Remove Object.prototype.__proto__ (#4341)

author: Kitson Kelly <me@kitsonkelly.com> 2020-03-15 21:34:22 +1100
committer: GitHub <noreply@github.com> 2020-03-15 11:34:22 +0100
commit: 2f4be6e9441c7d5b0afd0d37dccd48d3057bcd3f (patch)
tree: 550a6eae50fc99029c97518af338d0ed3e50206d /cli/tests
parent: 64a35acd64f4a9aedfb52f6b364c229c6f7e4090 (diff)
3 files changed, 12 insertions, 0 deletions
diff --git a/cli/tests/integration_tests.rs b/cli/tests/integration_tests.rs
index 0e6137782..75b8764ad 100644
--- a/cli/tests/integration_tests.rs
+++ b/cli/tests/integration_tests.rs
@@ -1426,6 +1426,11 @@ itest!(fix_js_imports {
   output: "fix_js_imports.ts.out",
 });
 
+itest!(proto_exploit {
+  args: "run proto_exploit.js",
+  output: "proto_exploit.js.out",
+});
+
 #[test]
 fn cafile_fetch() {
   use deno::http_cache::url_to_filename;
diff --git a/cli/tests/proto_exploit.js b/cli/tests/proto_exploit.js
new file mode 100644
index 000000000..8bd22cfe5
--- /dev/null
+++ b/cli/tests/proto_exploit.js
@@ -0,0 +1,5 @@
+const payload = `{ "__proto__": null }`;
+const obj = {};
+console.log("Before: " + obj);
+Object.assign(obj, JSON.parse(payload));
+console.log("After: " + obj);
diff --git a/cli/tests/proto_exploit.js.out b/cli/tests/proto_exploit.js.out
new file mode 100644
index 000000000..fde881dc5
--- /dev/null
+++ b/cli/tests/proto_exploit.js.out
@@ -0,0 +1,2 @@
+Before: [object Object]
+After: [object Object]
author	Kitson Kelly <me@kitsonkelly.com>	2020-03-15 21:34:22 +1100
committer	GitHub <noreply@github.com>	2020-03-15 11:34:22 +0100
commit	2f4be6e9441c7d5b0afd0d37dccd48d3057bcd3f (patch)
tree	550a6eae50fc99029c97518af338d0ed3e50206d /cli/tests
parent	64a35acd64f4a9aedfb52f6b364c229c6f7e4090 (diff)