Skip to content

Commit

Permalink
fix: prototype pollution
Browse files Browse the repository at this point in the history 
for curiousity’s sake, I checked if this has any
significant performance impact and it does not.

Based on 10 runs before and after, all values in
percent:

                         MED    AVG
get first level property 0.37	0.42
get second level property 0.40	0.61
get third level property 0.26	0.41
set first level property 2.25	2.16
set second level property 1.45	1.67
set third level property 2.05	1.98
push property into array -0.41	-0.51

2.25% slowdown as a worst case is not significant.
  • Loading branch information
@janl
janl committed Jul 3, 2020
1 parent dc3ea9b commit 234e343
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 0 deletions.
3 changes: 3 additions & 0 deletions jsonpointer.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,9 @@ function setter (obj, pointer, value) {
var part
var hasNextPart

if (pointer[1] === 'constructor' && pointer[2] === 'prototype') return obj
if (pointer[1] === '__proto__') return obj

for (var p = 1, len = pointer.length; p < len;) {
part = untilde(pointer[p++])
hasNextPart = len > p
Expand Down
8 changes: 8 additions & 0 deletions test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,4 +128,12 @@ assert.equal(pointer.set(a, 'test'), 'bar')
assert.equal(pointer.get(a), 'test')
assert.deepEqual(a, {foo: 'test'})

var b = {}
jsonpointer.set({}, '/constructor/prototype/boo', 'polluted')
assert(!b.boo, 'should not boo')

var c = {}
jsonpointer.set({}, '/__proto__/boo', 'polluted')
assert(!c.boo, 'should not boo')

console.log('All tests pass.')

0 comments on commit 234e343

Please sign in to comment.