msgpackr 1.10.0 → 1.10.2

package/dist/test.js

@@ -910,7 +910,7 @@
 				return readFixedString(length)
 		} else { // not cacheable, go back and do a standard read
 			position$1--;
-			return read().toString()
+			return asSafeString(read())
 		}
 		let key = ((length << 5) ^ (length > 1 ? dataView.getUint16(position$1) : length > 0 ? src[position$1] : 0)) & 0xfff;
 		let entry = keyCache[key];
@@ -962,9 +962,17 @@
 		return entry.string = readFixedString(length)
 	}
 
+	function asSafeString(property) {
+		// protect against expensive (DoS) string conversions
+		if (typeof property === 'string') return property;
+		if (typeof property === 'number' || typeof property === 'boolean' || typeof property === 'bigint') return property.toString();
+		if (property == null) return property + '';
+		throw new Error('Invalid property type for record', typeof property);
+	}
 	// the registration of the record definition extension (as "r")
 	const recordDefinition = (id, highByte) => {
-		let structure = read().map(property => property.toString()); // ensure that all keys are strings and that the array is mutable
+		let structure = read().map(asSafeString); // ensure that all keys are strings and
+		// that the array is mutable
 		let firstByte = id;
 		if (highByte !== undefined) {
 			id = id < 32 ? -((highByte << 5) + id) : ((highByte << 5) + id);
@@ -998,11 +1006,12 @@
 	let errors = { Error, TypeError, ReferenceError };
 	currentExtensions[0x65] = () => {
 		let data = read();
-		return (errors[data[0]] || Error)(data[1])
+		return (errors[data[0]] || Error)(data[1], { cause: data[2] })
 	};
 
 	currentExtensions[0x69] = (data) => {
 		// id extension (for structured clones)
+		if (currentUnpackr.structuredClone === false) throw new Error('Structured clone extension is disabled')
 		let id = dataView.getUint32(position$1 - 4);
 		if (!referenceMap)
 			referenceMap = new Map();
@@ -1026,6 +1035,7 @@
 
 	currentExtensions[0x70] = (data) => {
 		// pointer extension (for structured clones)
+		if (currentUnpackr.structuredClone === false) throw new Error('Structured clone extension is disabled')
 		let id = dataView.getUint32(position$1 - 4);
 		let refEntry = referenceMap.get(id);
 		refEntry.used = true;
@@ -1040,8 +1050,15 @@
 	currentExtensions[0x74] = (data) => {
 		let typeCode = data[0];
 		let typedArrayName = typedArrays[typeCode];
-		if (!typedArrayName)
+		if (!typedArrayName) {
+			if (typeCode === 16) {
+				let ab = new ArrayBuffer(data.length - 1);
+				let u8 = new Uint8Array(ab);
+				u8.set(data.subarray(1));
+				return ab;
+			}
 			throw new Error('Could not find typed array for code ' + typeCode)
+		}
 		// we have to always slice/copy here to get a new ArrayBuffer that is word/byte aligned
 		return new glbl[typedArrayName](Uint8Array.prototype.slice.call(data, 1).buffer)
 	};
@@ -1347,10 +1364,14 @@
 									return packr.pack(value, encodeOptions)
 								}
 								packr.lastNamedStructuresLength = sharedLength;
+								// don't keep large buffers around
+								if (target.length > 0x40000000) target = null;
 								return returnBuffer
 							}
 						}
 					}
+					// don't keep large buffers around, they take too much memory and cause problems (limit at 1GB)
+					if (target.length > 0x40000000) target = null;
 					if (encodeOptions & RESET_BUFFER_MODE)
 						position = start;
 				}
@@ -1573,7 +1594,7 @@
 						}
 						let constructor = value.constructor;
 						if (constructor === Object) {
-							writeObject(value, true);
+							writeObject(value);
 						} else if (constructor === Array) {
 							packArray(value);
 						} else if (constructor === Map) {
@@ -1669,8 +1690,8 @@
 								if (type === 'function')
 									return pack(this.writeFunction && this.writeFunction(value));
 								
-								// no extension found, write as object
-								writeObject(value, !value.hasOwnProperty); // if it doesn't have hasOwnProperty, don't do hasOwnProperty checks
+								// no extension found, write as plain object
+								writeObject(value);
 							}
 						}
 					}
@@ -1757,13 +1778,13 @@
 					}
 				}
 			} :
-			(object, safePrototype) => {
+			(object) => {
 				target[position++] = 0xde; // always using map 16, so we can preallocate and set the length afterwards
 				let objectOffset = position - start;
 				position += 2;
 				let size = 0;
 				for (let key in object) {
-					if (safePrototype || object.hasOwnProperty(key)) {
+					if (typeof object.hasOwnProperty !== 'function' || object.hasOwnProperty(key)) {
 						pack(key);
 						pack(object[key]);
 						size++;
@@ -1775,12 +1796,12 @@
 
 			const writeRecord = this.useRecords === false ? writePlainObject :
 			(options.progressiveRecords && !useTwoByteRecords) ?  // this is about 2% faster for highly stable structures, since it only requires one for-in loop (but much more expensive when new structure needs to be written)
-			(object, safePrototype) => {
+			(object) => {
 				let nextTransition, transition = structures.transitions || (structures.transitions = Object.create(null));
 				let objectOffset = position++ - start;
 				let wroteKeys;
 				for (let key in object) {
-					if (safePrototype || object.hasOwnProperty(key)) {
+					if (typeof object.hasOwnProperty !== 'function' || object.hasOwnProperty(key)) {
 						nextTransition = transition[key];
 						if (nextTransition)
 							transition = nextTransition;
@@ -1819,10 +1840,10 @@
 						insertNewRecord(transition, Object.keys(object), objectOffset, 0);
 				}
 			} :
-			(object, safePrototype) => {
+			(object) => {
 				let nextTransition, transition = structures.transitions || (structures.transitions = Object.create(null));
 				let newTransitions = 0;
-				for (let key in object) if (safePrototype || object.hasOwnProperty(key)) {
+				for (let key in object) if (typeof object.hasOwnProperty !== 'function' || object.hasOwnProperty(key)) {
 					nextTransition = transition[key];
 					if (!nextTransition) {
 						nextTransition = transition[key] = Object.create(null);
@@ -1842,7 +1863,7 @@
 				}
 				// now write the values
 				for (let key in object)
-					if (safePrototype || object.hasOwnProperty(key)) {
+					if (typeof object.hasOwnProperty !== 'function' || object.hasOwnProperty(key)) {
 						pack(object[key]);
 					}
 			};
@@ -1850,8 +1871,8 @@
 			// craete reference to useRecords if useRecords is a function
 			const checkUseRecords = typeof this.useRecords == 'function' && this.useRecords;
 			
-			const writeObject = checkUseRecords ? (object, safePrototype) => {
-				checkUseRecords(object) ? writeRecord(object,safePrototype) : writePlainObject(object,safePrototype);
+			const writeObject = checkUseRecords ? (object) => {
+				checkUseRecords(object) ? writeRecord(object) : writePlainObject(object);
 			} : writeRecord;
 
 			const makeRoom = (end) => {
@@ -1956,7 +1977,7 @@
 					target[insertionOffset + start] = keysTarget[0];
 				}
 			};
-			const writeStruct = (object, safePrototype) => {
+			const writeStruct = (object) => {
 				let newPosition = writeStructSlots(object, target, start, position, structures, makeRoom, (value, newPosition, notifySharedUpdate) => {
 					if (notifySharedUpdate)
 						return hasSharedUpdate = true;
@@ -1970,7 +1991,7 @@
 					return position;
 				}, this);
 				if (newPosition === 0) // bail and go to a msgpack object
-					return writeObject(object, true);
+					return writeObject(object);
 				position = newPosition;
 			};
 		}
@@ -2048,7 +2069,7 @@
 				target[position++] = 0x65; // 'e' for error
 				target[position++] = 0;
 			}
-			pack([ error.name, error.message ]);
+			pack([ error.name, error.message, error.cause ]);
 		}
 	}, {
 		pack(regex, allocateForWrite, pack) {
@@ -2101,6 +2122,7 @@
 		}
 		target[position++] = 0x74; // "t" for typed array
 		target[position++] = type;
+		if (!typedArray.buffer) typedArray = new Uint8Array(typedArray);
 		target.set(new Uint8Array(typedArray.buffer, typedArray.byteOffset, typedArray.byteLength), position);
 	}
 	function writeBuffer(buffer, allocateForWrite) {
@@ -3703,13 +3725,35 @@
 				}
 		});
 
+		test('moreTyesp: Error with causes', function() {
+			const object = {
+				error: new Error('test'),
+				errorWithCause: new Error('test-1', { cause: new Error('test-2')}),
+			};
+			const packr = new Packr({
+				moreTypes: true,
+			});
+
+			const serialized = packr.pack(object);
+			const deserialized = packr.unpack(serialized);
+			assert.equal(deserialized.error.message, object.error.message);
+			assert.equal(deserialized.error.cause, object.error.cause);
+			assert.equal(deserialized.errorWithCause.message, object.errorWithCause.message);
+			assert.equal(deserialized.errorWithCause.cause.message, object.errorWithCause.cause.message);
+			assert.equal(deserialized.errorWithCause.cause.cause, object.errorWithCause.cause.cause);
+		});
+
 		test('structured cloning: self reference', function() {
 			let object = {
 				test: 'string',
 				children: [
 					{ name: 'child' }
-				]
+				],
+				value: new ArrayBuffer(10)
 			};
+			let u8 = new Uint8Array(object.value);
+			u8[0] = 1;
+			u8[1] = 2;
 			object.self = object;
 			object.children[1] = object;
 			object.children[2] = object.children[0];
@@ -3725,6 +3769,10 @@
 			assert.equal(deserialized.children[1], deserialized);
 			assert.equal(deserialized.children[0], deserialized.children[2]);
 			assert.equal(deserialized.children, deserialized.childrenAgain);
+			assert.equal(deserialized.value.constructor.name, 'ArrayBuffer');
+			u8 = new Uint8Array(deserialized.value);
+			assert.equal(u8[0], 1);
+			assert.equal(u8[1], 2);
 		});
 
 		test('structured cloning: types', function() {
@@ -3805,6 +3853,13 @@
 			assert.deepEqual(deserialized, data);
 		});
 
+		test('object with __proto__', function(){
+			const data = { foo: 'bar', __proto__: { isAdmin: true } };
+			var serialized = pack(data);
+			var deserialized = unpack(serialized);
+			assert.deepEqual(deserialized, { foo: 'bar' });
+		});
+
 		test('separate instances', function() {
 			const packr = new Packr({
 				structures: [['m', 'e'], ['action', 'share']]