mirrors/axios
2
0
Fork 0
mirror of https://github.com/tenrok/axios.git synced 2026-06-20 20:00:40 +03:00
Code Activity

fix(security): fixed formToJSON prototype pollution vulnerability; (#6167)

Browse Source
This commit is contained in:
Dmitriy Mozgovoy
2024-01-03 21:37:32 +02:00
committed by GitHub
parent 75af1cdff5
commit 3c0c11cade
2 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/helpers/formDataToJSON.js
+3
View File
@@ -49,6 +49,9 @@ function arrayToObject(arr) {
function formDataToJSON(formData) { function formDataToJSON(formData) {
function buildPath(path, value, target, index) { function buildPath(path, value, target, index) {
let name = path[index++]; let name = path[index++];
if (name === '__proto__') return true;
const isNumericKey = Number.isFinite(+name); const isNumericKey = Number.isFinite(+name);
const isLast = index >= path.length; const isLast = index >= path.length;
name = !name && utils.isArray(target) ? target.length : name; name = !name && utils.isArray(target) ? target.length : name;
test/specs/helpers/formDataToJSON.spec.js
+21
View File
@@ -47,4 +47,25 @@ describe('formDataToJSON', function () {
foo: ['1', '2'] foo: ['1', '2']
}); });
}); });
it('should resist prototype pollution CVE', () => {
const formData = new FormData();
formData.append('foo[0]', '1');
formData.append('foo[1]', '2');
formData.append('__proto__.x', 'hack');
formData.append('constructor.prototype.y', 'value');
expect(formDataToJSON(formData)).toEqual({
foo: ['1', '2'],
constructor: {
prototype: {
y: 'value'
}
}
});
expect({}.x).toEqual(undefined);
expect({}.y).toEqual(undefined);
});
}); });