From 7643f114089b65665b96707657c318db9048bf32 Mon Sep 17 00:00:00 2001 From: Carles Capell <107924659+CarlesDD@users.noreply.github.com> Date: Fri, 22 Mar 2024 07:38:56 +0100 Subject: [PATCH] Fix NewExternalString length (#99) --- src/tainted/string_resource.cc | 3 ++- test/js/new_tainted_string.spec.js | 12 ++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/src/tainted/string_resource.cc b/src/tainted/string_resource.cc index c4bac7d..1e8a2bc 100644 --- a/src/tainted/string_resource.cc +++ b/src/tainted/string_resource.cc @@ -24,7 +24,8 @@ void StringResource::CopyCharArrToUint16Arr(const char* charArr, uint16_t* resul v8::Local NewExternalString(v8::Isolate* isolate, v8::Local obj) { v8::String::Utf8Value originalStringValue(isolate, obj); const char* originalCharArr = *originalStringValue; - auto resource = new StringResource(originalCharArr, originalStringValue.length()); + int length = v8::Local::Cast(obj)->Length(); + auto resource = new StringResource(originalCharArr, length); return v8::String::NewExternalTwoByte(isolate, resource).ToLocalChecked(); } } // namespace tainted diff --git a/test/js/new_tainted_string.spec.js b/test/js/new_tainted_string.spec.js index 11fb656..6d01689 100644 --- a/test/js/new_tainted_string.spec.js +++ b/test/js/new_tainted_string.spec.js @@ -167,4 +167,16 @@ describe('Taint strings', function () { assert.strictEqual(true, TaintedUtils.isTainted(id, taintedOneChar), 'Must be tainted') assert.strictEqual(false, TaintedUtils.isTainted(id, oneChar), 'Can not be tainted') }) + + describe('Taint special one char strings', function () { + const specialOneCharStrings = ['佫', 'ü', 'ô', 'é', 'à'] + + specialOneCharStrings.forEach((testStr) => { + it(`Taint ${testStr}`, function () { + const taintedStr = TaintedUtils.newTaintedString(id, testStr, 'param', 'request') + assert.strictEqual(true, TaintedUtils.isTainted(id, taintedStr), 'Must be tainted') + assert.strictEqual(testStr, taintedStr, 'Strings must be equal') + }) + }) + }) })