Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-01-01 21:30:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: vulnerability in socket.io nested namespaces (#11117)

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2022-12-30 09:49:22 -05:00
committed by GitHub
parent 1ea9481af6
commit 586eed1407
2 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/socket.io/index.js
View File

@@ -123,7 +123,7 @@ async function onMessage(socket, payload) {
const parts = eventName.toString().split('.');
const namespace = parts[0];
const methodToCall = parts.reduce((prev, cur) => {
if (prev !== null && prev[cur]) {
if (prev !== null && prev[cur] && (!prev.hasOwnProperty || prev.hasOwnProperty(cur))) {
return prev[cur];
}
return null;

16
test/socket.io.js
View File

@@ -91,6 +91,22 @@ describe('socket.io', () => {
});
});
it('should return error for unknown event', (done) => {
io.emit('user.gdpr.__proto__.constructor.toString', (err) => {
assert(err);
assert.equal(err.message, '[[error:invalid-event, user.gdpr.__proto__.constructor.toString]]');
done();
});
});
it('should return error for unknown event', (done) => {
io.emit('constructor.toString', (err) => {
assert(err);
assert.equal(err.message, '[[error:invalid-event, constructor.toString]]');
done();
});
});
it('should get installed themes', (done) => {
const themes = ['nodebb-theme-lavender', 'nodebb-theme-persona', 'nodebb-theme-vanilla'];
io.emit('admin.themes.getInstalled', (err, data) => {