Skip to content

Commit

Permalink
fix: improve prototype pollution detection
Browse files Browse the repository at this point in the history 
chore: bump dependencies
  • Loading branch information
@Cherry
Cherry committed Mar 26, 2022
1 parent 2602e74 commit b438bd5
Show file tree
Hide file tree
Showing 4 changed files with 6,734 additions and 971 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ jobs:
strategy:
matrix:
os: [ubuntu-latest, windows-latest, macOS-latest]
node: [12, 14]
node: [16]
name: Node ${{ matrix.node }} ${{ matrix.os}} Test
steps:
- uses: actions/checkout@v1
Expand Down
12 changes: 8 additions & 4 deletions ini.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,10 @@ const {hasOwnProperty} = Object.prototype;

const eol = require('os').EOL;

function isConstructorOrProto(obj, key){
return key === 'constructor' && typeof obj[key] === 'function' || key === '__proto__';
}

const encode = (obj, options) => {
const children = [];
let out = '';
Expand Down Expand Up @@ -82,7 +86,7 @@ const decode = (str, options = {}) => {
if(!match){ continue; }
if(match[1] !== undefined){
section = unsafe(match[1]);
if(section === '__proto__'){
if(isConstructorOrProto(out, section)){
// not allowed
// keep parsing the section, but don't attach it.
ref = Object.create(null);
Expand All @@ -92,7 +96,7 @@ const decode = (str, options = {}) => {
continue;
}
let key = unsafe(match[2]);
if(key === '__proto__'){ continue; }
if(isConstructorOrProto(ref, key)){ continue; }
let value = match[3] ? unsafe(match[3]) : defaultValue;
switch(value){
case 'true':
Expand All @@ -107,7 +111,7 @@ const decode = (str, options = {}) => {
// Convert keys with '[]' suffix to an array
if(key.length > 2 && key.slice(-2) === '[]'){
key = key.slice(0, Math.max(0, key.length - 2));
if(key === '__proto__'){ continue; }
if(isConstructorOrProto(ref, key)){ continue; }
if(!hasOwnProperty.call(ref, key)){
ref[key] = [];
}else if(!Array.isArray(ref[key])){
Expand Down Expand Up @@ -140,7 +144,7 @@ const decode = (str, options = {}) => {
const lastKey = parts.pop();
const unescapedLastKey = lastKey.replace(/\\\./g, '.');
for(const part of parts){
if(part === '__proto__'){ continue; }
if(isConstructorOrProto(outPart, part)){ continue; }
if(!hasOwnProperty.call(outPart, part) || typeof outPart[part] !== 'object'){
outPart[part] = Object.create(null);
}
Expand Down
Loading

0 comments on commit b438bd5

Please sign in to comment.