fix(legacy): Prevent prototype pollution (global property) from crashing sidecar merges

nellh commented 4 months ago

This avoids the loop iterating over non-enumerable properties of jsonObject.

codecov[bot] commented 4 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 88.46%. Comparing base (53fdba6) to head (ff91e2e).

Additional details and impacted files

```diff @@ Coverage Diff @@ ## master #2015 +/- ## ========================================== + Coverage 85.68% 88.46% +2.77% ========================================== Files 91 41 -50 Lines 3792 2565 -1227 Branches 1220 305 -915 ========================================== - Hits 3249 2269 -980 + Misses 457 291 -166 + Partials 86 5 -81 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

effigies commented 4 months ago

ChatGPT's suggestion:

describe('Object pollution test', () => {
  beforeAll(() => {
    // Simulate the polluting library
    Object.defineProperty(Object.prototype, 'global', {
      get: function() {
        return globalThis;
      },
      configurable: true
    });
  });

  afterAll(() => {
    // Clean up the pollution
    delete Object.prototype.global;
  });

  test('should handle maps with global key correctly', () => {
    const myMap = new Map();
    const globalKey = 'global';

    expect(() => {
      myMap.set(globalKey, 'someValue');
    }).not.toThrow();

    expect(myMap.get(globalKey)).toBe('someValue');
  });

  // Additional tests to verify your patch
});

bids-standard / legacy-validator

fix(legacy): Prevent prototype pollution (global property) from crashing sidecar merges #2015

Codecov Report