minimist
Advanced tools
Comparing version 1.2.5 to 1.2.6
@@ -73,3 +73,3 @@ module.exports = function (args, opts) { | ||
| var key = keys[i]; | ||
| if (key === '__proto__') return; | ||
| if (isConstructorOrProto(o, key)) return; | ||
| if (o[key] === undefined) o[key] = {}; | ||
@@ -83,3 +83,3 @@ if (o[key] === Object.prototype || o[key] === Number.prototype | ||
| var key = keys[keys.length - 1]; | ||
| if (key === '__proto__') return; | ||
| if (isConstructorOrProto(o, key)) return; | ||
| if (o === Object.prototype || o === Number.prototype | ||
@@ -248,1 +248,5 @@ || o === String.prototype) o = {}; | ||
| function isConstructorOrProto (obj, key) { | ||
| return key === 'constructor' && typeof obj[key] === 'function' || key === '__proto__'; | ||
| } |
| { | ||
| "name": "minimist", | ||
| "version": "1.2.5", | ||
| "version": "1.2.6", | ||
| "description": "parse argument options", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -45,1 +45,17 @@ var parse = require('../'); | ||
| }); | ||
| test('proto pollution (constructor function)', function (t) { | ||
| var argv = parse(['--_.concat.constructor.prototype.y', '123']); | ||
| function fnToBeTested() {} | ||
| t.equal(fnToBeTested.y, undefined); | ||
| t.equal(argv.y, undefined); | ||
| t.end(); | ||
| }); | ||
| // powered by snyk - https://github.com/backstage/backstage/issues/10343 | ||
| test('proto pollution (constructor function) snyk', function (t) { | ||
| var argv = parse('--_.constructor.constructor.prototype.foo bar'.split(' ')); | ||
| t.equal((function(){}).foo, undefined); | ||
| t.equal(argv.y, undefined); | ||
| t.end(); | ||
| }) |
Sorry, the diff of this file is not supported yet
No alert changes
Improved metrics
- Total package byte prevSize
- increased by2.53%
33202
- Lines of code
- increased by1.8%
959
- Number of lines in readme file
- increased by3.13%
99
No dependency changes