utils.test.js 4.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162
  1. 'use strict';
  2. var Buffer = require('safe-buffer').Buffer;
  3. var utils = require('../lib/utils');
  4. var assert = require('assert');
  5. var debug = require('debug');
  6. var mongo;
  7. try {
  8. mongo = new require('mongodb');
  9. } catch (e) {
  10. debug('mongo', 'cannot construct mongodb instance');
  11. }
  12. describe('lib/utils', function() {
  13. describe('clone', function() {
  14. it('clones constructors named ObjectId', function(done) {
  15. function ObjectId(id) {
  16. this.id = id;
  17. }
  18. var o1 = new ObjectId('1234');
  19. var o2 = utils.clone(o1);
  20. assert.ok(o2 instanceof ObjectId);
  21. done();
  22. });
  23. it('clones constructors named ObjectID', function(done) {
  24. function ObjectID(id) {
  25. this.id = id;
  26. }
  27. var o1 = new ObjectID('1234');
  28. var o2 = utils.clone(o1);
  29. assert.ok(o2 instanceof ObjectID);
  30. done();
  31. });
  32. it('does not clone constructors named ObjectIdd', function(done) {
  33. function ObjectIdd(id) {
  34. this.id = id;
  35. }
  36. var o1 = new ObjectIdd('1234');
  37. var o2 = utils.clone(o1);
  38. assert.ok(!(o2 instanceof ObjectIdd));
  39. done();
  40. });
  41. it('optionally clones ObjectId constructors using its clone method', function(done) {
  42. function ObjectID(id) {
  43. this.id = id;
  44. this.cloned = false;
  45. }
  46. ObjectID.prototype.clone = function() {
  47. var ret = new ObjectID(this.id);
  48. ret.cloned = true;
  49. return ret;
  50. };
  51. var id = 1234;
  52. var o1 = new ObjectID(id);
  53. assert.equal(id, o1.id);
  54. assert.equal(false, o1.cloned);
  55. var o2 = utils.clone(o1);
  56. assert.ok(o2 instanceof ObjectID);
  57. assert.equal(id, o2.id);
  58. assert.ok(o2.cloned);
  59. done();
  60. });
  61. it('clones mongodb.ReadPreferences', function(done) {
  62. if (!mongo) return done();
  63. var tags = [
  64. {dc: 'tag1'}
  65. ];
  66. var prefs = [
  67. new mongo.ReadPreference('primary'),
  68. new mongo.ReadPreference(mongo.ReadPreference.PRIMARY_PREFERRED),
  69. new mongo.ReadPreference('secondary', tags)
  70. ];
  71. var prefsCloned = utils.clone(prefs);
  72. for (var i = 0; i < prefsCloned.length; i++) {
  73. assert.notEqual(prefs[i], prefsCloned[i]);
  74. if (prefs[i].tags) {
  75. assert.ok(prefsCloned[i].tags);
  76. assert.notEqual(prefs[i].tags, prefsCloned[i].tags);
  77. assert.notEqual(prefs[i].tags[0], prefsCloned[i].tags[0]);
  78. } else {
  79. assert.equal(prefsCloned[i].tags, null);
  80. }
  81. }
  82. done();
  83. });
  84. it('clones mongodb.Binary', function(done) {
  85. if (!mongo) return done();
  86. var buf = Buffer.from('hi');
  87. var binary = new mongo.Binary(buf, 2);
  88. var clone = utils.clone(binary);
  89. assert.equal(binary.sub_type, clone.sub_type);
  90. assert.equal(String(binary.buffer), String(buf));
  91. assert.ok(binary !== clone);
  92. done();
  93. });
  94. it('handles objects with no constructor', function(done) {
  95. var name = '335';
  96. var o = Object.create(null);
  97. o.name = name;
  98. var clone;
  99. assert.doesNotThrow(function() {
  100. clone = utils.clone(o);
  101. });
  102. assert.equal(name, clone.name);
  103. assert.ok(o != clone);
  104. done();
  105. });
  106. it('handles buffers', function(done) {
  107. var buff = Buffer.alloc(10);
  108. buff.fill(1);
  109. var clone = utils.clone(buff);
  110. for (var i = 0; i < buff.length; i++) {
  111. assert.equal(buff[i], clone[i]);
  112. }
  113. done();
  114. });
  115. it('skips __proto__', function() {
  116. var payload = JSON.parse('{"__proto__": {"polluted": "vulnerable"}}');
  117. var res = utils.clone(payload);
  118. assert.strictEqual({}.polluted, void 0);
  119. assert.strictEqual(res.__proto__, Object.prototype);
  120. });
  121. });
  122. describe('merge', function() {
  123. it('avoids prototype pollution', function() {
  124. var payload = JSON.parse('{"__proto__": {"polluted": "vulnerable"}}');
  125. var obj = {};
  126. utils.merge(obj, payload);
  127. assert.strictEqual({}.polluted, void 0);
  128. });
  129. });
  130. });