Inicio Explorar Ayuda
Registro Iniciar sesión
yishanyou
/
GongFuServer
3
0
Fork 0
Archivos Incidencias 0 Pull Requests 0 Wiki
Rama: wujin01
Ramas Etiquetas
GongFuServer
/
webServer
/
node_modules
/
@hapi
/
bourne
/
lib
/
index.js

index.js 1.9 KB
Permalink Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687 
  1. 'use strict';
    2. 

  2. 

  3. 

  4. const internals = {
    5. 

  5.     suspectRx: /"(?:_|\\u005[Ff])(?:_|\\u005[Ff])(?:p|\\u0070)(?:r|\\u0072)(?:o|\\u006[Ff])(?:t|\\u0074)(?:o|\\u006[Ff])(?:_|\\u005[Ff])(?:_|\\u005[Ff])"\s*\:/
    6. 

  6. };
    7. 

  7. 

  8. 

  9. exports.parse = function (text, ...args) {
    10. 

  10. 

  11.     // Normalize arguments
    12. 

  12. 

  13.     const firstOptions = typeof args[0] === 'object' && args[0];
    14. 

  14.     const reviver = args.length > 1 || !firstOptions ? args[0] : undefined;
    15. 

  15.     const options = (args.length > 1 && args[1]) || firstOptions || {};
    16. 

  16. 

  17.     // Parse normally, allowing exceptions
    18. 

  18. 

  19.     const obj = JSON.parse(text, reviver);
    20. 

  20. 

  21.     // options.protoAction: 'error' (default) / 'remove' / 'ignore'
    22. 

  22. 

  23.     if (options.protoAction === 'ignore') {
    24. 

  24.         return obj;
    25. 

  25.     }
    26. 

  26. 

  27.     // Ignore null and non-objects
    28. 

  28. 

  29.     if (!obj ||
    30. 

  30.         typeof obj !== 'object') {
    31. 

  31. 

  32.         return obj;
    33. 

  33.     }
    34. 

  34. 

  35.     // Check original string for potential exploit
    36. 

  36. 

  37.     if (!text.match(internals.suspectRx)) {
    38. 

  38.         return obj;
    39. 

  39.     }
    40. 

  40. 

  41.     // Scan result for proto keys
    42. 

  42. 

  43.     exports.scan(obj, options);
    44. 

  44. 

  45.     return obj;
    46. 

  46. };
    47. 

  47. 

  48. 

  49. exports.scan = function (obj, options = {}) {
    50. 

  50. 

  51.     let next = [obj];
    52. 

  52. 

  53.     while (next.length) {
    54. 

  54.         const nodes = next;
    55. 

  55.         next = [];
    56. 

  56. 

  57.         for (const node of nodes) {
    58. 

  58.             if (Object.prototype.hasOwnProperty.call(node, '__proto__')) {      // Avoid calling node.hasOwnProperty directly
    59. 

  59.                 if (options.protoAction !== 'remove') {
    60. 

  60.                     throw new SyntaxError('Object contains forbidden prototype property');
    61. 

  61.                 }
    62. 

  62. 

  63.                 delete node.__proto__;
    64. 

  64.             }
    65. 

  65. 

  66.             for (const key in node) {
    67. 

  67.                 const value = node[key];
    68. 

  68.                 if (value &&
    69. 

  69.                     typeof value === 'object') {
    70. 

  70. 

  71.                     next.push(node[key]);
    72. 

  72.                 }
    73. 

  73.             }
    74. 

  74.         }
    75. 

  75.     }
    76. 

  76. };
    77. 

  77. 

  78. 

  79. exports.safeParse = function (text, reviver) {
    80. 

  80. 

  81.     try {
    82. 

  82.         return exports.parse(text, reviver);
    83. 

  83.     }
    84. 

  84.     catch (ignoreError) {
    85. 

  85.         return null;
    86. 

  86.     }
    87. 

  87. };
    88.