mirrors/axios
2
0
Fork 0
mirror of https://github.com/tenrok/axios.git synced 2026-06-17 19:21:29 +03:00
Code Activity

fix: replace in with has own prop util (#10761)

Browse Source
This commit is contained in:
Jay
2026-04-19 16:04:04 +02:00
committed by GitHub
parent 75873270a5
commit 42eb721eeb
2 changed files with 40 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/core/mergeConfig.js
+2 -2
View File
@@ -56,9 +56,9 @@ export default function mergeConfig(config1, config2) {
// eslint-disable-next-line consistent-return // eslint-disable-next-line consistent-return
function mergeDirectKeys(a, b, prop) { function mergeDirectKeys(a, b, prop) {
if (prop in config2) { if (utils.hasOwnProp(config2, prop)) {
return getMergedValue(a, b); return getMergedValue(a, b);
} else if (prop in config1) { } else if (utils.hasOwnProp(config1, prop)) {
return getMergedValue(undefined, a); return getMergedValue(undefined, a);
} }
} }
tests/unit/prototypePollution.test.js
Vendored
+38
View File
@@ -20,6 +20,7 @@ describe('Prototype Pollution Protection', () => {
delete Object.prototype.lookup; delete Object.prototype.lookup;
delete Object.prototype.family; delete Object.prototype.family;
delete Object.prototype.http2Options; delete Object.prototype.http2Options;
delete Object.prototype.validateStatus;
}); });
describe('utils.merge', () => { describe('utils.merge', () => {
@@ -275,6 +276,43 @@ describe('Prototype Pollution Protection', () => {
}); });
}); });
// GHSA-w9j2-pvgh-6h63: mergeDirectKeys must not inherit validateStatus from
// Object.prototype (was using the `in` operator which traverses the chain).
describe('GHSA-w9j2-pvgh-6h63 validateStatus merge', () => {
it('should not inherit a polluted validateStatus during mergeConfig', () => {
Object.prototype.validateStatus = () => true;
const merged = mergeConfig(defaults, { url: '/x' });
assert.strictEqual(merged.validateStatus, defaults.validateStatus);
});
it('should keep 4xx/5xx responses rejected when Object.prototype.validateStatus is polluted', async () => {
Object.prototype.validateStatus = () => true;
const server = http.createServer((req, res) => {
res.writeHead(401, { 'Content-Type': 'application/json' });
res.end('{"error":"unauthorized"}');
});
await new Promise((resolve) => server.listen(0, '127.0.0.1', resolve));
const { port } = server.address();
try {
let threw = false;
try {
await axios.get(`http://127.0.0.1:${port}/`);
} catch (err) {
threw = true;
assert.strictEqual(err.response.status, 401);
}
assert.strictEqual(threw, true);
} finally {
await new Promise((resolve) => server.close(resolve));
}
}, 10000);
});
// GHSA-3w6x-2g7m-8v23: end-to-end check that a polluted parseReviver does not // GHSA-3w6x-2g7m-8v23: end-to-end check that a polluted parseReviver does not
// tamper with JSON response bodies through the full axios.get pipeline. // tamper with JSON response bodies through the full axios.get pipeline.
describe('GHSA-3w6x-2g7m-8v23 parseReviver end-to-end', () => { describe('GHSA-3w6x-2g7m-8v23 parseReviver end-to-end', () => {