stream: refactor duplexify to be less suceptible to prototype pollution

PR-URL: #62559
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Jordan Harband <ljharb@gmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>

Author: aduh95

lib/internal/streams/duplexify.js

@@ -63,23 +63,23 @@ module.exports = function duplexify(body, name) {
   }
 
   if (isReadableNodeStream(body)) {
-    return _duplexify({ readable: body });
+    return _duplexify({ __proto__: null, readable: body });
   }
 
   if (isWritableNodeStream(body)) {
-    return _duplexify({ writable: body });
+    return _duplexify({ __proto__: null, writable: body });
   }
 
   if (isNodeStream(body)) {
-    return _duplexify({ writable: false, readable: false });
+    return _duplexify({ __proto__: null, writable: false, readable: false });
   }
 
   if (isReadableStream(body)) {
-    return _duplexify({ readable: Readable.fromWeb(body) });
+    return _duplexify({ __proto__: null, readable: Readable.fromWeb(body) });
   }
 
   if (isWritableStream(body)) {
-    return _duplexify({ writable: Writable.fromWeb(body) });
+    return _duplexify({ __proto__: null, writable: Writable.fromWeb(body) });
   }
 
   if (typeof body === 'function') {
@@ -173,7 +173,7 @@ module.exports = function duplexify(body, name) {
         duplexify(body.writable) :
       undefined;
 
-    return _duplexify({ readable, writable });
+    return _duplexify({ __proto__: null, readable, writable });
   }
 
   const then = body?.then;
@@ -231,12 +231,12 @@ function fromAsyncGen(fn) {
     write(chunk, encoding, cb) {
       const _resolve = resolve;
       resolve = null;
-      _resolve({ chunk, done: false, cb });
+      _resolve({ __proto__: null, chunk, done: false, cb });
     },
     final(cb) {
       const _resolve = resolve;
       resolve = null;
-      _resolve({ done: true, cb });
+      _resolve({ __proto__: null, done: true, cb });
     },
     destroy(err, cb) {
       ac.abort();