Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix TypeError if path /constructor/foo is accessed #16

Merged

Conversation

@rndstr
Copy link
Contributor

rndstr commented Oct 22, 2015

If there are any literals available in the router, then any access to a path with
multiple segments and its first segment an object prototype property, lead to a
TypeError.

This fixes these TypeErrors by checking whether the property is the literal list's own.

There is a similar code path for the this._fulls but the path always contains a leading slash,
thus is not vulnerable to such error.

Debug: internal, implementation, error
    TypeError: match.lookup is not a function
    at Object.internals.deeper (/some-project/node_modules/hapi/node_modules/call/lib/segment.js:240:28)
    at internals.Segment.lookup (/some-project/node_modules/hapi/node_modules/call/lib/segment.js:177:36)
    at internals.Router._lookup (/some-project/node_modules/hapi/node_modules/call/lib/index.js:113:28)
    at internals.Router.route (/some-project/node_modules/hapi/node_modules/call/lib/index.js:94:22)
    at internals.Request._lifecycle (/some-project/node_modules/hapi/lib/request.js:343:41)
    at internals.Request._execute (/some-project/node_modules/hapi/lib/request.js:312:21)
    at Domain.<anonymous> (/some-project/node_modules/hapi/lib/connection.js:253:25)
    at Domain.run (domain.js:191:14)
    at internals.Protect.enter (/some-project/node_modules/hapi/lib/protect.js:84:17)
    at Server.internals.Connection._dispatch (/some-project/node_modules/hapi/lib/connection.js:251:30)
@devinivy

This comment has been minimized.

Copy link
Member

devinivy commented Oct 22, 2015

Haha, interesting! Looks good to me.

@hueniverse hueniverse added the bug label Nov 4, 2015
If there are any literals available in the router, then any access to a path with
multiple segments and its first segment an object prototype property lead to a
TypeError.

This fixes these TypeErrors by checking whether the property is the literal list's own.

There is a similar code path for the `this._fulls` but the path always contains a leading slash,
thus is not vulnerable to such error.

```
Debug: internal, implementation, error
    TypeError: match.lookup is not a function
    at Object.internals.deeper (/some-project/node_modules/hapi/node_modules/call/lib/segment.js:240:28)
    at internals.Segment.lookup (/some-project/node_modules/hapi/node_modules/call/lib/segment.js:177:36)
    at internals.Router._lookup (/some-project/node_modules/hapi/node_modules/call/lib/index.js:113:28)
    at internals.Router.route (/some-project/node_modules/hapi/node_modules/call/lib/index.js:94:22)
    at internals.Request._lifecycle (/some-project/node_modules/hapi/lib/request.js:343:41)
    at internals.Request._execute (/some-project/node_modules/hapi/lib/request.js:312:21)
    at Domain.<anonymous> (/some-project/node_modules/hapi/lib/connection.js:253:25)
    at Domain.run (domain.js:191:14)
    at internals.Protect.enter (/some-project/node_modules/hapi/lib/protect.js:84:17)
    at Server.internals.Connection._dispatch (/some-project/node_modules/hapi/lib/connection.js:251:30)
```
@rndstr rndstr force-pushed the rndstr:fix/object-prototype-properties-typeerror branch from 4a2717a to 99cd8e1 Jan 14, 2016
@rndstr

This comment has been minimized.

Copy link
Contributor Author

rndstr commented Jan 14, 2016

I rebased and updated changes to es6

@rndstr rndstr force-pushed the rndstr:fix/object-prototype-properties-typeerror branch from 99cd8e1 to d7753ec Jan 14, 2016
@hueniverse

This comment has been minimized.

Copy link
Member

hueniverse commented Jan 15, 2016

Need to fix the linting issues. I might implement this differently but worth getting this PR finished.

@hueniverse hueniverse self-assigned this Jan 15, 2016
@rndstr

This comment has been minimized.

Copy link
Contributor Author

rndstr commented Jan 15, 2016

@hueniverse fixed. Feel free to adjust as you wish

@hueniverse hueniverse added this to the 3.0.1 milestone May 19, 2016
@hueniverse hueniverse merged commit 8043e25 into hapijs:master May 19, 2016
1 check passed
1 check passed
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@rndstr rndstr deleted the rndstr:fix/object-prototype-properties-typeerror branch May 20, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.