archive/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-08-15 13:48:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

util: harden more built-in classes against prototype pollution

Browse source 
PR-URL: https://github.com/nodejs/node/pull/56225
Reviewed-By: Jordan Harband <ljharb@gmail.com>
Reviewed-By: Vinícius Lourenço Claro Cardoso <contact@viniciusl.com.br>
This commit is contained in:
Antoine du Hamel 2024-12-16 23:33:08 +01:00 committed by GitHub
parent b171afefb6
commit 80e3ef38ee
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 67 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

10
lib/buffer.js
View file

@ -35,6 +35,7 @@ const {
NumberMIN_SAFE_INTEGER,
ObjectDefineProperties,
ObjectDefineProperty,
ObjectPrototypeHasOwnProperty,
ObjectSetPrototypeOf,
RegExpPrototypeSymbolReplace,
StringPrototypeCharCodeAt,
@ -911,7 +912,14 @@ Buffer.prototype[customInspectSymbol] = function inspect(recurseTimes, ctx) {
}), 27, -2);
}
}
return `<${this.constructor.name} ${str}>`;
let constructorName = 'Buffer';
try {
const { constructor } = this;
if (typeof constructor === 'function' && ObjectPrototypeHasOwnProperty(constructor, 'name')) {
constructorName = constructor.name;
}
} catch { /* Ignore error and use default name */ }
return `<${constructorName} ${str}>`;
};
Buffer.prototype.inspect = Buffer.prototype[customInspectSymbol];