-
-
Notifications
You must be signed in to change notification settings - Fork 90
/
pollution.test.js
70 lines (58 loc) · 2.38 KB
/
pollution.test.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
import addedDiff from "../src/added";
import updatedDiff from "../src/updated";
import diff from "../src/diff";
import deletedDiff from "../src/deleted";
describe("Prototype pollution", () => {
describe("diff", () => {
test("should not pollute returned diffs prototype", () => {
const l = { role: "user" };
const r = JSON.parse('{ "role": "user", "__proto__": { "role": "admin" } }');
const difference = diff(l, r);
expect(l.role).toBe("user");
expect(r.role).toBe("user");
expect(difference.role).toBeUndefined();
});
test("should not pollute returned diffs prototype on nested diffs", () => {
const l = { about: { role: "user" } };
const r = JSON.parse('{ "about": { "__proto__": { "role": "admin" } } }');
const difference = addedDiff(l, r);
expect(l.about.role).toBe("user");
expect(r.about.role).toBeUndefined();
expect(difference.about.role).toBeUndefined();
});
});
describe("addedDiff", () => {
test("addedDiff should not pollute returned diffs prototype", () => {
const l = { role: "user" };
const r = JSON.parse('{ "__proto__": { "role": "admin" } }');
const difference = addedDiff(l, r);
expect(l.role).toBe("user");
expect(r.role).toBeUndefined();
expect(difference.role).toBeUndefined();
});
test("should not pollute returned diffs prototype on nested diffs", () => {
const l = { about: { role: "user" } };
const r = JSON.parse('{ "about": { "__proto__": { "role": "admin" } } }');
const difference = addedDiff(l, r);
expect(l.about.role).toBe("user");
expect(r.about.role).toBeUndefined();
expect(difference.about.role).toBeUndefined();
});
});
test("updatedDiff should not pollute returned diffs prototype", () => {
const l = { role: "user" };
const r = JSON.parse('{ "role": "user", "__proto__": { "role": "admin" } }');
const difference = updatedDiff(l, r);
expect(l.role).toBe("user");
expect(r.role).toBe("user");
expect(difference.role).toBeUndefined();
});
test("deletedDiff should not pollute returned diffs prototype", () => {
const l = { role: "user" };
const r = JSON.parse('{ "__proto__": { "role": "admin" } }');
const difference = deletedDiff(l, r);
expect(l.role).toBe("user");
expect(r.role).toBeUndefined();
expect(difference.role).toBeUndefined();
});
});