Skip to content

Commit

Permalink
fix: improve proto checking for hgetall [skip ci] (#1418)
Browse files Browse the repository at this point in the history
* fix: improve proto checking for hgetall

As mentioned in #1417

* Address feedbacks
  • Loading branch information
luin authored Aug 18, 2021
1 parent 0587353 commit cba83cb
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 4 deletions.
2 changes: 1 addition & 1 deletion lib/command.ts
Original file line number Diff line number Diff line change
Expand Up @@ -429,7 +429,7 @@ Command.setReplyTransformer("hgetall", function (result) {
for (let i = 0; i < result.length; i += 2) {
const key = result[i];
const value = result[i + 1];
if (obj[key]) {
if (key in obj) {
// can only be truthy if the property is special somehow, like '__proto__' or 'constructor'
// https://github.com/luin/ioredis/issues/1267
Object.defineProperty(obj, key, {
Expand Down
31 changes: 28 additions & 3 deletions test/functional/hgetall.ts
Original file line number Diff line number Diff line change
@@ -1,12 +1,37 @@
import Redis from "../../lib/redis";
import { expect } from "chai";

const CUSTOM_PROPERTY = "_myCustomProperty";

describe("hgetall", function () {
it("should handle __proto__", async function () {
beforeEach(function () {
Object.defineProperty(Object.prototype, CUSTOM_PROPERTY, {
value: false,
configurable: true,
enumerable: false,
writable: false,
});
});

afterEach(function () {
delete (Object.prototype as any)[CUSTOM_PROPERTY];
});

it("should handle special field names", async function () {
const redis = new Redis();
await redis.hset("test_key", "__proto__", "hello");
await redis.hmset(
"test_key",
"__proto__",
"hello",
CUSTOM_PROPERTY,
"world"
);
const ret = await redis.hgetall("test_key");
expect(ret.__proto__).to.eql("hello");
expect(Object.keys(ret)).to.eql(["__proto__"]);
expect(ret[CUSTOM_PROPERTY]).to.eql("world");
expect(Object.keys(ret).sort()).to.eql(
["__proto__", CUSTOM_PROPERTY].sort()
);
expect(Object.getPrototypeOf(ret)).to.eql(Object.prototype);
});
});

0 comments on commit cba83cb

Please sign in to comment.