hibas123/JsonRPC
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix vulnerability where context could be impersonated by supplying wrong number of arguments

Browse Source
This commit is contained in:
Fabian Stamm
2022-04-07 20:36:04 +00:00
parent 58e00a9ca3
commit 97ce0ea9b5
3 changed files with 29 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/jrpc.js
View File

@ -10334,6 +10334,8 @@ var TypescriptTarget = class extends CompileTarget {
a(2, `let p: any[] = [];`); a(2, `let p: any[] = [];`);
a(2, `if(Array.isArray(params)){`); a(2, `if(Array.isArray(params)){`);
a(3, `p = params;`); a(3, `p = params;`);
a(3, `while(p.length < ${fnc.inputs.length})`);
a(4, `p.push(undefined)`);
a(2, `} else {`); a(2, `} else {`);
for (const param of fnc.inputs) { for (const param of fnc.inputs) {
a(3, `p.push(params["${param.name}"])`); a(3, `p.push(params["${param.name}"])`);

2
package.json
View File

@ -1,6 +1,6 @@
{ {
"name": "@hibas123/jrpcgen", "name": "@hibas123/jrpcgen",
"version": "1.0.29", "version": "1.0.30",
"main": "lib/index.js", "main": "lib/index.js",
"license": "MIT", "license": "MIT",
"packageManager": "yarn@3.1.1", "packageManager": "yarn@3.1.1",

41
src/targets/typescript.ts
View File

@ -16,7 +16,7 @@ const conversion = {
number: "number", number: "number",
string: "string", string: "string",
void: "void", void: "void",
bytes: "Uint8Array" bytes: "Uint8Array",
}; };
function toJSType(type: string): string { function toJSType(type: string): string {
@ -52,10 +52,7 @@ export class TypescriptTarget extends CompileTarget {
a( a(
0, 0,
def.depends.map((dep) => def.depends.map((dep) =>
this.generateImport( this.generateImport(`${dep}, { apply_${dep} }`, "./" + dep)
`${dep}, { apply_${dep} }`,
"./" + dep
)
) )
); );
} }
@ -128,17 +125,29 @@ export class TypescriptTarget extends CompileTarget {
`export function apply_${def.name}(data: ${def.name}): ${def.name} {` `export function apply_${def.name}(data: ${def.name}): ${def.name} {`
); );
{ {
a(1, `if(typeof data !== "object") throw new VerificationError("${def.name}", undefined, data);`) a(
1,
`if(typeof data !== "object") throw new VerificationError("${def.name}", undefined, data);`
);
a(1, `let res = new ${def.name}() as any;`); a(1, `let res = new ${def.name}() as any;`);
def.fields.forEach((field) => { def.fields.forEach((field) => {
a(1, `if(data["${field.name}"] !== null && data["${field.name}"] !== undefined) {`) a(
1,
`if(data["${field.name}"] !== null && data["${field.name}"] !== undefined) {`
);
if (field.array) { if (field.array) {
a(2, `if(!Array.isArray(data["${field.name}"])) throw new VerificationError("array", "${field.name}", data["${field.name}"]);`) a(
2,
`if(!Array.isArray(data["${field.name}"])) throw new VerificationError("array", "${field.name}", data["${field.name}"]);`
);
a(2, `res["${field.name}"] = data["${field.name}"].map(elm=>`); a(2, `res["${field.name}"] = data["${field.name}"].map(elm=>`);
a(3, `apply_${field.type}(elm)`); a(3, `apply_${field.type}(elm)`);
a(2, `)`); a(2, `)`);
} else if (field.map) { } else if (field.map) {
a(2, `if(typeof data["${field.name}"] !== "object") throw new VerificationError("map", "${field.name}", data["${field.name}"]);`) a(
2,
`if(typeof data["${field.name}"] !== "object") throw new VerificationError("map", "${field.name}", data["${field.name}"]);`
);
a(2, `res["${field.name}"] = {}`); a(2, `res["${field.name}"] = {}`);
a( a(
2, 2,
@ -255,7 +264,7 @@ export class TypescriptTarget extends CompileTarget {
// } // }
if (!fnc.return) { if (!fnc.return) {
a(1, `${fnc.name}(${params}): void {`);1 a(1, `${fnc.name}(${params}): void {`);
a(2, `this._provider.sendMessage({`); a(2, `this._provider.sendMessage({`);
a(3, `jsonrpc: "2.0",`); a(3, `jsonrpc: "2.0",`);
a(3, `method: "${def.name}.${fnc.name}",`); a(3, `method: "${def.name}.${fnc.name}",`);
@ -361,6 +370,8 @@ export class TypescriptTarget extends CompileTarget {
a(2, `let p: any[] = [];`); a(2, `let p: any[] = [];`);
a(2, `if(Array.isArray(params)){`); a(2, `if(Array.isArray(params)){`);
a(3, `p = params;`); a(3, `p = params;`);
a(3, `while(p.length < ${fnc.inputs.length})`);
a(4, `p.push(undefined)`);
a(2, `} else {`); a(2, `} else {`);
for (const param of fnc.inputs) { for (const param of fnc.inputs) {
a(3, `p.push(params["${param.name}"])`); a(3, `p.push(params["${param.name}"])`);
@ -383,7 +394,10 @@ export class TypescriptTarget extends CompileTarget {
a(2, ``); a(2, ``);
a(2, `p.push(ctx);`); a(2, `p.push(ctx);`);
a(2, `//@ts-ignore This will cause a typescript error when strict checking, since p is not a tuple`) a(
2,
`//@ts-ignore This will cause a typescript error when strict checking, since p is not a tuple`
);
a( a(
2, 2,
`return this.${fnc.name}.call(this, ...p)` + //TODO: Refactor. This line is way to compicated for anyone to understand, including me `return this.${fnc.name}.call(this, ...p)` + //TODO: Refactor. This line is way to compicated for anyone to understand, including me
@ -466,10 +480,7 @@ export class TypescriptTarget extends CompileTarget {
"./" + def.name "./" + def.name
) )
); );
a( a(0, `export { ${def.name}, apply_${def.name} }`);
0,
`export { ${def.name}, apply_${def.name} }`
);
a(0, ``); a(0, ``);
break; break;