frodovdr/node-red
1
0
Fork 0
mirror of https://github.com/node-red/node-red.git synced 2023-10-10 13:36:53 +02:00
Code Issues Releases Wiki Activity

Merge pull request #3394 from Alkarex/fix-debug-node-hasOwnProperty

Browse Source 
Fix no-prototype-builtins bug in debug node and utils
This commit is contained in:
Nick O'Leary 2022-02-03 16:31:46 +00:00 committed by GitHub
commit 5293563a6a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 82 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
packages/node_modules/@node-red/nodes/core/common/21-debug.js vendored
View File

@ -7,6 +7,7 @@ module.exports = function(RED) {
var debuglength = RED.settings.debugMaxLength || 1000;
var useColors = RED.settings.debugUseColors || false;
util.inspect.styles.boolean = "red";
const { hasOwnProperty } = Object.prototype;
function DebugNode(n) {
var hasEditExpression = (n.targetType === "jsonata");
@ -107,7 +108,7 @@ module.exports = function(RED) {
}
})
this.on("input", function(msg, send, done) {
if (msg.hasOwnProperty("status") && msg.status.hasOwnProperty("source") && msg.status.source.hasOwnProperty("id") && (msg.status.source.id === node.id)) {
if (hasOwnProperty.call(msg, "status") && hasOwnProperty.call(msg.status, "source") && hasOwnProperty.call(msg.status.source, "id") && (msg.status.source.id === node.id)) {
done();
return;
}
@ -118,17 +119,17 @@ module.exports = function(RED) {
var st = (typeof output === 'string') ? output : util.inspect(output);
var fill = "grey";
var shape = "dot";
if (typeof output === 'object' && output.hasOwnProperty("fill") && output.hasOwnProperty("shape") && output.hasOwnProperty("text")) {
if (typeof output === 'object' && hasOwnProperty.call(output, "fill") && hasOwnProperty.call(output, "shape") && hasOwnProperty.call(output, "text")) {
fill = output.fill;
shape = output.shape;
st = output.text;
}
if (node.statusType === "auto") {
if (msg.hasOwnProperty("error")) {
if (hasOwnProperty.call(msg, "error")) {
fill = "red";
st = msg.error.message;
}
if (msg.hasOwnProperty("status")) {
if (hasOwnProperty.call(msg, "status")) {
fill = msg.status.fill || "grey";
shape = msg.status.shape || "ring";
st = msg.status.text || "";
@ -194,7 +195,7 @@ module.exports = function(RED) {
function sendDebug(msg) {
// don't put blank errors in sidebar (but do add to logs)
//if ((msg.msg === "") && (msg.hasOwnProperty("level")) && (msg.level === 20)) { return; }
//if ((msg.msg === "") && (hasOwnProperty.call(msg, "level")) && (msg.level === 20)) { return; }
msg = RED.util.encodeObject(msg,{maxLength:debuglength});
RED.comms.publish("debug",msg);
}

41
packages/node_modules/@node-red/util/lib/util.js vendored
View File

@ -24,6 +24,17 @@ const jsonata = require("jsonata");
const moment = require("moment-timezone");
const safeJSONStringify = require("json-stringify-safe");
const util = require("util");
const { hasOwnProperty } = Object.prototype;
/**
* Safely returns the object construtor name.
* @return {String} the name of the object constructor if it exists, empty string otherwise.
*/
function constructorName(obj) {
// Note: This function could be replaced by optional chaining in Node.js 14+:
// obj?.constructor?.name
return obj && obj.constructor ? obj.constructor.name : '';
}
/**
* Generates a psuedo-unique-random id.
@ -171,7 +182,7 @@ function compareObjects(obj1,obj2) {
}
for (var k in obj1) {
/* istanbul ignore else */
if (obj1.hasOwnProperty(k)) {
if (hasOwnProperty.call(obj1, k)) {
if (!compareObjects(obj1[k],obj2[k])) {
return false;
}
@ -462,7 +473,7 @@ function setObjectProperty(msg,prop,value,createMissing) {
for (var i=0;i<length-1;i++) {
key = msgPropParts[i];
if (typeof key === 'string' || (typeof key === 'number' && !Array.isArray(obj))) {
if (obj.hasOwnProperty(key)) {
if (hasOwnProperty.call(obj, key)) {
if (length > 1 && ((typeof obj[key] !== "object" && typeof obj[key] !== "function") || obj[key] === null)) {
// Break out early as we cannot create a property beneath
// this type of value
@ -561,7 +572,7 @@ function getSetting(node, name, flow_) {
* @memberof @node-red/util_util
*/
function evaluateEnvProperty(value, node) {
var flow = (node && node.hasOwnProperty("_flow")) ? node._flow : null;
var flow = (node && hasOwnProperty.call(node, "_flow")) ? node._flow : null;
var result;
if (/^\${[^}]+}$/.test(value)) {
// ${ENV_VAR}
@ -785,7 +796,7 @@ function normaliseNodeTypeName(name) {
function encodeObject(msg,opts) {
try {
var debuglength = 1000;
if (opts && opts.hasOwnProperty('maxLength')) {
if (opts && hasOwnProperty.call(opts, 'maxLength')) {
debuglength = opts.maxLength;
}
var msgType = typeof msg.msg;
@ -795,7 +806,7 @@ function encodeObject(msg,opts) {
if (msg.msg.name) {
errorMsg.name = msg.msg.name;
}
if (msg.msg.hasOwnProperty('message')) {
if (hasOwnProperty.call(msg.msg, 'message')) {
errorMsg.message = msg.msg.message;
} else {
errorMsg.message = msg.msg.toString();
@ -809,7 +820,7 @@ function encodeObject(msg,opts) {
}
} else if (msg.msg && msgType === 'object') {
try {
msg.format = msg.msg.constructor.name || "Object";
msg.format = constructorName(msg.msg) || "Object";
// Handle special case of msg.req/res objects from HTTP In node
if (msg.format === "IncomingMessage" || msg.format === "ServerResponse") {
msg.format = "Object";
@ -836,7 +847,7 @@ function encodeObject(msg,opts) {
length: msg.msg.length
}
}
} else if (msg.msg && msg.msg.constructor.name === "Set") {
} else if (constructorName(msg.msg) === "Set") {
msg.format = "set["+msg.msg.size+"]";
msg.msg = {
__enc__: true,
@ -845,7 +856,7 @@ function encodeObject(msg,opts) {
length: msg.msg.size
}
needsStringify = true;
} else if (msg.msg && msg.msg.constructor.name === "Map") {
} else if (constructorName(msg.msg) === "Map") {
msg.format = "map";
msg.msg = {
__enc__: true,
@ -854,7 +865,7 @@ function encodeObject(msg,opts) {
length: msg.msg.size
}
needsStringify = true;
} else if (msg.msg && msg.msg.constructor.name === "RegExp") {
} else if (constructorName(msg.msg) === "RegExp") {
msg.format = 'regexp';
msg.msg = msg.msg.toString();
}
@ -904,25 +915,25 @@ function encodeObject(msg,opts) {
if (value.length > debuglength) {
value.data = value.data.slice(0,debuglength);
}
} else if (value.constructor.name === "ServerResponse") {
} else if (constructorName(value) === "ServerResponse") {
value = "[internal]"
} else if (value.constructor.name === "Socket") {
} else if (constructorName(value) === "Socket") {
value = "[internal]"
} else if (value.constructor.name === "Set") {
} else if (constructorName(value) === "Set") {
value = {
__enc__: true,
type: "set",
data: Array.from(value).slice(0,debuglength),
length: value.size
}
} else if (value.constructor.name === "Map") {
} else if (constructorName(value) === "Map") {
value = {
__enc__: true,
type: "map",
data: Object.fromEntries(Array.from(value.entries()).slice(0,debuglength)),
length: value.size
}
} else if (value.constructor.name === "RegExp") {
} else if (constructorName(value) === "RegExp") {
value = {
__enc__: true,
type: "regexp",
@ -974,7 +985,7 @@ function encodeObject(msg,opts) {
if (e.name) {
errorMsg.name = e.name;
}
if (e.hasOwnProperty('message')) {
if (hasOwnProperty.call(e, 'message')) {
errorMsg.message = 'encodeObject Error: ['+e.message + '] Value: '+util.inspect(msg.msg);
} else {
errorMsg.message = 'encodeObject Error: ['+e.toString() + '] Value: '+util.inspect(msg.msg);

32
test/nodes/core/common/21-debug_spec.js
View File

@ -265,6 +265,38 @@ describe('debug node', function() {
});
});
it('should publish an object with no-prototype-builtins', function(done) {
const flow = [{id:"n1", type:"debug" }];
helper.load(debugNode, flow, function() {
const n1 = helper.getNode("n1");
const payload = Object.create(null);
payload.type = 'foo';
websocket_test(function() {
n1.emit("input", {payload: payload});
}, function(msg) {
JSON.parse(msg).should.eql([{
topic:"debug",
data:{id:"n1",msg:'{"type":"foo"}',property:"payload",format:"Object",path:"global"}
}]);
}, done);
});
});
it('should publish an object with overriden hasOwnProperty', function(done) {
const flow = [{id:"n1", type:"debug" }];
helper.load(debugNode, flow, function() {
const n1 = helper.getNode("n1");
websocket_test(function() {
n1.emit("input", {payload: {type:'foo', hasOwnProperty: null}});
}, function(msg) {
JSON.parse(msg).should.eql([{
topic:"debug",
data:{id:"n1",msg:'{"type":"foo","hasOwnProperty":null}',property:"payload",format:"Object",path:"global"}
}]);
}, done);
});
});
it('should publish an array', function(done) {
var flow = [{id:"n1", type:"debug" }];
helper.load(debugNode, flow, function() {

18
test/unit/@node-red/util/lib/util_spec.js
View File

@ -830,6 +830,24 @@ describe("@node-red/util/util", function() {
resultJson.b.should.have.property("__enc__", true);
resultJson.b.should.have.property("type", "undefined");
});
it('object with no prototype builtins', function() {
const payload = new Object(null);
payload.c = 3;
var msg = { msg:{b:payload} };
var result = util.encodeObject(msg);
result.format.should.eql("Object");
var resultJson = JSON.parse(result.msg);
resultJson.should.have.property("b");
resultJson.b.should.have.property("c", 3);
});
it('object with overriden hasOwnProperty', function() {
var msg = { msg:{b:{hasOwnProperty:null}} };
var result = util.encodeObject(msg);
result.format.should.eql("Object");
var resultJson = JSON.parse(result.msg);
resultJson.should.have.property("b");
resultJson.b.should.have.property("hasOwnProperty");
});
it('object with Map property', function() {
const m = new Map();
m.set("a",1);