Skip to content

Commit

Permalink
Upgrade latest packages; run npm audit fix; add logic to prevent prot…
Browse files Browse the repository at this point in the history
…otype pollution in parseNested
  • Loading branch information
richardgirges committed Jul 29, 2020
1 parent e9848fc commit d81bee9
Show file tree
Hide file tree
Showing 4 changed files with 518 additions and 503 deletions.
12 changes: 10 additions & 2 deletions lib/processNested.js
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
const INVALID_KEYS = ['__proto__'];

module.exports = function(data){
if (!data || data.length < 1) return {};

Expand All @@ -11,10 +13,16 @@ module.exports = function(data){
keyParts = key
.replace(new RegExp(/\[/g), '.')
.replace(new RegExp(/\]/g), '')
.split('.');
.split('.');

for (let index = 0; index < keyParts.length; index++){
let k = keyParts[index];

// Ensure we don't allow prototype pollution
if (INVALID_KEYS.includes(k)) {
continue;
}

if (index >= keyParts.length - 1){
current[k] = value;
} else {
Expand Down
Loading

0 comments on commit d81bee9

Please sign in to comment.