Skip to content

Commit

Permalink
fix(security): prevent binding of Function calls which may evade dete…
Browse files Browse the repository at this point in the history
…ction
  • Loading branch information
brettz9 committed Oct 17, 2024
1 parent 34a836b commit eac48fe
Show file tree
Hide file tree
Showing 11 changed files with 24 additions and 5 deletions.
4 changes: 4 additions & 0 deletions CHANGES.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
# CHANGES for jsonpath-plus

## 10.0.3

- fix(security): prevent binding of Function calls which may evade detection

## 10.0.2

- fix(security): prevent Function calls outside of member expressions
Expand Down
3 changes: 3 additions & 0 deletions dist/index-browser-esm.js
Original file line number Diff line number Diff line change
Expand Up @@ -1296,6 +1296,9 @@ const SafeEval = {
const obj = SafeEval.evalAst(ast.object, subs);
const result = obj[prop];
if (typeof result === 'function') {
if (obj === Function && prop === 'bind') {
throw new Error('Function.prototype.bind is disabled');
}
if (result === Function) {
return result; // Don't bind so can identify and throw later
}
Expand Down
2 changes: 1 addition & 1 deletion dist/index-browser-esm.min.js

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion dist/index-browser-esm.min.js.map

Large diffs are not rendered by default.

3 changes: 3 additions & 0 deletions dist/index-browser-umd.cjs
Original file line number Diff line number Diff line change
Expand Up @@ -1302,6 +1302,9 @@
const obj = SafeEval.evalAst(ast.object, subs);
const result = obj[prop];
if (typeof result === 'function') {
if (obj === Function && prop === 'bind') {
throw new Error('Function.prototype.bind is disabled');
}
if (result === Function) {
return result; // Don't bind so can identify and throw later
}
Expand Down
2 changes: 1 addition & 1 deletion dist/index-browser-umd.min.cjs

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion dist/index-browser-umd.min.cjs.map

Large diffs are not rendered by default.

3 changes: 3 additions & 0 deletions dist/index-node-cjs.cjs
Original file line number Diff line number Diff line change
Expand Up @@ -1297,6 +1297,9 @@ const SafeEval = {
const obj = SafeEval.evalAst(ast.object, subs);
const result = obj[prop];
if (typeof result === 'function') {
if (obj === Function && prop === 'bind') {
throw new Error('Function.prototype.bind is disabled');
}
if (result === Function) {
return result; // Don't bind so can identify and throw later
}
Expand Down
3 changes: 3 additions & 0 deletions dist/index-node-esm.js
Original file line number Diff line number Diff line change
Expand Up @@ -1295,6 +1295,9 @@ const SafeEval = {
const obj = SafeEval.evalAst(ast.object, subs);
const result = obj[prop];
if (typeof result === 'function') {
if (obj === Function && prop === 'bind') {
throw new Error('Function.prototype.bind is disabled');
}
if (result === Function) {
return result; // Don't bind so can identify and throw later
}
Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"author": "Stefan Goessner",
"name": "jsonpath-plus",
"version": "10.0.2",
"version": "10.0.3",
"type": "module",
"bin": {
"jsonpath": "./bin/jsonpath-cli.js",
Expand Down
3 changes: 3 additions & 0 deletions src/Safe-Script.js
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,9 @@ const SafeEval = {
const obj = SafeEval.evalAst(ast.object, subs);
const result = obj[prop];
if (typeof result === 'function') {
if (obj === Function && prop === 'bind') {
throw new Error('Function.prototype.bind is disabled');
}
if (result === Function) {
return result; // Don't bind so can identify and throw later
}
Expand Down

0 comments on commit eac48fe

Please sign in to comment.