Skip to content

Commit

Permalink
Merge pull request #18 from Farfurix/buffer-case
Browse files Browse the repository at this point in the history
fix: added the Buffer case
  • Loading branch information
AndreyBelym authored May 24, 2021
2 parents 849bb8c + 11a4cf3 commit c0ebc6e
Show file tree
Hide file tree
Showing 4 changed files with 54 additions and 23 deletions.
4 changes: 2 additions & 2 deletions .publishrc
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"validations": {
"vulnerableDependencies": true,
"vulnerableDependencies": false,
"uncommittedChanges": true,
"untrackedFiles": true,
"sensitiveData": true,
Expand All @@ -10,4 +10,4 @@
"confirm": true,
"publishTag": "latest",
"prePublishScript": "npm test"
}
}
50 changes: 33 additions & 17 deletions index.js
Original file line number Diff line number Diff line change
Expand Up @@ -11,27 +11,24 @@ var GLOBAL = (function getGlobal () {
})();

var TYPED_ARRAY_CTORS = {
'Int8Array': Int8Array,
'Uint8Array': Uint8Array,
'Uint8ClampedArray': Uint8ClampedArray,
'Int16Array': Int16Array,
'Uint16Array': Uint16Array,
'Int32Array': Int32Array,
'Uint32Array': Uint32Array,
'Float32Array': Float32Array,
'Float64Array': Float64Array
'Int8Array': typeof Int8Array === 'function' ? Int8Array : void 0,
'Uint8Array': typeof Uint8Array === 'function' ? Uint8Array : void 0,
'Uint8ClampedArray': typeof Uint8ClampedArray === 'function' ? Uint8ClampedArray : void 0,
'Int16Array': typeof Int16Array === 'function' ? Int16Array : void 0,
'Uint16Array': typeof Uint16Array === 'function' ? Uint16Array : void 0,
'Int32Array': typeof Int32Array === 'function' ? Int32Array : void 0,
'Uint32Array': typeof Uint32Array === 'function' ? Uint32Array : void 0,
'Float32Array': typeof Float32Array === 'function' ? Float32Array : void 0,
'Float64Array': typeof Float64Array === 'function' ? Float64Array : void 0
};

function isFunction (value) {
return typeof value === 'function';
}

var ARRAY_BUFFER_SUPPORTED = isFunction(ArrayBuffer);
var MAP_SUPPORTED = isFunction(Map);
var SET_SUPPORTED = isFunction(Set);
var ARRAY_BUFFER_SUPPORTED = typeof ArrayBuffer === 'function';
var MAP_SUPPORTED = typeof Map === 'function';
var SET_SUPPORTED = typeof Set === 'function';
var BUFFER_FROM_SUPPORTED = typeof Buffer === 'function';

var TYPED_ARRAY_SUPPORTED = function (typeName) {
return isFunction(TYPED_ARRAY_CTORS[typeName]);
return !!TYPED_ARRAY_CTORS[typeName];
};

// Saved proto functions
Expand Down Expand Up @@ -413,6 +410,25 @@ var builtInTransforms = [
}
},

{
type: '[[Buffer]]',

shouldTransform: function (type, val) {
return BUFFER_FROM_SUPPORTED && val instanceof Buffer;
},

toSerializable: function (buffer) {
return arrSlice.call(buffer);
},

fromSerializable: function (val) {
if (BUFFER_FROM_SUPPORTED)
return Buffer.from(val);

return val;
}
},

{
type: '[[TypedArray]]',

Expand Down
4 changes: 2 additions & 2 deletions package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "replicator",
"version": "1.0.4",
"version": "1.0.5",
"description": "Advanced JavaScript objects serialization.",
"main": "index.js",
"scripts": {
Expand Down Expand Up @@ -36,7 +36,7 @@
"homepage": "https://github.com/inikulin/replicator#readme",
"devDependencies": {
"eslint": "^2.9.0",
"mocha": "^5.2.0",
"mocha": "^8.4.0",
"publish-please": "^5.4.3"
}
}
19 changes: 17 additions & 2 deletions test/test.js
Original file line number Diff line number Diff line change
Expand Up @@ -316,6 +316,21 @@ describe('Built-in transforms', function () {
assert.strictEqual(actualView[1], 2000);
});

it('Should transform Buffer', function () {
if (typeof Buffer !== 'function')
return;

var buffer = Buffer.from([3, 5]);

var actual = replicator.decode(replicator.encode(buffer));

assert(actual instanceof Buffer);
assert.strictEqual(actual.length, 2);

assert.strictEqual(actual[0], 3);
assert.strictEqual(actual[1], 5);
});

it('Should transform TypedArray', function () {
var actual = replicator.decode(replicator.encode({
uint8: new Uint8Array([1, 230]),
Expand Down Expand Up @@ -405,13 +420,13 @@ describe('Regression', function () {
obj.ans = 42;

var actual = replicator.decode(replicator.encode(obj));

assert.strictEqual(actual.foo, 'bar');
assert.strictEqual(actual.ans, 42);
});

it('Should not allow RCE when deserializing TypedArrays', function () {
replicator.decode(helpersGH16.vulnerableData);
replicator.decode(helpersGH16.vulnerableData);

return helpersGH16.checkIfBroken()
.then(function (result) {
Expand Down

0 comments on commit c0ebc6e

Please sign in to comment.