feat: add bodyParser.onProtoPoisoning type define

cojs/co-body#87

index.d.ts

@@ -330,6 +330,7 @@ declare module 'egg' {
      * @property {Number} queryString.parameterLimit - paramter number limit ,default 1000
      * @property {string[]} enableTypes - parser will only parse when request type hits enableTypes, default is ['json', 'form']
      * @property {any} extendTypes - support extend types
+     * @property {string} onProtoPoisoning - Defines what action must take when parsing a JSON object with `__proto__`. Possible values are `'error'`, `'remove'` and `'ignore'`. Default is `'error'`, it will throw a `SyntaxError` when `Prototype-Poisoning` happen.
      */
     bodyParser: {
       enable: boolean;
@@ -351,6 +352,8 @@ declare module 'egg' {
         form: string[];
         text: string[];
       };
+      /** Default is `'error'`, it will throw a `SyntaxError` when `Prototype-Poisoning` happen. */
+      onProtoPoisoning: 'error' | 'remove' | 'ignore';
     };
 
     /**

test/app/middleware/body_parser.test.js

@@ -98,6 +98,16 @@ describe('test/app/middleware/body_parser.test.js', () => {
       .expect(400);
   });
 
+  it('should 400 when POST with Prototype-Poisoning body', async () => {
+    app.mockCsrf();
+    await app.httpRequest()
+      .post('/test/body_parser/user')
+      .set('content-type', 'application/json')
+      .set('content-encoding', 'gzip')
+      .expect(/unexpected end of file, check bodyParser config/)
+      .expect(400);
+  });
+
   it('should disable body parser', async () => {
     app1 = utils.app('apps/body_parser_testapp_disable');
     await app1.ready();