Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[vulnerability][acl] Any properties can be read via ObjectPattern assignments #327

Closed
t2ym opened this issue Feb 5, 2020 · 0 comments
Closed

[vulnerability][acl] Any properties can be read via ObjectPattern assignments #327

t2ym opened this issue Feb 5, 2020 · 0 comments
Labels
vulnerability

Comments

@t2ym
Copy link
Owner

t2ym commented Feb 5, 2020
edited
Loading

[vulnerability][acl] Any properties can be read via ObjectPattern assignments

Root Cause

  • Hooking for all property access is missing for RHS value of ObjectPattern

Reproducible Code

let { caches, ...rest } = window;
let [ ...elements ] = [ 1, 2, 3 ];
({ caches } = window); // [S_ALL] for window must not be allowed
// caches.open() throws even without the below fix

Fix

  • Hook each RHS value of ObjectPattern and ArrayPattern in VariableDeclarator and AssignmentExpression with "*" operation for checking iteration over all properties of the target object

Notes

  • All RHS values for ObjectPattern and ArrayPattern whose all properties can be POTENTIALLY read are hooked even if no RestProperty({...rest}) nor RestElement([...elements]) are specified at their LHS expressions.
    • It might be ideal to list up all the specified target property names for ACL, which would be too much complicated.
  • [S_ALL] policy must be properly configured to limit access to the target object properties.
t2ym added a commit that referenced this issue Feb 5, 2020
@t2ym
[test] Update tests for Fix #327 Hook RHS values of ObjectPattern and…
4778578 
… ArrayPattern for checking all property access
t2ym added a commit that referenced this issue Feb 5, 2020
@t2ym
0.4.0-alpha.5 [README] Update README for [vulnerability][acl] Fix #327
c14a605 
…Hook RHS values of ObjectPattern and ArrayPattern for checking all property access
t2ym added a commit that referenced this issue Feb 5, 2020
@t2ym
0.4.0-alpha.5 [vulnerability][acl] Fix #327 Hook RHS values of Object…
8b7bf31 
…Pattern and ArrayPattern for checking all property access
@t2ym t2ym closed this as completed in 7b4301e Feb 5, 2020
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
vulnerability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@t2ym