search

TranscryptOrg / Transcrypt

Python 3.9 to JavaScript compiler - Lean, fast, open!
https://www.transcrypt.org
Apache License 2.0
2.82k stars 215 forks source link

Prototype pollution #816

Open ZLJasonG opened 2 years ago

ZLJasonG commented 2 years ago

After importing a transcrypt module, various prototypes such as Array, String, Uint8Array are polluted with python specific helper functions. These appear to be coming from the org.transcrypt.runtime.js module such as

Array.prototype.extend = function (aList) {
    this.push.apply (this, aList);
};

Unfortunately these functions are listed as enumerable resulting in unexpected behaviour in external code ran later when its iterating even when the array wasn't created in the python code. Executing the following in the js console after simply importing the module

for( v in []){
    console.log(v)
}

results in all these items being output

_class__
__iter__
__getslice__
__setslice__
__repr__
__str__
append
py_clear
extend
insert
remove
index
py_pop
py_sort
__add__
__mul__
__rmul__
__bindexOf__
add
discard
isdisjoint
issuperset
issubset
union
intersection
difference
symmetric_difference
py_update
__eq__
__ne__
__le__
__ge__
__lt__
__gt__

Changing it to be defined as the following appears to resolve the issue and doesn't appear to impact the functionality in my test case

Object.defineProperty(Array.prototype, 'extend', {
    value: function (aList) {
        this.push.apply (this, aList);
    },
    enumerable: false,
    writable: true
})