Fix vulnerability where context could be impersonated by supplying wrong number of arguments

This commit is contained in:
Fabian Stamm 2022-04-07 20:36:04 +00:00
parent 58e00a9ca3
commit 97ce0ea9b5
3 changed files with 29 additions and 16 deletions

View File

@ -10334,6 +10334,8 @@ var TypescriptTarget = class extends CompileTarget {
a(2, `let p: any[] = [];`);
a(2, `if(Array.isArray(params)){`);
a(3, `p = params;`);
a(3, `while(p.length < ${fnc.inputs.length})`);
a(4, `p.push(undefined)`);
a(2, `} else {`);
for (const param of fnc.inputs) {
a(3, `p.push(params["${param.name}"])`);

View File

@ -1,6 +1,6 @@
{
"name": "@hibas123/jrpcgen",
"version": "1.0.29",
"version": "1.0.30",
"main": "lib/index.js",
"license": "MIT",
"packageManager": "yarn@3.1.1",

View File

@ -16,7 +16,7 @@ const conversion = {
number: "number",
string: "string",
void: "void",
bytes: "Uint8Array"
bytes: "Uint8Array",
};
function toJSType(type: string): string {
@ -52,10 +52,7 @@ export class TypescriptTarget extends CompileTarget {
a(
0,
def.depends.map((dep) =>
this.generateImport(
`${dep}, { apply_${dep} }`,
"./" + dep
)
this.generateImport(`${dep}, { apply_${dep} }`, "./" + dep)
)
);
}
@ -128,17 +125,29 @@ export class TypescriptTarget extends CompileTarget {
`export function apply_${def.name}(data: ${def.name}): ${def.name} {`
);
{
a(1, `if(typeof data !== "object") throw new VerificationError("${def.name}", undefined, data);`)
a(
1,
`if(typeof data !== "object") throw new VerificationError("${def.name}", undefined, data);`
);
a(1, `let res = new ${def.name}() as any;`);
def.fields.forEach((field) => {
a(1, `if(data["${field.name}"] !== null && data["${field.name}"] !== undefined) {`)
a(
1,
`if(data["${field.name}"] !== null && data["${field.name}"] !== undefined) {`
);
if (field.array) {
a(2, `if(!Array.isArray(data["${field.name}"])) throw new VerificationError("array", "${field.name}", data["${field.name}"]);`)
a(
2,
`if(!Array.isArray(data["${field.name}"])) throw new VerificationError("array", "${field.name}", data["${field.name}"]);`
);
a(2, `res["${field.name}"] = data["${field.name}"].map(elm=>`);
a(3, `apply_${field.type}(elm)`);
a(2, `)`);
} else if (field.map) {
a(2, `if(typeof data["${field.name}"] !== "object") throw new VerificationError("map", "${field.name}", data["${field.name}"]);`)
a(
2,
`if(typeof data["${field.name}"] !== "object") throw new VerificationError("map", "${field.name}", data["${field.name}"]);`
);
a(2, `res["${field.name}"] = {}`);
a(
2,
@ -255,7 +264,7 @@ export class TypescriptTarget extends CompileTarget {
// }
if (!fnc.return) {
a(1, `${fnc.name}(${params}): void {`);1
a(1, `${fnc.name}(${params}): void {`);
a(2, `this._provider.sendMessage({`);
a(3, `jsonrpc: "2.0",`);
a(3, `method: "${def.name}.${fnc.name}",`);
@ -361,6 +370,8 @@ export class TypescriptTarget extends CompileTarget {
a(2, `let p: any[] = [];`);
a(2, `if(Array.isArray(params)){`);
a(3, `p = params;`);
a(3, `while(p.length < ${fnc.inputs.length})`);
a(4, `p.push(undefined)`);
a(2, `} else {`);
for (const param of fnc.inputs) {
a(3, `p.push(params["${param.name}"])`);
@ -383,7 +394,10 @@ export class TypescriptTarget extends CompileTarget {
a(2, ``);
a(2, `p.push(ctx);`);
a(2, `//@ts-ignore This will cause a typescript error when strict checking, since p is not a tuple`)
a(
2,
`//@ts-ignore This will cause a typescript error when strict checking, since p is not a tuple`
);
a(
2,
`return this.${fnc.name}.call(this, ...p)` + //TODO: Refactor. This line is way to compicated for anyone to understand, including me
@ -466,10 +480,7 @@ export class TypescriptTarget extends CompileTarget {
"./" + def.name
)
);
a(
0,
`export { ${def.name}, apply_${def.name} }`
);
a(0, `export { ${def.name}, apply_${def.name} }`);
a(0, ``);
break;