8000 Fix object injection issue · pengsrc/sdk-javascript@d25cfc3 · GitHub
[go: up one dir, main page]
Skip to content

Commit d25cfc3

Browse files
fabiojosefabiojose
committed
Fix object injection issue
Signed-off-by: Fabio José <fabiojose@gmail.com>
1 parent b1c3206 commit d25cfc3

File tree

2 files changed

+32
-4
lines changed

2 files changed

+32
-4
lines changed

lib/specs/spec_0_2.js

Lines changed: 17 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,18 @@ var uuid = require("uuid/v4");
22
var empty = require("is-empty");
33
var Ajv = require("ajv");
44

5+
// Reserved attributes names
6+
const reserved = {
7+
type: "type",
8+
specversion: "specversion",
9+
source: "source",
10+
id: "id",
11+
time: "time",
12+
schemaurl: "schemaurl",
13+
contenttype: "contenttype",
14+
data: "data"
15+
};
16+
517
const schema = require("../../ext/spec_0_2.json");
618

719
// Default options
@@ -93,7 +105,11 @@ Spec02.prototype.getData = function() {
93105
};
94106

95107
Spec02.prototype.addExtension = function(key, value){
96-
this.payload[key] = value;
108+
if(!reserved.hasOwnProperty(key)){
109+
this.payload[key] = value;
110+
} else {
111+
throw {message: "Reserved attribute name: '" + key + "'"};
112+
}
97113
return this;
98114
};
99115

test/cloudevent_spec_0_2.js

Lines changed: 15 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -9,9 +9,10 @@ const contenttype = "application/json";
99
const data = {};
1010
const extensions = {};
1111

12-
var cloudevent = new Cloudevent(Cloudevent.specs["0.2"])
13-
.type(type)
14-
.source(source);
12+
var cloudevent =
13+
new Cloudevent(Cloudevent.specs["0.2"])
14+
.type(type)
15+
.source(source);
1516

1617
describe("CloudEvents Spec 0.2 - JavaScript SDK", () => {
1718

@@ -65,6 +66,17 @@ describe("CloudEvents Spec 0.2 - JavaScript SDK", () => {
6566
cloudevent.addExtension("extension2", "value2");
6667
expect(cloudevent.format()["extension2"]).to.equal("value2");
6768
});
69+
70+
it("should throw an error when employ reserved name as extension", () => {
71+
72+
var cevt =
73+
new Cloudevent(Cloudevent.specs["0.2"])
74+
.type(type)
75+
.source(source);
76+
expect(cevt.addExtension.bind(cevt, "id"))
77+
.to
78+
.throw("Reserved attribute name: 'id'");
79+
});
6880
});
6981

7082
describe("The Constraints check", () => {

0 commit comments

Comments
 (0)
0