0
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-10-29 08:58:01 -04:00

fix(core): Wrap safe collections' argument of primordials (#18750)

This commit is contained in:
Kenta Moriuchi 2023-04-26 07:36:22 +09:00 committed by GitHub
parent 97820fe8ab
commit 9b49de4644
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 44 additions and 6 deletions

View file

@ -147,3 +147,25 @@ Deno.test({
};
await Promise.all([promise, server]);
});
Deno.test(
{ sanitizeOps: false },
function websocketConstructorWithPrototypePollusion() {
const originalSymbolIterator = Array.prototype[Symbol.iterator];
try {
Array.prototype[Symbol.iterator] = () => {
throw Error("unreachable");
};
assertThrows(() => {
new WebSocket(
new URL("ws://localhost:4242/"),
// Allow `Symbol.iterator` to be called in WebIDL conversion to `sequence<DOMString>`
// deno-lint-ignore no-explicit-any
["soap", "soap"].values() as any,
);
}, DOMException);
} finally {
Array.prototype[Symbol.iterator] = originalSymbolIterator;
}
},
);

View file

@ -405,7 +405,11 @@
Map,
class SafeMap extends Map {
constructor(i) {
super(i);
if (i == null) {
super();
return;
}
super(new SafeArrayIterator(i));
}
},
);
@ -413,7 +417,11 @@
WeakMap,
class SafeWeakMap extends WeakMap {
constructor(i) {
super(i);
if (i == null) {
super();
return;
}
super(new SafeArrayIterator(i));
}
},
);
@ -422,7 +430,11 @@
Set,
class SafeSet extends Set {
constructor(i) {
super(i);
if (i == null) {
super();
return;
}
super(new SafeArrayIterator(i));
}
},
);
@ -430,7 +442,11 @@
WeakSet,
class SafeWeakSet extends WeakSet {
constructor(i) {
super(i);
if (i == null) {
super();
return;
}
super(new SafeArrayIterator(i));
}
},
);

View file

@ -56,7 +56,7 @@ const {
SafeArrayIterator,
SafeMap,
SafeStringIterator,
SafeSet,
SafeSetIterator,
SafeRegExp,
SetPrototype,
SetPrototypeEntries,
@ -2158,7 +2158,7 @@ class Console {
const indexKey = isSet || isMap ? "(iter idx)" : "(idx)";
if (isSet) {
resultData = [...new SafeSet(data)];
resultData = [...new SafeSetIterator(data)];
} else if (isMap) {
let idx = 0;
resultData = {};