Fix vulnerability where context could be impersonated by supplying wrong number of arguments

2022-04-07 20:36:04 +00:00
parent 58e00a9ca3
commit 97ce0ea9b5
3 changed files with 29 additions and 16 deletions
--- a/lib/jrpc.js
+++ b/lib/jrpc.js
@ -10334,6 +10334,8 @@ var TypescriptTarget = class extends CompileTarget {
      a(2, `let p: any[] = [];`);
      a(2, `if(Array.isArray(params)){`);
      a(3, `p = params;`);
+      a(3, `while(p.length < ${fnc.inputs.length})`);
+      a(4, `p.push(undefined)`);
      a(2, `} else {`);
      for (const param of fnc.inputs) {
        a(3, `p.push(params["${param.name}"])`);