Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prototype pollution #816

Open
ZLJasonG opened this issue Mar 9, 2022 · 0 comments · May be fixed by #879
Open

Prototype pollution #816

ZLJasonG opened this issue Mar 9, 2022 · 0 comments · May be fixed by #879

Comments

@ZLJasonG
Copy link

ZLJasonG commented Mar 9, 2022
edited
Loading

After importing a transcrypt module, various prototypes such as Array, String, Uint8Array are polluted with python specific helper functions. These appear to be coming from the org.transcrypt.runtime.js module such as

Array.prototype.extend = function (aList) {
    this.push.apply (this, aList);
};

Unfortunately these functions are listed as enumerable resulting in unexpected behaviour in external code ran later when its iterating even when the array wasn't created in the python code. Executing the following in the js console after simply importing the module

for( v in []){
   console.log(v)
}

results in all these items being output

_class__
__iter__
__getslice__
__setslice__
__repr__
__str__
append
py_clear
extend
insert
remove
index
py_pop
py_sort
__add__
__mul__
__rmul__
__bindexOf__
add
discard
isdisjoint
issuperset
issubset
union
intersection
difference
symmetric_difference
py_update
__eq__
__ne__
__le__
__ge__
__lt__
__gt__

Changing it to be defined as the following appears to resolve the issue and doesn't appear to impact the functionality in my test case

Object.defineProperty(Array.prototype, 'extend', {
	value: function (aList) {
		this.push.apply (this, aList);
	},
	enumerable: false,
	writable: true
})
JGreenlee added a commit to JGreenlee/Transcrypt that referenced this issue Aug 23, 2024
@JGreenlee
Prevent polluting prototypes with enumerable props
cf4ba0a 
Fixes TranscryptOrg#816
Assigning functions directly to the prototypes of Number, Array, String, etc., causes them to be enumerable, meaning they can show up in "for .. in .." loops and cause unexpected behavior!

Instead we can use `Object.defineProperty` (which we already have a helper for called `__setproperty__`. With this method, i) new props are non-enumerable by default, and ii) we can avoid unnecessarily reassigning the same methods, in case there are multiple instances of Transcrypt running.
JGreenlee added a commit to JGreenlee/Transcrypt that referenced this issue Aug 23, 2024
@JGreenlee
Prevent polluting prototypes with enumerable props
e5ba894 
Fixes TranscryptOrg#816
Assigning functions directly to the prototypes of Number, Array, String, etc., causes them to be enumerable, meaning they can show up in "for .. in .." loops and cause unexpected behavior!

Instead we can use `Object.defineProperty` (which we already have a helper for called `__setproperty__`. With this method, i) new props are non-enumerable by default, and ii) we can avoid unnecessarily reassigning the same methods, in case there are multiple instances of Transcrypt running.
@JGreenlee JGreenlee linked a pull request Aug 23, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Prevent polluting prototypes with enumerable props JGreenlee/Transcrypt
1 participant
@ZLJasonG