jiangcuo/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-05-02 03:31:35 +00:00
Code Issues Actions 26 Packages Projects Releases Wiki Activity
37,371 Commits 67 Branches 878 Tags 2.1 GiB
eb32a8443a
Commit Graph

7 Commits

Author SHA1 Message Date
Antoine du Hamel
eb32a8443a
lib: add lint rule to protect against Object.prototype.then pollution 
PR-URL: https://github.com/nodejs/node/pull/45061
Reviewed-By: Jacob Smith <jacob@frende.me>
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Minwoo Jung <nodecorelab@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
 2022-10-21 03:12:03 +00:00
Bradley Farias
87cdf7d412
util: add MIME utilities (#21128) 
Co-authored-by: Rich Trott <rtrott@gmail.com>
Co-authored-by: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/21128
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Robert Nagy <ronagy@icloud.com>
Reviewed-By: Jacob Smith <jacob@frende.me>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Geoffrey Booth <webadmin@geoffreybooth.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
 2022-10-19 04:26:16 +02:00
Antoine du Hamel
14000517b4
tools: refactor avoid-prototype-pollution lint rule 
The lint rule was not catching all occurences of unsafe primordials use,
and was too strict on some methods.

PR-URL: https://github.com/nodejs/node/pull/43476
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
 2022-08-27 11:37:04 +02:00
Antoine du Hamel
d7f193434a
lib: add Promise methods to avoid-prototype-pollution lint rule 
PR-URL: https://github.com/nodejs/node/pull/43849
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
 2022-07-26 23:38:24 +01:00
Antoine du Hamel
358008f473
tools,doc: add guards against prototype pollution when creating proxies 
PR-URL: https://github.com/nodejs/node/pull/43391
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: LiviaMedeiros <livia@cirno.name>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
 2022-06-16 00:26:48 +02:00
Antoine du Hamel
9119382555
tools: report unsafe string and regex primordials as lint errors 
| The string method             | looks up the property |
| ----------------------------- | --------------------- |
| `String.prototype.match`      | `Symbol.match`        |
| `String.prototype.matchAll`   | `Symbol.matchAll`     |
| `String.prototype.replace`    | `Symbol.replace`      |
| `String.prototype.replaceAll` | `Symbol.replace`      |
| `String.prototype.search`     | `Symbol.search`       |
| `String.prototype.split`      | `Symbol.split`        |

Functions that lookup the `exec` property on the prototype chain:

* `RegExp.prototype[Symbol.match]`
* `RegExp.prototype[Symbol.matchAll]`
* `RegExp.prototype[Symbol.replace]`
* `RegExp.prototype[Symbol.search]`
* `RegExp.prototype[Symbol.split]`
* `RegExp.prototype.test`

`RegExp.prototype[Symbol.replace]` and `RegExp.prototype[Symbol.split]`
are still allowed for a lack of a better solution.

PR-URL: https://github.com/nodejs/node/pull/43393
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
 2022-06-16 00:21:57 +02:00
Antoine du Hamel
93728c60d2
tools: add avoid-prototype-pollution lint rule 
PR-URL: https://github.com/nodejs/node/pull/43308
Reviewed-By: Rich Trott <rtrott@gmail.com>
 2022-06-11 14:45:31 +01:00