Look up HostObject computed properties on the right object in the pro…

…totype chain. Summary: The change in the hermes repository fixes the security vulnerability CVE-2020-1911. This vulnerability only affects applications which allow evaluation of uncontrolled, untrusted JavaScript code not shipped with the app, so React Native apps will generally not be affected. This revision includes a test for the bug. The test is generic JSI code, so it is included in the hermes and react-native repositories. Changelog: [Internal] Reviewed By: tmikov Differential Revision: D23322992 (0dee0e6) fbshipit-source-id: 4e88c974afe1ad33a263f9cac03e9dc98d33649a
facebook · Aug 26, 2020 · 525e55f · 525e55f
1 parent 1270873
commit 525e55f
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/ReactCommon/jsi/jsi/test/testlib.cpp b/ReactCommon/jsi/jsi/test/testlib.cpp
@@ -394,6 +394,23 @@ TEST_P(JSITest, HostObjectTest) {
                    .getBool());
 }
 
+TEST_P(JSITest, HostObjectProtoTest) {
+  class ProtoHostObject : public HostObject {
+    Value get(Runtime& rt, const PropNameID&) override {
+      return String::createFromAscii(rt, "phoprop");
+    }
+  };
+
+  rt.global().setProperty(
+      rt,
+      "pho",
+      Object::createFromHostObject(rt, std::make_shared<ProtoHostObject>()));
+
+  EXPECT_EQ(
+      eval("({__proto__: pho})[Symbol.toPrimitive]").getString(rt).utf8(rt),
+      "phoprop");
+}
+
 TEST_P(JSITest, ArrayTest) {
   eval("x = {1:2, '3':4, 5:'six', 'seven':['eight', 'nine']}");