From 97ce0ea9b586250e5f2348ce7056f41fe5b70a6d Mon Sep 17 00:00:00 2001
From: Fabian Stamm <dev@fabianstamm.de>
Date: Thu, 7 Apr 2022 20:36:04 +0000
Subject: [PATCH] Fix vulnerability where context could be impersonated by
 supplying wrong number of arguments

---
 lib/jrpc.js               |  2 ++
 package.json              |  2 +-
 src/targets/typescript.ts | 41 +++++++++++++++++++++++++--------------
 3 files changed, 29 insertions(+), 16 deletions(-)

diff --git a/lib/jrpc.js b/lib/jrpc.js
index b6012bb..557bbdb 100755
--- a/lib/jrpc.js
+++ b/lib/jrpc.js
@@ -10334,6 +10334,8 @@ var TypescriptTarget = class extends CompileTarget {
       a(2, `let p: any[] = [];`);
       a(2, `if(Array.isArray(params)){`);
       a(3, `p = params;`);
+      a(3, `while(p.length < ${fnc.inputs.length})`);
+      a(4, `p.push(undefined)`);
       a(2, `} else {`);
       for (const param of fnc.inputs) {
         a(3, `p.push(params["${param.name}"])`);
diff --git a/package.json b/package.json
index 8696d0a..8013282 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
    "name": "@hibas123/jrpcgen",
-   "version": "1.0.29",
+   "version": "1.0.30",
    "main": "lib/index.js",
    "license": "MIT",
    "packageManager": "yarn@3.1.1",
diff --git a/src/targets/typescript.ts b/src/targets/typescript.ts
index 6a903a5..a8103d0 100644
--- a/src/targets/typescript.ts
+++ b/src/targets/typescript.ts
@@ -16,7 +16,7 @@ const conversion = {
    number: "number",
    string: "string",
    void: "void",
-   bytes: "Uint8Array"
+   bytes: "Uint8Array",
 };
 
 function toJSType(type: string): string {
@@ -52,10 +52,7 @@ export class TypescriptTarget extends CompileTarget {
       a(
          0,
          def.depends.map((dep) =>
-            this.generateImport(
-               `${dep}, { apply_${dep} }`,
-               "./" + dep
-            )
+            this.generateImport(`${dep}, { apply_${dep} }`, "./" + dep)
          )
       );
    }
@@ -128,17 +125,29 @@ export class TypescriptTarget extends CompileTarget {
          `export function apply_${def.name}(data: ${def.name}): ${def.name} {`
       );
       {
-         a(1, `if(typeof data !== "object") throw new VerificationError("${def.name}", undefined, data);`)
+         a(
+            1,
+            `if(typeof data !== "object") throw new VerificationError("${def.name}", undefined, data);`
+         );
          a(1, `let res = new ${def.name}() as any;`);
          def.fields.forEach((field) => {
-            a(1, `if(data["${field.name}"] !== null && data["${field.name}"] !== undefined) {`)
+            a(
+               1,
+               `if(data["${field.name}"] !== null && data["${field.name}"] !== undefined) {`
+            );
             if (field.array) {
-               a(2, `if(!Array.isArray(data["${field.name}"])) throw new VerificationError("array", "${field.name}", data["${field.name}"]);`)
+               a(
+                  2,
+                  `if(!Array.isArray(data["${field.name}"])) throw new VerificationError("array", "${field.name}", data["${field.name}"]);`
+               );
                a(2, `res["${field.name}"] = data["${field.name}"].map(elm=>`);
                a(3, `apply_${field.type}(elm)`);
                a(2, `)`);
             } else if (field.map) {
-               a(2, `if(typeof data["${field.name}"] !== "object") throw new VerificationError("map", "${field.name}", data["${field.name}"]);`)
+               a(
+                  2,
+                  `if(typeof data["${field.name}"] !== "object") throw new VerificationError("map", "${field.name}", data["${field.name}"]);`
+               );
                a(2, `res["${field.name}"] = {}`);
                a(
                   2,
@@ -255,7 +264,7 @@ export class TypescriptTarget extends CompileTarget {
          // }
 
          if (!fnc.return) {
-            a(1, `${fnc.name}(${params}): void {`);1
+            a(1, `${fnc.name}(${params}): void {`);
             a(2, `this._provider.sendMessage({`);
             a(3, `jsonrpc: "2.0",`);
             a(3, `method: "${def.name}.${fnc.name}",`);
@@ -361,6 +370,8 @@ export class TypescriptTarget extends CompileTarget {
          a(2, `let p: any[] = [];`);
          a(2, `if(Array.isArray(params)){`);
          a(3, `p = params;`);
+         a(3, `while(p.length < ${fnc.inputs.length})`);
+         a(4, `p.push(undefined)`);
          a(2, `} else {`);
          for (const param of fnc.inputs) {
             a(3, `p.push(params["${param.name}"])`);
@@ -383,7 +394,10 @@ export class TypescriptTarget extends CompileTarget {
          a(2, ``);
          a(2, `p.push(ctx);`);
 
-         a(2, `//@ts-ignore This will cause a typescript error when strict checking, since p is not a tuple`)
+         a(
+            2,
+            `//@ts-ignore This will cause a typescript error when strict checking, since p is not a tuple`
+         );
          a(
             2,
             `return this.${fnc.name}.call(this, ...p)` + //TODO: Refactor. This line is way to compicated for anyone to understand, including me
@@ -466,10 +480,7 @@ export class TypescriptTarget extends CompileTarget {
                      "./" + def.name
                   )
                );
-               a(
-                  0,
-                  `export { ${def.name}, apply_${def.name} }`
-               );
+               a(0, `export { ${def.name}, apply_${def.name} }`);
                a(0, ``);
                break;