Commit 8ea6699

committed

Push unit tests that verify that prototype methods can't be overwritten

1 parent 4c7927a commit 8ea6699Copy full SHA for 8ea6699

File tree

+30

-0

lines changed

+30

-0

lines changed

Lines changed: 16 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -127,6 +127,22 @@ describe('Request', function() {`
`127`	`127`	`request.custom2.should.eql(originalRequest.custom2);`
`128`	`128`	`});`
`129`	`129`
	`130`	`+ it('should not allow overwriting methods on the Request prototype via custom properties', () => {`
	`131`	`+ const request = new Request({`
	`132`	`+ query: {},`
	`133`	`+ method: 'GET',`
	`134`	`+ headers: {`
	`135`	`+ 'content-type': 'application/json'`
	`136`	`+ },`
	`137`	`+ get() {`
	`138`	`+ // malicious attempt to override the 'get' method`
	`139`	`+ return 'text/html';`
	`140`	`+ }`
	`141`	`+ });`
	`142`	`+`
	`143`	`+ request.get('content-type').should.equal('application/json');`
	`144`	`+ });`
	`145`	`+`
`130`	`146`	it('should allow getting of headers using `request.get`', function() {
`131`	`147`	`const originalRequest = generateBaseRequest();`
`132`	`148`

Lines changed: 14 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -83,6 +83,20 @@ describe('Request', function() {`
`83`	`83`	`response.custom2.should.eql(originalResponse.custom2);`
`84`	`84`	`});`
`85`	`85`
	`86`	`+ it('should not allow overwriting methods on the Response prototype via custom properties', () => {`
	`87`	`+ const response = new Response({`
	`88`	`+ headers: {`
	`89`	`+ 'content-type': 'application/json'`
	`90`	`+ },`
	`91`	`+ get() {`
	`92`	`+ // malicious attempt to override the 'get' method`
	`93`	`+ return 'text/html';`
	`94`	`+ }`
	`95`	`+ });`
	`96`	`+`
	`97`	`+ response.get('content-type').should.equal('application/json');`
	`98`	`+ });`
	`99`	`+`
`86`	`100`	it('should allow getting of headers using `response.get`', function() {
`87`	`101`	`const originalResponse = generateBaseResponse();`
`88`	`102`

Comments

(0)