var parse = require('../');
var test = require('tape');
test('proto pollution', function (t) {
var argv = parse(['--__proto__.x','123']);
t.equal({}.x, undefined);
t.equal(argv.__proto__.x, undefined);
t.equal(argv.x, undefined);
t.end();
});
test('proto pollution (array)', function (t) {
var argv = parse(['--x','4','--x','5','--x.__proto__.z','789']);
t.equal({}.z, undefined);
t.deepEqual(argv.x, [4,5]);
t.equal(argv.x.z, undefined);
t.equal(argv.x.__proto__.z, undefined);
t.end();
});
test('proto pollution (number)', function (t) {
var argv = parse(['--x','5','--x.__proto__.z','100']);
t.equal({}.z, undefined);
t.equal((4).z, undefined);
t.equal(argv.x, 5);
t.equal(argv.x.z, undefined);
t.end();
});
test('proto pollution (string)', function (t) {
var argv = parse(['--x','abc','--x.__proto__.z','def']);
t.equal({}.z, undefined);
t.equal('...'.z, undefined);
t.equal(argv.x, 'abc');
t.equal(argv.x.z, undefined);
t.end();
});
test('proto pollution (constructor)', function (t) {
var argv = parse(['--constructor.prototype.y','123']);
t.equal({}.y, undefined);
t.equal(argv.y, undefined);
t.end();
});
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| all_bool.js | File | 756 B | 0644 |
|
| bool.js | File | 4.11 KB | 0644 |
|
| dash.js | File | 980 B | 0644 |
|
| default_bool.js | File | 778 B | 0644 |
|
| dotted.js | File | 588 B | 0644 |
|
| kv_short.js | File | 376 B | 0644 |
|
| long.js | File | 779 B | 0644 |
|
| num.js | File | 909 B | 0644 |
|
| parse.js | File | 4.5 KB | 0644 |
|
| parse_modified.js | File | 238 B | 0644 |
|
| proto.js | File | 1.2 KB | 0644 |
|
| short.js | File | 1.56 KB | 0644 |
|
| stop_early.js | File | 328 B | 0644 |
|
| unknown.js | File | 2.48 KB | 0644 |
|
| whitespace.js | File | 191 B | 0644 |
|