File tree 2 files changed +18
-0
lines changed
2 files changed +18
-0
lines changed Original file line number Diff line number Diff line change @@ -153,6 +153,12 @@ function parsePlistXML (node) {
153153 if ( isEmptyNode ( node ) ) {
154154 return '' ;
155155 }
156+
157+ invariant (
158+ node . childNodes [ 0 ] . nodeValue !== '__proto__' ,
159+ '__proto__ keys can lead to prototype pollution. More details on CVE-2022-22912'
160+ ) ;
161+
156162 return node . childNodes [ 0 ] . nodeValue ;
157163 } else if ( node . nodeName === 'string' ) {
158164 res = '' ;
Original file line number Diff line number Diff line change @@ -187,6 +187,18 @@ U=</data>
187187 ) ;
188188 assert . deepEqual ( parsed , { a : { a1 : true } } ) ;
189189 } ) ;
190+
191+ /* Test to protect against CVE-2022-22912 */
192+ it ( 'should throw if key value is __proto__' , function ( ) {
193+ assert . throws ( function ( ) {
194+ parseFixture ( '<dict><key>__proto__</key><dict><key>length</key><string>polluted</string></dict></dict>' ) ;
195+ } ) ;
196+
197+ // adding backslash should still be protected.
198+ assert . throws ( function ( ) {
199+ parseFixture ( '<dict><key>_\_proto_\_</key><dict><key>length</key><string>polluted</string></dict></dict>' ) ;
200+ } ) ;
201+ } ) ;
190202 } ) ;
191203
192204 describe ( 'integration' , function ( ) {
You can’t perform that action at this time.
0 commit comments