Fix CVE-2022-24999
(cherry picked from commit f62d633f73752801030dd43fd282898334e44eb1)
This commit is contained in:
wk333
openeuler-sync-bot
parent
946da65755
commit
54eaeb0fa9
96
CVE-2022-24999.patch
Normal file
96
CVE-2022-24999.patch
Normal file
@ -0,0 +1,96 @@
|
|||||||
|
From 8b4cc14cda94a5c89341b77e5fe435ec6c41be2d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jordan Harband <ljharb@gmail.com>
|
||||||
|
Date: Mon, 27 Dec 2021 19:15:57 -0800
|
||||||
|
Subject: [PATCH] [Fix] `parse`: ignore `__proto__` keys
|
||||||
|
|
||||||
|
Origin: https://github.com/ljharb/qs/pull/428
|
||||||
|
|
||||||
|
---
|
||||||
|
lib/parse.js | 2 +-
|
||||||
|
test/parse.js | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||||
|
2 files changed, 61 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/lib/parse.js b/lib/parse.js
|
||||||
|
index c833315c..a4ac4fa0 100644
|
||||||
|
--- a/lib/parse.js
|
||||||
|
+++ b/lib/parse.js
|
||||||
|
@@ -136,7 +136,7 @@ var parseObject = function (chain, val, options, valuesParsed) {
|
||||||
|
) {
|
||||||
|
obj = [];
|
||||||
|
obj[index] = leaf;
|
||||||
|
- } else {
|
||||||
|
+ } else if (cleanRoot !== '__proto__') {
|
||||||
|
obj[cleanRoot] = leaf;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
diff --git a/test/parse.js b/test/parse.js
|
||||||
|
index 7a3cfdef..7d61023e 100644
|
||||||
|
--- a/test/parse.js
|
||||||
|
+++ b/test/parse.js
|
||||||
|
@@ -629,6 +629,66 @@ test('parse()', function (t) {
|
||||||
|
st.end();
|
||||||
|
});
|
||||||
|
|
||||||
|
+ t.test('dunder proto is ignored', function (st) {
|
||||||
|
+ var payload = 'categories[__proto__]=login&categories[__proto__]&categories[length]=42';
|
||||||
|
+ var result = qs.parse(payload, { allowPrototypes: true });
|
||||||
|
+
|
||||||
|
+ st.deepEqual(
|
||||||
|
+ result,
|
||||||
|
+ {
|
||||||
|
+ categories: {
|
||||||
|
+ length: '42'
|
||||||
|
+ }
|
||||||
|
+ },
|
||||||
|
+ 'silent [[Prototype]] payload'
|
||||||
|
+ );
|
||||||
|
+
|
||||||
|
+ var plainResult = qs.parse(payload, { allowPrototypes: true, plainObjects: true });
|
||||||
|
+
|
||||||
|
+ st.deepEqual(
|
||||||
|
+ plainResult,
|
||||||
|
+ {
|
||||||
|
+ __proto__: null,
|
||||||
|
+ categories: {
|
||||||
|
+ __proto__: null,
|
||||||
|
+ length: '42'
|
||||||
|
+ }
|
||||||
|
+ },
|
||||||
|
+ 'silent [[Prototype]] payload: plain objects'
|
||||||
|
+ );
|
||||||
|
+
|
||||||
|
+ var query = qs.parse('categories[__proto__]=cats&categories[__proto__]=dogs&categories[some][json]=toInject', { allowPrototypes: true });
|
||||||
|
+
|
||||||
|
+ st.notOk(Array.isArray(query.categories), 'is not an array');
|
||||||
|
+ st.notOk(query.categories instanceof Array, 'is not instanceof an array');
|
||||||
|
+ st.deepEqual(query.categories, { some: { json: 'toInject' } });
|
||||||
|
+ st.equal(JSON.stringify(query.categories), '{"some":{"json":"toInject"}}', 'stringifies as a non-array');
|
||||||
|
+
|
||||||
|
+ st.deepEqual(
|
||||||
|
+ qs.parse('foo[__proto__][hidden]=value&foo[bar]=stuffs', { allowPrototypes: true }),
|
||||||
|
+ {
|
||||||
|
+ foo: {
|
||||||
|
+ bar: 'stuffs'
|
||||||
|
+ }
|
||||||
|
+ },
|
||||||
|
+ 'hidden values'
|
||||||
|
+ );
|
||||||
|
+
|
||||||
|
+ st.deepEqual(
|
||||||
|
+ qs.parse('foo[__proto__][hidden]=value&foo[bar]=stuffs', { allowPrototypes: true, plainObjects: true }),
|
||||||
|
+ {
|
||||||
|
+ __proto__: null,
|
||||||
|
+ foo: {
|
||||||
|
+ __proto__: null,
|
||||||
|
+ bar: 'stuffs'
|
||||||
|
+ }
|
||||||
|
+ },
|
||||||
|
+ 'hidden values: plain objects'
|
||||||
|
+ );
|
||||||
|
+
|
||||||
|
+ st.end();
|
||||||
|
+ });
|
||||||
|
+
|
||||||
|
t.test('can return null objects', { skip: !Object.create }, function (st) {
|
||||||
|
var expected = Object.create(null);
|
||||||
|
expected.a = Object.create(null);
|
||||||
@ -2,11 +2,12 @@
|
|||||||
%global enable_tests 1
|
%global enable_tests 1
|
||||||
Name: nodejs-qs
|
Name: nodejs-qs
|
||||||
Version: 6.5.1
|
Version: 6.5.1
|
||||||
Release: 1
|
Release: 2
|
||||||
Summary: Query string parser for Node.js
|
Summary: Query string parser for Node.js
|
||||||
License: BSD
|
License: BSD
|
||||||
URL: https://github.com/ljharb/qs
|
URL: https://github.com/ljharb/qs
|
||||||
Source0: https://registry.npmjs.org/qs/-/qs-%{version}.tgz
|
Source0: https://registry.npmjs.org/qs/-/qs-%{version}.tgz
|
||||||
|
Patch0: CVE-2022-24999.patch
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
ExclusiveArch: %{nodejs_arches} noarch
|
ExclusiveArch: %{nodejs_arches} noarch
|
||||||
BuildRequires: nodejs-packaging
|
BuildRequires: nodejs-packaging
|
||||||
@ -21,7 +22,7 @@ commonly desired behavior (and twice as fast). Used by express, connect
|
|||||||
and others.
|
and others.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n package
|
%autosetup -n package -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
|
||||||
@ -45,5 +46,8 @@ install -p -m644 lib/*.js %{buildroot}%{nodejs_sitelib}/qs/lib
|
|||||||
%{nodejs_sitelib}/qs
|
%{nodejs_sitelib}/qs
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Mar 26 2024 wangkai <13474090681@163.com> - 6.5.1-2
|
||||||
|
- Fix CVE-2022-24999
|
||||||
|
|
||||||
* Fri Aug 14 2020 wangyue <wangyue92@huawei.com> - 6.5.1-1
|
* Fri Aug 14 2020 wangyue <wangyue92@huawei.com> - 6.5.1-1
|
||||||
- Package init
|
- Package init
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user