Skip to content

Commit

Permalink
Fix prototype pollution
Browse files Browse the repository at this point in the history
  • Loading branch information
@mario-canva
mario-canva committed Mar 21, 2022
1 parent aff22f4 commit c571d80
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 0 deletions.
6 changes: 6 additions & 0 deletions lib/parse.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,6 +153,12 @@ function parsePlistXML (node) {
if (isEmptyNode(node)) {
return '';
}

invariant(
node.childNodes[0].nodeValue !== '__proto__',
'__proto__ keys can lead to prototype pollution. More details on CVE-2022-22912'
);

return node.childNodes[0].nodeValue;
} else if (node.nodeName === 'string') {
res = '';
Expand Down
7 changes: 7 additions & 0 deletions test/parse.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -187,6 +187,13 @@ U=</data>
);
assert.deepEqual(parsed, { a: { a1: true } });
});

/* Test to protect against CVE-2022-22912 */
it('should throw if key value is __proto__', function () {
assert.throws(function () {
parseFixture('<dict><key>__proto__</key><dict><key>length</key><string>polluted</string></dict></dict>');
});
});
});

describe('integration', function () {
Expand Down

0 comments on commit c571d80

Please sign in to comment.