feat: Respect disablePrototypePoisoningProtection option (#99)

Co-authored-by: Josh Mock <[email protected]>

Author: elasticmachine

src/client.ts

@@ -215,7 +215,21 @@ export default class Client extends API {
       this.diagnostic = opts[kChild].diagnostic
     } else {
       this.diagnostic = new Diagnostic()
-      this.serializer = new options.Serializer()
+
+      let serializerOptions
+      if (opts.disablePrototypePoisoningProtection != null) {
+        if (typeof opts.disablePrototypePoisoningProtection === 'boolean') {
+          serializerOptions = {
+            enablePrototypePoisoningProtection: !opts.disablePrototypePoisoningProtection
+          }
+        } else {
+          serializerOptions = {
+            enablePrototypePoisoningProtection: opts.disablePrototypePoisoningProtection
+          }
+        }
+      }
+      this.serializer = new options.Serializer(serializerOptions)
+
       this.connectionPool = new options.ConnectionPool({
         pingTimeout: options.pingTimeout,
         resurrectStrategy: options.resurrectStrategy,

test/unit/client.test.ts

@@ -504,3 +504,49 @@ test('Ensure new client does not time out at default (30s) when client sets requ
     t.end()
   }
 })
+
+test('Pass disablePrototypePoisoningProtection option to serializer', async t => {
+  let client = new Client({
+    node: 'http://localhost:9200',
+    disablePrototypePoisoningProtection: false
+  })
+  t.same(client.serializer[symbols.kJsonOptions], {
+    protoAction: 'error',
+    constructorAction: 'error'
+  })
+
+  client = new Client({
+    node: 'http://localhost:9200',
+    disablePrototypePoisoningProtection: true
+  })
+  t.same(client.serializer[symbols.kJsonOptions], {
+    protoAction: 'ignore',
+    constructorAction: 'ignore'
+  })
+
+  client = new Client({
+    node: 'http://localhost:9200',
+    disablePrototypePoisoningProtection: 'proto'
+  })
+  t.same(client.serializer[symbols.kJsonOptions], {
+    protoAction: 'error',
+    constructorAction: 'ignore'
+  })
+
+  client = new Client({
+    node: 'http://localhost:9200',
+    disablePrototypePoisoningProtection: 'constructor'
+  })
+  t.same(client.serializer[symbols.kJsonOptions], {
+    protoAction: 'ignore',
+    constructorAction: 'error'
+  })
+})
+
+test('disablePrototypePoisoningProtection is true by default', async t => {
+  const client = new Client({ node: 'http://localhost:9200' })
+  t.same(client.serializer[symbols.kJsonOptions], {
+    protoAction: 'ignore',
+    constructorAction: 'ignore'
+  })
+})