Skip to content
Permalink
Browse files Browse the repository at this point in the history
Security Fix for Prototype Pollution (#511)
  • Loading branch information
huntr.dev | the place to protect open source committed Jan 26, 2021
1 parent 9725f5e commit c566395
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 1 deletion.
3 changes: 2 additions & 1 deletion src/helpers.js
Expand Up @@ -444,7 +444,8 @@ function merger(deep, ...objects) {
for (k in t) {
if (deep &&
type.object(t[k]) &&
!(t[k] instanceof Monkey)) {
!(t[k] instanceof Monkey) &&
!(k === '__proto__' || k === 'constructor' || k === 'prototype')) {
o[k] = merger(true, o[k] || {}, t[k]);
}
else {
Expand Down
8 changes: 8 additions & 0 deletions test/suites/helpers.ts
Expand Up @@ -94,6 +94,14 @@ describe('Helpers', function() {
{one: {two: [3, 4]}, three: 3}
);
});

it('merge should not pollute object prototype.', function() {
const data = JSON.parse('{"__proto__": {"polluted": true}}');

deepMerge({}, data);

assert.equal(Object.keys(Object.prototype).includes('polluted'), false);
});
});

/**
Expand Down

0 comments on commit c566395

Please sign in to comment.