diff options
| -rw-r--r-- | cli/js/compiler.ts | 6 | ||||
| -rw-r--r-- | cli/js/main.ts | 6 | ||||
| -rw-r--r-- | cli/tests/integration_tests.rs | 5 | ||||
| -rw-r--r-- | cli/tests/proto_exploit.js | 5 | ||||
| -rw-r--r-- | cli/tests/proto_exploit.js.out | 2 |
5 files changed, 24 insertions, 0 deletions
diff --git a/cli/js/compiler.ts b/cli/js/compiler.ts index 1dddd984c..914a0baf0 100644 --- a/cli/js/compiler.ts +++ b/cli/js/compiler.ts @@ -400,6 +400,12 @@ function bootstrapWasmCompilerRuntime(): void { globalThis.onmessage = wasmCompilerOnMessage; } +// Removes the `__proto__` for security reasons. This intentionally makes +// Deno non compliant with ECMA-262 Annex B.2.2.1 +// +// eslint-disable-next-line @typescript-eslint/no-explicit-any +delete (Object.prototype as any).__proto__; + Object.defineProperties(globalThis, { bootstrapWasmCompilerRuntime: { value: bootstrapWasmCompilerRuntime, diff --git a/cli/js/main.ts b/cli/js/main.ts index fbebfefe4..881d3ad4a 100644 --- a/cli/js/main.ts +++ b/cli/js/main.ts @@ -2,6 +2,12 @@ import { bootstrapMainRuntime } from "./runtime_main.ts"; import { bootstrapWorkerRuntime } from "./runtime_worker.ts"; +// Removes the `__proto__` for security reasons. This intentionally makes +// Deno non compliant with ECMA-262 Annex B.2.2.1 +// +// eslint-disable-next-line @typescript-eslint/no-explicit-any +delete (Object.prototype as any).__proto__; + Object.defineProperties(globalThis, { bootstrapMainRuntime: { value: bootstrapMainRuntime, diff --git a/cli/tests/integration_tests.rs b/cli/tests/integration_tests.rs index 0e6137782..75b8764ad 100644 --- a/cli/tests/integration_tests.rs +++ b/cli/tests/integration_tests.rs @@ -1426,6 +1426,11 @@ itest!(fix_js_imports { output: "fix_js_imports.ts.out", }); +itest!(proto_exploit { + args: "run proto_exploit.js", + output: "proto_exploit.js.out", +}); + #[test] fn cafile_fetch() { use deno::http_cache::url_to_filename; diff --git a/cli/tests/proto_exploit.js b/cli/tests/proto_exploit.js new file mode 100644 index 000000000..8bd22cfe5 --- /dev/null +++ b/cli/tests/proto_exploit.js @@ -0,0 +1,5 @@ +const payload = `{ "__proto__": null }`; +const obj = {}; +console.log("Before: " + obj); +Object.assign(obj, JSON.parse(payload)); +console.log("After: " + obj); diff --git a/cli/tests/proto_exploit.js.out b/cli/tests/proto_exploit.js.out new file mode 100644 index 000000000..fde881dc5 --- /dev/null +++ b/cli/tests/proto_exploit.js.out @@ -0,0 +1,2 @@ +Before: [object Object] +After: [object Object] |