Skip to content

Commit

Permalink
fix(object-id): harden the duck-typing
Browse files Browse the repository at this point in the history 
The insufficient validation may otherwise lead to type confusions.

REF: NODE-2618
Signed-off-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
  • Loading branch information
@das7pad
das7pad authored Aug 9, 2020
1 parent 6e782da commit b526145
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions lib/bson/objectid.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ var ObjectID = function ObjectID(id) {
} else if (id != null && id.length === 12) {
// assume 12 byte string
this.id = id;
} else if (id != null && id.toHexString) {
} else if (id != null && typeof id.toHexString === 'function') {
// Duck-typing to support ObjectId from different npm packages
return id;
} else {
Expand Down Expand Up @@ -357,7 +357,10 @@ ObjectID.isValid = function isValid(id) {
}

// Duck-Typing detection of ObjectId like objects
if (id.toHexString) {
if (
typeof id.toHexString === 'function' &&
(id.id instanceof _Buffer || typeof id.id === 'string')
) {
return id.id.length === 12 || (id.id.length === 24 && checkForHexRegExp.test(id.id));
}

Expand Down

0 comments on commit b526145

Please sign in to comment.