prototype pollution fix

418sec · Jan 12, 2021 · f028027 · f028027
1 parent e959c55
commit f028027
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 3 deletions.
diff --git a/packages/grpc-native-core/index.js b/packages/grpc-native-core/index.js
@@ -30,6 +30,8 @@ var server = require('./src/server.js');
 
 var common = require('./src/common.js');
 
+var utils = require('./src/utils.js');
+
 var Metadata = require('./src/metadata.js');
 
 var grpc = require('./src/grpc_extension');
@@ -161,7 +163,7 @@ exports.loadPackageDefinition = function loadPackageDefintion(packageDef) {
   for (const serviceFqn in packageDef) {
     const service = packageDef[serviceFqn];
     const nameComponents = serviceFqn.split('.');
-    if (nameComponents.some(comp => comp === '__proto__')) {
+    if (nameComponents.some(comp => utils.isPrototypePolluted(comp))) {
       continue;
     }
     const serviceName = nameComponents[nameComponents.length-1];

diff --git a/packages/grpc-native-core/src/client.js b/packages/grpc-native-core/src/client.js
@@ -41,6 +41,8 @@ var Metadata = require('./metadata');
 
 var constants = require('./constants');
 
+var utils = require('./utils');
+
 var EventEmitter = require('events').EventEmitter;
 
 var stream = require('stream');
@@ -992,7 +994,7 @@ exports.makeClientConstructor = function(methods, serviceName,
 
   Object.keys(methods).forEach(name => {
     const attrs = methods[name];
-    if (name === '__proto__') {
+    if (utils.isPrototypePolluted(name)) {
       return;
     }
     if (name.indexOf('$') === 0) {
@@ -1014,7 +1016,7 @@ exports.makeClientConstructor = function(methods, serviceName,
     ServiceClient.prototype.$method_names[attrs.path] = name;
     // Associate all provided attributes with the method
     Object.assign(ServiceClient.prototype[name], attrs);
-    if (attrs.originalName && attrs.originalName !== '__proto__') {
+    if (attrs.originalName && !utils.isPrototypePolluted(attrs.originalName)) {
       ServiceClient.prototype[attrs.originalName] =
         ServiceClient.prototype[name];
     }

diff --git a/packages/grpc-native-core/src/utils.js b/packages/grpc-native-core/src/utils.js
@@ -0,0 +1,10 @@
+
+
+/**
+ * Returns true, if given key is included in the blacklisted
+ * keys.
+ * @param key key for check, string.
+ */
+exports.isPrototypePolluted = function(key) {
+  return ['__proto__', 'prototype', 'constructor'].includes(key);
+}