Skip to content

Commit

Permalink
feat: add bodyParser.onProtoPoisoning type define (#5324)
Browse files Browse the repository at this point in the history
  • Loading branch information
fengmk2 authored Jun 7, 2024
1 parent 4fe8b15 commit b3582e0
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 4 deletions.
11 changes: 7 additions & 4 deletions index.d.ts
Original file line number Diff line number Diff line change
Expand Up @@ -326,10 +326,11 @@ declare module 'egg' {
* @property {String} textLimit - json body size limit, default 1mb
* @property {Boolean} strict - json body strict mode, if set strict value true, then only receive object and array json body
* @property {Number} queryString.arrayLimit - from item array length limit, default 100
* @property {Number} queryString.depth - json value deep lenght, default 5
* @property {Number} queryString.parameterLimit - paramter number limit ,default 1000
* @property {string[]} enableTypes - parser will only parse when request type hits enableTypes, default is ['json', 'form']
* @property {any} extendTypes - support extend types
* @property {Number} queryString.depth - json value deep length, default 5
* @property {Number} queryString.parameterLimit - parameter number limit, default 1000
* @property {String[]} enableTypes - parser will only parse when request type hits enableTypes, default is ['json', 'form']
* @property {Object} extendTypes - support extend types
* @property {String} onProtoPoisoning - Defines what action must take when parsing a JSON object with `__proto__`. Possible values are `'error'`, `'remove'` and `'ignore'`. Default is `'error'`, it will return `403` response when `Prototype-Poisoning` happen.
*/
bodyParser: {
enable: boolean;
Expand All @@ -351,6 +352,8 @@ declare module 'egg' {
form: string[];
text: string[];
};
/** Default is `'error'`, it will return `403` response when `Prototype-Poisoning` happen. */
onProtoPoisoning: 'error' | 'remove' | 'ignore';
};

/**
Expand Down
10 changes: 10 additions & 0 deletions test/app/middleware/body_parser.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,16 @@ describe('test/app/middleware/body_parser.test.js', () => {
.expect(400);
});

it('should 400 when POST with Prototype-Poisoning body', async () => {
app.mockCsrf();
await app.httpRequest()
.post('/test/body_parser/user')
.set('content-type', 'application/json')
.set('content-encoding', 'gzip')
.expect(/unexpected end of file, check bodyParser config/)
.expect(400);
});

it('should disable body parser', async () => {
app1 = utils.app('apps/body_parser_testapp_disable');
await app1.ready();
Expand Down

0 comments on commit b3582e0

Please sign in to comment.