frodovdr/node-red
1
0
Fork 0
mirror of https://github.com/node-red/node-red.git synced 2023-10-10 13:36:53 +02:00
Code Issues Releases Wiki Activity

Fix bug in debug node due to msg.hasOwnProperty construct

Browse Source 
`msg.hasOwnProperty("status")` might make the debug node crash/produce an error if the payload was created with `Object.create(null)`.
This is the case e.g. for `ini` (to parse INI files), an official NPM node:
4f289946b3/lib/ini.js (L63)

My Node-RED node `node-red-contrib-parser-ini`, which is using that library, was hit by this bug and I had to ship a workaround
fe6b1eb4b1/parser-ini.js (L14)

The `msg.hasOwnProperty("xxx")` construct should not be used since ECMAScript 5.1.

ESLint advises in the same direction https://eslint.org/docs/rules/no-prototype-builtins

This patch was produced using the following regex:
Search: `\b([\w.]+).hasOwnProperty\(`
Replace: `Object.prototype.hasOwnProperty.call($1, `

This could be applied more gobally if desired.
This commit is contained in:
Alexandre Alapetite 2022-02-03 02:01:22 +01:00
parent b7bae18849
commit e55cbb3e3d
No known key found for this signature in database
GPG Key ID: A24378C38E812B23
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
packages/node_modules/@node-red/nodes/core/common/21-debug.js vendored
View File

@ -107,7 +107,7 @@ module.exports = function(RED) {
}
})
this.on("input", function(msg, send, done) {
if (msg.hasOwnProperty("status") && msg.status.hasOwnProperty("source") && msg.status.source.hasOwnProperty("id") && (msg.status.source.id === node.id)) {
if (Object.prototype.hasOwnProperty.call(msg, "status") && Object.prototype.hasOwnProperty.call(msg.status, "source") && Object.prototype.hasOwnProperty.call(msg.status.source, "id") && (msg.status.source.id === node.id)) {
done();
return;
}
@ -118,17 +118,17 @@ module.exports = function(RED) {
var st = (typeof output === 'string') ? output : util.inspect(output);
var fill = "grey";
var shape = "dot";
if (typeof output === 'object' && output.hasOwnProperty("fill") && output.hasOwnProperty("shape") && output.hasOwnProperty("text")) {
if (typeof output === 'object' && Object.prototype.hasOwnProperty.call(output, "fill") && Object.prototype.hasOwnProperty.call(output, "shape") && Object.prototype.hasOwnProperty.call(output, "text")) {
fill = output.fill;
shape = output.shape;
st = output.text;
}
if (node.statusType === "auto") {
if (msg.hasOwnProperty("error")) {
if (Object.prototype.hasOwnProperty.call(msg, "error")) {
fill = "red";
st = msg.error.message;
}
if (msg.hasOwnProperty("status")) {
if (Object.prototype.hasOwnProperty.call(msg, "status")) {
fill = msg.status.fill || "grey";
shape = msg.status.shape || "ring";
st = msg.status.text || "";
@ -194,7 +194,7 @@ module.exports = function(RED) {
function sendDebug(msg) {
// don't put blank errors in sidebar (but do add to logs)
//if ((msg.msg === "") && (msg.hasOwnProperty("level")) && (msg.level === 20)) { return; }
//if ((msg.msg === "") && (Object.prototype.hasOwnProperty.call(msg, "level")) && (msg.level === 20)) { return; }
msg = RED.util.encodeObject(msg,{maxLength:debuglength});
RED.comms.publish("debug",msg);
}