Skip to content

Commit

Permalink
🚑 fix JSON prototype pollution
Browse files Browse the repository at this point in the history 
DEV-389
  • Loading branch information
@o4kapuk
o4kapuk committed Jan 1, 2024
1 parent 7ee5b8e commit fdc885c
Showing 1 changed file with 5 additions and 3 deletions.
8 changes: 5 additions & 3 deletions src/game/game.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,9 @@
market = require('./market'),
customPrototypes = require('./custom-prototypes'),
bindFunction = Function.call.bind(Function.bind),
objectCreate = Object.create;
objectCreate = Object.create,
jsonStringify = JSON.stringify,
jsonParse = JSON.parse;

var findCacheFn = {
[C.FIND_CREEPS]: (i) => !i.spawning,
Expand Down Expand Up @@ -165,7 +167,7 @@
progressTotal: Math.pow(gplLevel+1, 2) * 1000 - gplBaseProgress
},
market: {},
resources: JSON.parse(JSON.stringify(runtimeData.user.resources||{})),
resources: jsonParse(jsonStringify(runtimeData.user.resources||{})),
getObjectById(id) {
return register._objects[id] || null;
},
Expand Down Expand Up @@ -430,7 +432,7 @@

game.market = register.market = market.make(runtimeData, intents, register);

_.extend(globals, JSON.parse(JSON.stringify(C)));
_.extend(globals, jsonParse(jsonStringify(C)));

return game;
};
Expand Down

0 comments on commit fdc885c

Please # to comment.