Skip to content

Commit 211583a

Browse files
rmi22186rmi22186
committed
Add additional tests, add assertions to resolve linting issues
1 parent 7c76808 commit 211583a

File tree

1 file changed

+55
-0
lines changed

1 file changed

+55
-0
lines changed

test/jest/helpers-prototype-pollution.spec.ts

Lines changed: 55 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,7 @@ describe('Helpers - Prototype Pollution Protection', () => {
3838
const malicious = JSON.parse('{"__proto__": {"isAdmin": true}}');
3939
const result = helpers.extend({}, malicious);
4040

41+
expect(typeof result).toBe('object');
4142
const testObj = {};
4243
expect((testObj as any).isAdmin).toBeUndefined();
4344
expect((Object.prototype as any).isAdmin).toBeUndefined();
@@ -47,6 +48,7 @@ describe('Helpers - Prototype Pollution Protection', () => {
4748
const malicious = JSON.parse('{"__proto__": {"polluted": "yes"}}');
4849
const result = helpers.extend(true, {}, malicious);
4950

51+
expect(typeof result).toBe('object');
5052
const testObj = {};
5153
expect((testObj as any).polluted).toBeUndefined();
5254
expect((Object.prototype as any).polluted).toBeUndefined();
@@ -56,6 +58,7 @@ describe('Helpers - Prototype Pollution Protection', () => {
5658
const malicious = JSON.parse('{"constructor": {"polluted": "constructor"}}');
5759
const result = helpers.extend({}, malicious);
5860

61+
expect(typeof result).toBe('object');
5962
const testObj = {};
6063
expect((testObj as any).polluted).toBeUndefined();
6164
});
@@ -64,6 +67,7 @@ describe('Helpers - Prototype Pollution Protection', () => {
6467
const malicious = JSON.parse('{"prototype": {"polluted": "prototype"}}');
6568
const result = helpers.extend({}, malicious);
6669

70+
expect(typeof result).toBe('object');
6771
const testObj = {};
6872
expect((testObj as any).polluted).toBeUndefined();
6973
});
@@ -142,6 +146,56 @@ describe('Helpers - Prototype Pollution Protection', () => {
142146
expect(result.items).toEqual([1, 2, 3]);
143147
expect(result.nested.arr).toEqual(['a', 'b']);
144148
});
149+
150+
it('should handle objects with null prototype (Object.create(null))', () => {
151+
const nullProtoObj = Object.create(null);
152+
nullProtoObj.name = 'test';
153+
nullProtoObj.value = 42;
154+
155+
const result = helpers.extend({}, nullProtoObj);
156+
157+
expect(result.name).toBe('test');
158+
expect(result.value).toBe(42);
159+
});
160+
161+
it('should handle objects with null prototype in deep merge', () => {
162+
const nullProtoObj = Object.create(null);
163+
nullProtoObj.nested = Object.create(null);
164+
nullProtoObj.nested.deep = 'value';
165+
166+
const result = helpers.extend(true, {}, nullProtoObj);
167+
168+
expect(result.nested.deep).toBe('value');
169+
});
170+
171+
it('should handle null/undefined source arguments gracefully', () => {
172+
const obj1 = { a: 1 };
173+
const obj2 = { b: 2 };
174+
175+
const result = helpers.extend({}, obj1, null, obj2, undefined);
176+
177+
expect(result.a).toBe(1);
178+
expect(result.b).toBe(2);
179+
});
180+
181+
it('should handle null/undefined source arguments in deep merge', () => {
182+
const obj1 = { a: { nested: 1 } };
183+
const obj2 = { b: { nested: 2 } };
184+
185+
const result = helpers.extend(true, {}, obj1, null, obj2, undefined);
186+
187+
expect(result.a.nested).toBe(1);
188+
expect(result.b.nested).toBe(2);
189+
});
190+
191+
it('should handle all null/undefined sources', () => {
192+
const target = { existing: 'value' };
193+
194+
const result = helpers.extend(target, null, undefined, null);
195+
196+
expect(result.existing).toBe('value');
197+
expect(result).toBe(target);
198+
});
145199
});
146200

147201
describe('Real-world attack scenarios', () => {
@@ -168,6 +222,7 @@ describe('Helpers - Prototype Pollution Protection', () => {
168222

169223
const result = helpers.extend(true, {}, malicious);
170224

225+
expect(typeof result).toBe('object');
171226
const testObj = {};
172227
expect((testObj as any).polluted).toBeUndefined();
173228
});

0 commit comments

Comments
 (0)