Permalink
Browse files

failing security test for non-enumerable linking

  • Loading branch information...
1 parent 588990c commit d2f1f37ceb3f1adc195528df4da41144e739c87a @substack substack committed Aug 9, 2011
Showing with 22 additions and 4 deletions.
  1. +1 −1 test/args.js
  2. +1 −1 test/fn.js
  3. +1 −1 test/proto.js
  4. +19 −1 test/scrub.js
View
2 test/args.js
@@ -1,5 +1,5 @@
var assert = require('assert');
-var protocol = require('dnode-protocol');
+var protocol = require('../');
function argv () { return arguments }
View
2 test/fn.js
@@ -1,5 +1,5 @@
var assert = require('assert');
-var proto = require('dnode-protocol');
+var proto = require('../');
var Traverse = require('traverse');
var EventEmitter = require('events').EventEmitter;
View
2 test/proto.js
@@ -1,5 +1,5 @@
var assert = require('assert');
-var proto = require('dnode-protocol');
+var proto = require('../');
var Traverse = require('traverse');
exports.protoHashes = function () {
View
20 test/scrub.js
@@ -1,5 +1,5 @@
var assert = require('assert');
-var Scrubber = require('dnode-protocol').Scrubber;
+var Scrubber = require('../').Scrubber;
exports.noFuncs = function () {
var s = new Scrubber;
@@ -77,3 +77,21 @@ exports.multilink = function () {
],
});
};
+
+exports.enumLink = function () {
+ var s = new Scrubber;
+ var req = {
+ method : 0,
+ arguments : [ 33, '[Function]' ],
+ callbacks : { 0 : [ '1' ] },
+ links : [ {
+ from : [ '0' ],
+ to : [ '1', 'constructor', 'prototype', 'beep' ]
+ } ]
+ };
+
+ var args = s.unscrub(req, function (id) {
+ return function () {};
+ });
+ assert.ok(!(function () {}).beep, 'created non-enumerable property');
+};

0 comments on commit d2f1f37

Please sign in to comment.