diff options
author | Ben Noordhuis <info@bnoordhuis.nl> | 2017-07-24 14:36:36 +0200 |
---|---|---|
committer | Ruben Bridgewater <ruben@bridgewater.de> | 2017-08-30 15:41:23 -0300 |
commit | 0f7c06eb2d885d59dc87b47b8c524eed60a89a0a (patch) | |
tree | 48321e556de12f92873ff216047b304dcd26a206 /test/parallel/test-tls-translate-peer-certificate.js | |
parent | 6eeb06f234ea5766831f2c51dbb2e3c84bc9bff6 (diff) | |
download | android-node-v8-0f7c06eb2d885d59dc87b47b8c524eed60a89a0a.tar.gz android-node-v8-0f7c06eb2d885d59dc87b47b8c524eed60a89a0a.tar.bz2 android-node-v8-0f7c06eb2d885d59dc87b47b8c524eed60a89a0a.zip |
tls: fix object prototype type confusion
Use `Object.create(null)` for dictionary objects so that keys from
certificate strings or the authorityInfoAccess field cannot conflict
with Object.prototype properties.
PR-URL: https://github.com/nodejs/node/pull/14447
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Diffstat (limited to 'test/parallel/test-tls-translate-peer-certificate.js')
-rw-r--r-- | test/parallel/test-tls-translate-peer-certificate.js | 30 |
1 files changed, 22 insertions, 8 deletions
diff --git a/test/parallel/test-tls-translate-peer-certificate.js b/test/parallel/test-tls-translate-peer-certificate.js index 537c00a009..f8499e0c7e 100644 --- a/test/parallel/test-tls-translate-peer-certificate.js +++ b/test/parallel/test-tls-translate-peer-certificate.js @@ -1,3 +1,4 @@ +/* eslint-disable no-proto */ 'use strict'; const common = require('../common'); @@ -7,8 +8,12 @@ if (!common.hasCrypto) const { strictEqual, deepStrictEqual } = require('assert'); const { translatePeerCertificate } = require('_tls_common'); -const certString = 'A=1\nB=2\nC=3'; -const certObject = { A: '1', B: '2', C: '3' }; +const certString = '__proto__=42\nA=1\nB=2\nC=3'; +const certObject = Object.create(null); +certObject.__proto__ = '42'; +certObject.A = '1'; +certObject.B = '2'; +certObject.C = '3'; strictEqual(translatePeerCertificate(null), null); strictEqual(translatePeerCertificate(undefined), null); @@ -19,14 +24,14 @@ strictEqual(translatePeerCertificate(1), 1); deepStrictEqual(translatePeerCertificate({}), {}); deepStrictEqual(translatePeerCertificate({ issuer: '' }), - { issuer: {} }); + { issuer: Object.create(null) }); deepStrictEqual(translatePeerCertificate({ issuer: null }), { issuer: null }); deepStrictEqual(translatePeerCertificate({ issuer: certString }), { issuer: certObject }); deepStrictEqual(translatePeerCertificate({ subject: '' }), - { subject: {} }); + { subject: Object.create(null) }); deepStrictEqual(translatePeerCertificate({ subject: null }), { subject: null }); deepStrictEqual(translatePeerCertificate({ subject: certString }), @@ -47,9 +52,18 @@ deepStrictEqual( } deepStrictEqual(translatePeerCertificate({ infoAccess: '' }), - { infoAccess: {} }); + { infoAccess: Object.create(null) }); deepStrictEqual(translatePeerCertificate({ infoAccess: null }), { infoAccess: null }); -deepStrictEqual( - translatePeerCertificate({ infoAccess: 'OCSP - URI:file:///etc/passwd' }), - { infoAccess: { 'OCSP - URI': ['file:///etc/passwd'] } }); +{ + const input = + '__proto__:mostly harmless\n' + + 'hasOwnProperty:not a function\n' + + 'OCSP - URI:file:///etc/passwd\n'; + const expected = Object.create(null); + expected.__proto__ = ['mostly harmless']; + expected.hasOwnProperty = ['not a function']; + expected['OCSP - URI'] = ['file:///etc/passwd']; + deepStrictEqual(translatePeerCertificate({ infoAccess: input }), + { infoAccess: expected }); +} |