From 25661e4fc0e7c6a3d47bc189f886af76b1ecafa1 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Thu, 9 Dec 2021 13:01:08 +0100
Subject: [PATCH] deps(json-schema): protect against prototype pollution
Amalgamation of the following upstream patches:
https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
https://github.com/kriszyp/json-schema/commit/b62f1da1ff5442f23443d6be6a92d00e65cba93a
https://github.com/kriszyp/json-schema/commit/f6f6a3b02d667aa4ba2d5d50cc19208c4462abfa
Fixes: CVE-2021-3918
Signed-off-by: rpm-build <rpm-build>
---
.../node_modules/json-schema/lib/validate.js | 4 +--
.../node_modules/json-schema/test/tests.js | 28 ++++++++++++++++++-
2 files changed, 29 insertions(+), 3 deletions(-)
diff --git a/deps/npm/node_modules/json-schema/lib/validate.js b/deps/npm/node_modules/json-schema/lib/validate.js
index 4b61088..d05ee86 100644
--- a/deps/npm/node_modules/json-schema/lib/validate.js
+++ b/deps/npm/node_modules/json-schema/lib/validate.js
@@ -209,8 +209,8 @@ var validate = exports._validate = function(/*Any*/instance,/*Object*/schema,/*O
}
for(var i in objTypeDef){
- if(objTypeDef.hasOwnProperty(i)){
- var value = instance[i];
+ if(objTypeDef.hasOwnProperty(i) && i != '__proto__' && i != 'constructor'){
+ var value = instance.hasOwnProperty(i) ? instance[i] : undefined;
// skip _not_ specified properties
if (value === undefined && options.existingOnly) continue;
var propDef = objTypeDef[i];
diff --git a/deps/npm/node_modules/json-schema/test/tests.js b/deps/npm/node_modules/json-schema/test/tests.js
index 40eeda5..70f515a 100644
--- a/deps/npm/node_modules/json-schema/test/tests.js
+++ b/deps/npm/node_modules/json-schema/test/tests.js
@@ -91,5 +91,31 @@ var suite = vows.describe('JSON Schema').addBatch({
'Json-Ref self-validates': assertSelfValidates('json-ref'),
'Json-Ref/Hyper': assertValidates('json-ref', 'hyper-schema'),
- 'Json-Ref/Core': assertValidates('json-ref', 'schema')
+ 'Json-Ref/Core': assertValidates('json-ref', 'schema'),
+ prototypePollution: function() {
+ console.log('testing')
+ const instance = JSON.parse(`
+ {
+ "$schema":{
+ "type": "object",
+ "properties":{
+ "__proto__": {
+ "type": "object",
+
+ "properties":{
+ "polluted": {
+ "type": "string",
+ "default": "polluted"
+ }
+ }
+ }
+ },
+ "__proto__": {}
+ }
+ }`);
+
+ const a = {};
+ validate(instance);
+ assert.equal(a.polluted, undefined);
+ }
}).export(module);
--
2.33.1