UNPKG

mathjs/src/utils/customs.js

Version:

4.48 kBJavaScriptView Raw

1import { hasOwnProperty } from './object'
2
3/**
* Get a property of a plain object
* Throws an error in case the object is not a plain object or the
* property is not defined on the object itself
* @param {Object} object
* @param {string} prop
* @return {*} Returns the property value when safe
*/
11function getSafeProperty (object, prop) {
// only allow getting safe properties of a plain object
if (isPlainObject(object) && isSafeProperty(object, prop)) {
  return object[prop]
}
16
if (typeof object[prop] === 'function' && isSafeMethod(object, prop)) {
  throw new Error('Cannot access method "' + prop + '" as a property')
}
20
throw new Error('No access to property "' + prop + '"')
22}
23
24/**
* Set a property on a plain object.
* Throws an error in case the object is not a plain object or the
* property would override an inherited property like .constructor or .toString
* @param {Object} object
* @param {string} prop
* @param {*} value
* @return {*} Returns the value
*/
33// TODO: merge this function into access.js?
34function setSafeProperty (object, prop, value) {
// only allow setting safe properties of a plain object
if (isPlainObject(object) && isSafeProperty(object, prop)) {
  object[prop] = value
  return value
}
40
throw new Error('No access to property "' + prop + '"')
42}
43
44/**
* Test whether a property is safe to use for an object.
* For example .toString and .constructor are not safe
* @param {string} prop
* @return {boolean} Returns true when safe
*/
50function isSafeProperty (object, prop) {
if (!object || typeof object !== 'object') {
  return false
}
// SAFE: whitelisted
// e.g length
if (hasOwnProperty(safeNativeProperties, prop)) {
  return true
}
// UNSAFE: inherited from Object prototype
// e.g constructor
if (prop in Object.prototype) {
  // 'in' is used instead of hasOwnProperty for nodejs v0.10
  // which is inconsistent on root prototypes. It is safe
  // here because Object.prototype is a root object
  return false
}
// UNSAFE: inherited from Function prototype
// e.g call, apply
if (prop in Function.prototype) {
  // 'in' is used instead of hasOwnProperty for nodejs v0.10
  // which is inconsistent on root prototypes. It is safe
  // here because Function.prototype is a root object
  return false
}
return true
76}
77
78/**
* Validate whether a method is safe.
* Throws an error when that's not the case.
* @param {Object} object
* @param {string} method
*/
84// TODO: merge this function into assign.js?
85function validateSafeMethod (object, method) {
if (!isSafeMethod(object, method)) {
  throw new Error('No access to method "' + method + '"')
}
89}
90
91/**
* Check whether a method is safe.
* Throws an error when that's not the case (for example for `constructor`).
* @param {Object} object
* @param {string} method
* @return {boolean} Returns true when safe, false otherwise
*/
98function isSafeMethod (object, method) {
if (!object || typeof object[method] !== 'function') {
  return false
}
// UNSAFE: ghosted
// e.g overridden toString
// Note that IE10 doesn't support __proto__ and we can't do this check there.
if (hasOwnProperty(object, method) &&
    (Object.getPrototypeOf && (method in Object.getPrototypeOf(object)))) {
  return false
}
// SAFE: whitelisted
// e.g toString
if (hasOwnProperty(safeNativeMethods, method)) {
  return true
}
// UNSAFE: inherited from Object prototype
// e.g constructor
if (method in Object.prototype) {
  // 'in' is used instead of hasOwnProperty for nodejs v0.10
  // which is inconsistent on root prototypes. It is safe
  // here because Object.prototype is a root object
  return false
}
// UNSAFE: inherited from Function prototype
// e.g call, apply
if (method in Function.prototype) {
  // 'in' is used instead of hasOwnProperty for nodejs v0.10
  // which is inconsistent on root prototypes. It is safe
  // here because Function.prototype is a root object
  return false
}
return true
131}
132
133function isPlainObject (object) {
return typeof object === 'object' && object && object.constructor === Object
135}
136
137const safeNativeProperties = {
length: true,
name: true
140}
141
142const safeNativeMethods = {
toString: true,
valueOf: true,
toLocaleString: true
146}
147
148export { getSafeProperty }
149export { setSafeProperty }
150export { isSafeProperty }
151export { validateSafeMethod }
152export { isSafeMethod }
153export { isPlainObject }

1	`import { hasOwnProperty } from './object'`
2
3	`/**`
4	`* Get a property of a plain object`
5	`* Throws an error in case the object is not a plain object or the`
6	`* property is not defined on the object itself`
7	`* @param {Object} object`
8	`* @param {string} prop`
9	`* @return {*} Returns the property value when safe`
10	`*/`
11	`function getSafeProperty (object, prop) {`
12	`// only allow getting safe properties of a plain object`
13	`if (isPlainObject(object) && isSafeProperty(object, prop)) {`
14	`return object[prop]`
15	`}`
16
17	`if (typeof object[prop] === 'function' && isSafeMethod(object, prop)) {`
18	`throw new Error('Cannot access method "' + prop + '" as a property')`
19	`}`
20
21	`throw new Error('No access to property "' + prop + '"')`
22	`}`
23
24	`/**`
25	`* Set a property on a plain object.`
26	`* Throws an error in case the object is not a plain object or the`
27	`* property would override an inherited property like .constructor or .toString`
28	`* @param {Object} object`
29	`* @param {string} prop`
30	`* @param {*} value`
31	`* @return {*} Returns the value`
32	`*/`
33	`// TODO: merge this function into access.js?`
34	`function setSafeProperty (object, prop, value) {`
35	`// only allow setting safe properties of a plain object`
36	`if (isPlainObject(object) && isSafeProperty(object, prop)) {`
37	`object[prop] = value`
38	`return value`
39	`}`
40
41	`throw new Error('No access to property "' + prop + '"')`
42	`}`
43
44	`/**`
45	`* Test whether a property is safe to use for an object.`
46	`* For example .toString and .constructor are not safe`
47	`* @param {string} prop`
48	`* @return {boolean} Returns true when safe`
49	`*/`
50	`function isSafeProperty (object, prop) {`
51	`if (!object \|\| typeof object !== 'object') {`
52	`return false`
53	`}`
54	`// SAFE: whitelisted`
55	`// e.g length`
56	`if (hasOwnProperty(safeNativeProperties, prop)) {`
57	`return true`
58	`}`
59	`// UNSAFE: inherited from Object prototype`
60	`// e.g constructor`
61	`if (prop in Object.prototype) {`
62	`// 'in' is used instead of hasOwnProperty for nodejs v0.10`
63	`// which is inconsistent on root prototypes. It is safe`
64	`// here because Object.prototype is a root object`
65	`return false`
66	`}`
67	`// UNSAFE: inherited from Function prototype`
68	`// e.g call, apply`
69	`if (prop in Function.prototype) {`
70	`// 'in' is used instead of hasOwnProperty for nodejs v0.10`
71	`// which is inconsistent on root prototypes. It is safe`
72	`// here because Function.prototype is a root object`
73	`return false`
74	`}`
75	`return true`
76	`}`
77
78	`/**`
79	`* Validate whether a method is safe.`
80	`* Throws an error when that's not the case.`
81	`* @param {Object} object`
82	`* @param {string} method`
83	`*/`
84	`// TODO: merge this function into assign.js?`
85	`function validateSafeMethod (object, method) {`
86	`if (!isSafeMethod(object, method)) {`
87	`throw new Error('No access to method "' + method + '"')`
88	`}`
89	`}`
90
91	`/**`
92	`* Check whether a method is safe.`
93	* Throws an error when that's not the case (for example for `constructor`).
94	`* @param {Object} object`
95	`* @param {string} method`
96	`* @return {boolean} Returns true when safe, false otherwise`
97	`*/`
98	`function isSafeMethod (object, method) {`
99	`if (!object \|\| typeof object[method] !== 'function') {`
100	`return false`
101	`}`
102	`// UNSAFE: ghosted`
103	`// e.g overridden toString`
104	`// Note that IE10 doesn't support __proto__ and we can't do this check there.`
105	`if (hasOwnProperty(object, method) &&`
106	`(Object.getPrototypeOf && (method in Object.getPrototypeOf(object)))) {`
107	`return false`
108	`}`
109	`// SAFE: whitelisted`
110	`// e.g toString`
111	`if (hasOwnProperty(safeNativeMethods, method)) {`
112	`return true`
113	`}`
114	`// UNSAFE: inherited from Object prototype`
115	`// e.g constructor`
116	`if (method in Object.prototype) {`
117	`// 'in' is used instead of hasOwnProperty for nodejs v0.10`
118	`// which is inconsistent on root prototypes. It is safe`
119	`// here because Object.prototype is a root object`
120	`return false`
121	`}`
122	`// UNSAFE: inherited from Function prototype`
123	`// e.g call, apply`
124	`if (method in Function.prototype) {`
125	`// 'in' is used instead of hasOwnProperty for nodejs v0.10`
126	`// which is inconsistent on root prototypes. It is safe`
127	`// here because Function.prototype is a root object`
128	`return false`
129	`}`
130	`return true`
131	`}`
132
133	`function isPlainObject (object) {`
134	`return typeof object === 'object' && object && object.constructor === Object`
135	`}`
136
137	`const safeNativeProperties = {`
138	`length: true,`
139	`name: true`
140	`}`
141
142	`const safeNativeMethods = {`
143	`toString: true,`
144	`valueOf: true,`
145	`toLocaleString: true`
146	`}`
147
148	`export { getSafeProperty }`
149	`export { setSafeProperty }`
150	`export { isSafeProperty }`
151	`export { validateSafeMethod }`
152	`export { isSafeMethod }`
153	`export { isPlainObject }`