Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Security bug about prototype pollution #805

Merged
merged 1 commit into from
Oct 13, 2021
Merged

fix: Security bug about prototype pollution #805

merged 1 commit into from
Oct 13, 2021
+907 −741

Conversation

sumeetkakkar
Copy link
Collaborator

Refer #804

@sumeetkakkar
Copy link
Collaborator Author 

$ npm run test

> [email protected] test /Users/.../dustjs
> grunt travis

Running "jasmine_nodejs:templates" (jasmine_nodejs) task

>> Executing 729 defined specs...
>> Done!


>> Successful!

Running "jasmine_nodejs:core" (jasmine_nodejs) task

>> Executing 24 defined specs...
>> Done!


>> Successful!

Running "jasmine_nodejs:cjs" (jasmine_nodejs) task

>> Executing 8 defined specs...
>> Done!


>> Successful!

Running "jasmine_nodejs:dustc" (jasmine_nodejs) task

>> Executing 15 defined specs...
>> Done!


>> Successful!

Done.

kumarrishav
kumarrishav reviewed Sep 20, 2021
View reviewed changes
test/core.spec.js
Object.prototype.MAL_CODE= [ malicious ];
const compiled = dust.compile('{username} is an important person.{~n}');
const tmpl = dust.loadSource(compiled);
dust.render(tmpl, { username: 'Jane Doe' }, (err, output) => {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how did we test this?
what should be the result of this test without the above fix

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It will execute curl 127.0.0.1 and the test fails

grawk
grawk approved these changes Oct 13, 2021
View reviewed changes
dist/dust-core.js
@@ -70,6 +70,9 @@
type = type || INFO;
if (loggingLevels[type] >= loggingLevels[dust.debugLevel]) {
log('[DUST:' + type + ']', message);
if (type === ERROR && dust.debugLevel === DEBUG && message instanceof Error && message.stack) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Were errors just logging [Object] or something like that before this change?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is generated file.
The primary code change I added is in https://github.com/linkedin/dustjs/pull/805/files#diff-544803892ac752aa674ffa81380c022af562eda776860d94eb5c2d3bdb59c99c

@sumeetkakkar sumeetkakkar merged commit db6d8b9 into linkedin:master Oct 13, 2021
@sumeetkakkar sumeetkakkar deleted the fix/proto-pollution branch October 13, 2021 23:53
This was referenced Dec 30, 2021
Open
Open
Open
Open
Open
@captainbarber99 captainbarber99 mentioned this pull request Nov 28, 2023
Open
@github-actions github-actions bot mentioned this pull request Jun 6, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kumarrishav kumarrishav kumarrishav approved these changes

@grawk grawk grawk approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sumeetkakkar @grawk @kumarrishav