Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit ee38d2c

Browse filesBrowse files
aduh95aduh95
committed
stream: refactor duplexify to be less suceptible to prototype pollution
PR-URL: #62559 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Jordan Harband <ljharb@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
1 parent 717d9a7 commit ee38d2c
Copy full SHA for ee38d2c

1 file changed

+8-8Lines changed: 8 additions & 8 deletions

File tree

Expand file treeCollapse file tree
Open diff view settings
Filter options
Expand file treeCollapse file tree
Open diff view settings
Collapse file

‎lib/internal/streams/duplexify.js‎

Copy file name to clipboardExpand all lines: lib/internal/streams/duplexify.js
+8-8Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -63,23 +63,23 @@ module.exports = function duplexify(body, name) {
6363
}
6464

6565
if (isReadableNodeStream(body)) {
66-
return _duplexify({ readable: body });
66+
return _duplexify({ __proto__: null, readable: body });
6767
}
6868

6969
if (isWritableNodeStream(body)) {
70-
return _duplexify({ writable: body });
70+
return _duplexify({ __proto__: null, writable: body });
7171
}
7272

7373
if (isNodeStream(body)) {
74-
return _duplexify({ writable: false, readable: false });
74+
return _duplexify({ __proto__: null, writable: false, readable: false });
7575
}
7676

7777
if (isReadableStream(body)) {
78-
return _duplexify({ readable: Readable.fromWeb(body) });
78+
return _duplexify({ __proto__: null, readable: Readable.fromWeb(body) });
7979
}
8080

8181
if (isWritableStream(body)) {
82-
return _duplexify({ writable: Writable.fromWeb(body) });
82+
return _duplexify({ __proto__: null, writable: Writable.fromWeb(body) });
8383
}
8484

8585
if (typeof body === 'function') {
@@ -173,7 +173,7 @@ module.exports = function duplexify(body, name) {
173173
duplexify(body.writable) :
174174
undefined;
175175

176-
return _duplexify({ readable, writable });
176+
return _duplexify({ __proto__: null, readable, writable });
177177
}
178178

179179
const then = body?.then;
@@ -231,12 +231,12 @@ function fromAsyncGen(fn) {
231231
write(chunk, encoding, cb) {
232232
const _resolve = resolve;
233233
resolve = null;
234-
_resolve({ chunk, done: false, cb });
234+
_resolve({ __proto__: null, chunk, done: false, cb });
235235
},
236236
final(cb) {
237237
const _resolve = resolve;
238238
resolve = null;
239-
_resolve({ done: true, cb });
239+
_resolve({ __proto__: null, done: true, cb });
240240
},
241241
destroy(err, cb) {
242242
ac.abort();

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.