same but with a prototype mutation in require scripts.
+  const args = ['--require', join(testFixtures, 'protoMutation.js'), '--test', testFixtures]
+  const child = spawnSync(process.execPath, args)
+
+  const stdout = child.stdout.toString()
+  assert.match(stdout, /ok 1 - .+index\.test\.js/)
+  assert.match(stdout, /not ok 2 - .+random\.test\.mjs/)
+  assert.match(stdout, /not ok 1 - this should fail/)
+  assert.match(stdout, /ok 3 - .+subdir.+subdir_test\.js/)
+  assert.match(stdout, /ok 4 - .+random\.cjs/)
+  assert.strictEqual(child.status, 1)
+  assert.strictEqual(child.signal, null)
+  assert.strictEqual(child.stderr.toString(), '')
+}
+
 {
   // User specified files that don't match the pattern are still run.
   const args = ['--test', testFixtures, join(testFixtures, 'index.js')]