hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: vulnerability in socket.io nested namespaces (#11117)

Browse Source
isekai-main
Barış Soner Uşaklı 2 years ago committed by GitHub
parent 1ea9481af6
commit 586eed1407
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File

2
src/socket.io/index.js
Unescape Escape View File

@ -123,7 +123,7 @@ async function onMessage(socket, payload) {
const parts = eventName.toString().split('.');
const namespace = parts[0];
const methodToCall = parts.reduce((prev, cur) => {
if (prev !== null && prev[cur]) {
if (prev !== null && prev[cur] && (!prev.hasOwnProperty || prev.hasOwnProperty(cur))) {
return prev[cur];
}
return null;

16
test/socket.io.js
Unescape Escape View File

@ -91,6 +91,22 @@ describe('socket.io', () => {
});
});
it('should return error for unknown event', (done) => {
io.emit('user.gdpr.__proto__.constructor.toString', (err) => {
assert(err);
assert.equal(err.message, '[[error:invalid-event, user.gdpr.__proto__.constructor.toString]]');
done();
});
});
it('should return error for unknown event', (done) => {
io.emit('constructor.toString', (err) => {
assert(err);
assert.equal(err.message, '[[error:invalid-event, constructor.toString]]');
done();
});
});
it('should get installed themes', (done) => {
const themes = ['nodebb-theme-lavender', 'nodebb-theme-persona', 'nodebb-theme-vanilla'];
io.emit('admin.themes.getInstalled', (err, data) => {

Write Preview
Loading…
Cancel
Save