Skip to content

Commit

Permalink
fix: prototype pollution vulnerability
Browse files Browse the repository at this point in the history
  • Loading branch information
@khalby786
khalby786 committed Mar 12, 2021
1 parent f15abc9 commit 8d17ef7
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 6 deletions.
2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "jsoning",
"version": "0.8.18",
"version": "0.9.18",
"description": "A simple key-value JSON-based persistent lightweight database.",
"main": "src/index.js",
"scripts": {
Expand Down
10 changes: 5 additions & 5 deletions src/jsoning.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,7 @@ class Jsoning {
let db = JSON.parse(
fs.readFileSync(resolve(__dirname, this.database), "utf-8")
);
if (db.hasOwnProperty(key)) {
if (Object.prototype.hasOwnProperty.call(db, key)) {
try {
const removeProp = key;
const { [removeProp]: remove, ...rest } = db;
Expand Down Expand Up @@ -165,7 +165,7 @@ class Jsoning {

let db = fs.readFileSync(resolve(__dirname, this.database), "utf-8");
db = JSON.parse(db);
if (db[key]) {
if (Object.prototype.hasOwnProperty.call(db, key)) {
let data = db[key];
return data;
} else {
Expand Down Expand Up @@ -245,7 +245,7 @@ class Jsoning {
let db = JSON.parse(
fs.readFileSync(resolve(__dirname, this.database), "utf-8")
);
if (db[key]) {
if (Object.prototype.hasOwnProperty.call(db, key)) {
// key exists
let value = db[key];
if (typeof value !== "number" || value === "") {
Expand Down Expand Up @@ -318,7 +318,7 @@ class Jsoning {
let db = fs.readFileSync(resolve(__dirname, this.database), "utf-8");
db = JSON.parse(db);

if (db.hasOwnProperty(key)) {
if (Object.prototype.hasOwnProperty.call(db, key)) {
return true;
} else {
return false;
Expand All @@ -344,7 +344,7 @@ class Jsoning {
let db = fs.readFileSync(resolve(__dirname, this.database), "utf-8");
db = JSON.parse(db);

if (db.hasOwnProperty(key)) {
if (Object.prototype.hasOwnProperty.call(db, key)) {
if (!Array.isArray(db[key])) {
console.log(db);
console.log(typeof db[key]);
Expand Down

0 comments on commit 8d17ef7

Please sign in to comment.