Fix vulnerability where context could be impersonated by supplying wrong number of arguments
This commit is contained in:
parent
58e00a9ca3
commit
97ce0ea9b5
@ -10334,6 +10334,8 @@ var TypescriptTarget = class extends CompileTarget {
|
|||||||
a(2, `let p: any[] = [];`);
|
a(2, `let p: any[] = [];`);
|
||||||
a(2, `if(Array.isArray(params)){`);
|
a(2, `if(Array.isArray(params)){`);
|
||||||
a(3, `p = params;`);
|
a(3, `p = params;`);
|
||||||
|
a(3, `while(p.length < ${fnc.inputs.length})`);
|
||||||
|
a(4, `p.push(undefined)`);
|
||||||
a(2, `} else {`);
|
a(2, `} else {`);
|
||||||
for (const param of fnc.inputs) {
|
for (const param of fnc.inputs) {
|
||||||
a(3, `p.push(params["${param.name}"])`);
|
a(3, `p.push(params["${param.name}"])`);
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "@hibas123/jrpcgen",
|
"name": "@hibas123/jrpcgen",
|
||||||
"version": "1.0.29",
|
"version": "1.0.30",
|
||||||
"main": "lib/index.js",
|
"main": "lib/index.js",
|
||||||
"license": "MIT",
|
"license": "MIT",
|
||||||
"packageManager": "yarn@3.1.1",
|
"packageManager": "yarn@3.1.1",
|
||||||
|
@ -16,7 +16,7 @@ const conversion = {
|
|||||||
number: "number",
|
number: "number",
|
||||||
string: "string",
|
string: "string",
|
||||||
void: "void",
|
void: "void",
|
||||||
bytes: "Uint8Array"
|
bytes: "Uint8Array",
|
||||||
};
|
};
|
||||||
|
|
||||||
function toJSType(type: string): string {
|
function toJSType(type: string): string {
|
||||||
@ -52,10 +52,7 @@ export class TypescriptTarget extends CompileTarget {
|
|||||||
a(
|
a(
|
||||||
0,
|
0,
|
||||||
def.depends.map((dep) =>
|
def.depends.map((dep) =>
|
||||||
this.generateImport(
|
this.generateImport(`${dep}, { apply_${dep} }`, "./" + dep)
|
||||||
`${dep}, { apply_${dep} }`,
|
|
||||||
"./" + dep
|
|
||||||
)
|
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
@ -128,17 +125,29 @@ export class TypescriptTarget extends CompileTarget {
|
|||||||
`export function apply_${def.name}(data: ${def.name}): ${def.name} {`
|
`export function apply_${def.name}(data: ${def.name}): ${def.name} {`
|
||||||
);
|
);
|
||||||
{
|
{
|
||||||
a(1, `if(typeof data !== "object") throw new VerificationError("${def.name}", undefined, data);`)
|
a(
|
||||||
|
1,
|
||||||
|
`if(typeof data !== "object") throw new VerificationError("${def.name}", undefined, data);`
|
||||||
|
);
|
||||||
a(1, `let res = new ${def.name}() as any;`);
|
a(1, `let res = new ${def.name}() as any;`);
|
||||||
def.fields.forEach((field) => {
|
def.fields.forEach((field) => {
|
||||||
a(1, `if(data["${field.name}"] !== null && data["${field.name}"] !== undefined) {`)
|
a(
|
||||||
|
1,
|
||||||
|
`if(data["${field.name}"] !== null && data["${field.name}"] !== undefined) {`
|
||||||
|
);
|
||||||
if (field.array) {
|
if (field.array) {
|
||||||
a(2, `if(!Array.isArray(data["${field.name}"])) throw new VerificationError("array", "${field.name}", data["${field.name}"]);`)
|
a(
|
||||||
|
2,
|
||||||
|
`if(!Array.isArray(data["${field.name}"])) throw new VerificationError("array", "${field.name}", data["${field.name}"]);`
|
||||||
|
);
|
||||||
a(2, `res["${field.name}"] = data["${field.name}"].map(elm=>`);
|
a(2, `res["${field.name}"] = data["${field.name}"].map(elm=>`);
|
||||||
a(3, `apply_${field.type}(elm)`);
|
a(3, `apply_${field.type}(elm)`);
|
||||||
a(2, `)`);
|
a(2, `)`);
|
||||||
} else if (field.map) {
|
} else if (field.map) {
|
||||||
a(2, `if(typeof data["${field.name}"] !== "object") throw new VerificationError("map", "${field.name}", data["${field.name}"]);`)
|
a(
|
||||||
|
2,
|
||||||
|
`if(typeof data["${field.name}"] !== "object") throw new VerificationError("map", "${field.name}", data["${field.name}"]);`
|
||||||
|
);
|
||||||
a(2, `res["${field.name}"] = {}`);
|
a(2, `res["${field.name}"] = {}`);
|
||||||
a(
|
a(
|
||||||
2,
|
2,
|
||||||
@ -255,7 +264,7 @@ export class TypescriptTarget extends CompileTarget {
|
|||||||
// }
|
// }
|
||||||
|
|
||||||
if (!fnc.return) {
|
if (!fnc.return) {
|
||||||
a(1, `${fnc.name}(${params}): void {`);1
|
a(1, `${fnc.name}(${params}): void {`);
|
||||||
a(2, `this._provider.sendMessage({`);
|
a(2, `this._provider.sendMessage({`);
|
||||||
a(3, `jsonrpc: "2.0",`);
|
a(3, `jsonrpc: "2.0",`);
|
||||||
a(3, `method: "${def.name}.${fnc.name}",`);
|
a(3, `method: "${def.name}.${fnc.name}",`);
|
||||||
@ -361,6 +370,8 @@ export class TypescriptTarget extends CompileTarget {
|
|||||||
a(2, `let p: any[] = [];`);
|
a(2, `let p: any[] = [];`);
|
||||||
a(2, `if(Array.isArray(params)){`);
|
a(2, `if(Array.isArray(params)){`);
|
||||||
a(3, `p = params;`);
|
a(3, `p = params;`);
|
||||||
|
a(3, `while(p.length < ${fnc.inputs.length})`);
|
||||||
|
a(4, `p.push(undefined)`);
|
||||||
a(2, `} else {`);
|
a(2, `} else {`);
|
||||||
for (const param of fnc.inputs) {
|
for (const param of fnc.inputs) {
|
||||||
a(3, `p.push(params["${param.name}"])`);
|
a(3, `p.push(params["${param.name}"])`);
|
||||||
@ -383,7 +394,10 @@ export class TypescriptTarget extends CompileTarget {
|
|||||||
a(2, ``);
|
a(2, ``);
|
||||||
a(2, `p.push(ctx);`);
|
a(2, `p.push(ctx);`);
|
||||||
|
|
||||||
a(2, `//@ts-ignore This will cause a typescript error when strict checking, since p is not a tuple`)
|
a(
|
||||||
|
2,
|
||||||
|
`//@ts-ignore This will cause a typescript error when strict checking, since p is not a tuple`
|
||||||
|
);
|
||||||
a(
|
a(
|
||||||
2,
|
2,
|
||||||
`return this.${fnc.name}.call(this, ...p)` + //TODO: Refactor. This line is way to compicated for anyone to understand, including me
|
`return this.${fnc.name}.call(this, ...p)` + //TODO: Refactor. This line is way to compicated for anyone to understand, including me
|
||||||
@ -466,10 +480,7 @@ export class TypescriptTarget extends CompileTarget {
|
|||||||
"./" + def.name
|
"./" + def.name
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
a(
|
a(0, `export { ${def.name}, apply_${def.name} }`);
|
||||||
0,
|
|
||||||
`export { ${def.name}, apply_${def.name} }`
|
|
||||||
);
|
|
||||||
a(0, ``);
|
a(0, ``);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user