Skip to content

Commit

Permalink
fix(security): prevent prototype pollution in memory store (#397)
Browse files Browse the repository at this point in the history
  • Loading branch information
mhamann authored Apr 10, 2022
1 parent 218059e commit feaba56
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 1 deletion.
2 changes: 1 addition & 1 deletion lib/nconf/stores/memory.js
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ Memory.prototype.set = function (key, value) {
//
while (path.length > 1) {
key = path.shift();
if (!target[key] || typeof target[key] !== 'object') {
if (!target[key] || typeof target[key] !== 'object' || !Object.hasOwnProperty.call(target, key)) {
target[key] = {};
}

Expand Down
7 changes: 7 additions & 0 deletions test/stores/memory-store-test.js
Original file line number Diff line number Diff line change
Expand Up @@ -121,5 +121,12 @@ vows.describe('nconf/stores/memory').addBatch({
assert.equal(store.get('foo').bar.bazz, 'buzz');
}
}
},
"When attempting prototype pollution": {
topic: new nconf.Memory(),
"should not be able to pollute the prototype": function (store) {
store.set('__proto__:polluted', 'yes');
assert.equal({}.polluted, undefined);
}
}
}).export(module);

0 comments on commit feaba56

Please sign in to comment.