Skip to content

Commit

Permalink
Fix(core): Fix prototype pollution in vConsole.setOption(). (issue #…
Browse files Browse the repository at this point in the history 
…616 #621)
  • Loading branch information
@Maizify
Maizify committed May 22, 2023
1 parent 05d8039 commit b915917
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 2 deletions.
5 changes: 5 additions & 0 deletions dev/common.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,11 @@
vConsole.setOption('log.maxLogNumber', 20);
vConsole.setOption({ network: { maxNetworkNumber: 30 }});
vConsole.setOption({ network: { b: 123 }}); // overwrite previous line
vConsole.setOption({ '__proto__': { a: 1 }, 'prototype': { b: 2 }, 'constructor': 3 });
vConsole.setOption('__proto__.noOrig', 1);
vConsole.setOption('prototype.noOrig', 2);
vConsole.setOption('constructor', () => { console.log('hack') });
vConsole.setOption('log.__proto__.noOrig', 1);
console.log(vConsole.option);
}

Expand Down
15 changes: 13 additions & 2 deletions src/core/core.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -517,21 +517,32 @@ export class VConsole {
* @example `setOption({ log: { maxLogNumber: 20 }})`: overwrite 'log' object.
*/
public setOption(keyOrObj: any, value?: any) {

if (typeof keyOrObj === 'string') {
// parse `a.b = val` to `a: { b: val }`
const keys = keyOrObj.split('.');
let opt: any = this.option;
for (let i = 0; i < keys.length - 1; i++) {
for (let i = 0; i < keys.length; i++) {
if (keys[i] === '__proto__' || keys[i] === 'constructor' || keys[i] === 'prototype') {
console.debug(`[vConsole] Cannot set \`${keys[i]}\` in \`vConsole.setOption()\`.`);
return;
}
if (opt[keys[i]] === undefined) {
opt[keys[i]] = {};
}
if (i === keys.length - 1) {
opt[keys[i]] = value;
}
opt = opt[keys[i]];
}
opt[keys[keys.length - 1]] = value;
this._triggerPluginsEvent('updateOption');
this._updateComponentByOptions();
} else if (tool.isObject(keyOrObj)) {
for (let k in keyOrObj) {
if (k === '__proto__' || k === 'constructor' || k === 'prototype') {
console.debug(`[vConsole] Cannot set \`${k}\` in \`vConsole.setOption()\`.`);
continue;
}
this.option[k] = keyOrObj[k];
}
this._triggerPluginsEvent('updateOption');
Expand Down

0 comments on commit b915917

Please sign in to comment.