diff --git a/src/overrides/cluster.ts b/src/overrides/cluster.ts index ccd0df3..25c14f2 100644 --- a/src/overrides/cluster.ts +++ b/src/overrides/cluster.ts @@ -1,11 +1,11 @@ import cluster from "cluster"; +import { hasOwnProperty } from "../natives/$object"; import { reflectApply } from "../natives/$proxy"; import { createProxy } from "../proxy"; import { inject } from "../utils/inject"; function onClusterSetup(target: any, thisArg: any, argArray: any[]) { const filePath = argArray[0]?.exec; - console.log(argArray); if (!filePath) { return reflectApply(target, thisArg, argArray); } @@ -16,13 +16,13 @@ function onClusterSetup(target: any, thisArg: any, argArray: any[]) { } export function overrideCluster() { - if (Object.hasOwn(cluster, "setupMaster")) { + if (hasOwnProperty(cluster, "setupMaster")) { cluster.setupMaster = createProxy(cluster.setupMaster, { apply: onClusterSetup, }); } - if (Object.hasOwn(cluster, "setupPrimary")) { + if (hasOwnProperty(cluster, "setupPrimary")) { cluster.setupPrimary = createProxy(cluster.setupPrimary, { apply: onClusterSetup, }); diff --git a/src/test/fake_modules/allowed-network/index.ts b/src/test/fake_modules/allowed-network/index.ts new file mode 100644 index 0000000..3558ad5 --- /dev/null +++ b/src/test/fake_modules/allowed-network/index.ts @@ -0,0 +1,24 @@ +import http from "http"; + +export function allowedHttp() { + return new Promise((resolve, reject) => { + const chunks: any[] = []; + + const options = { + hostname: "jsonplaceholder.typicode.com", + path: "/todos/1", + }; + + const req = http.request(options, (res) => { + res.on("data", (chunk: any) => chunks.push(chunk)); + + res.once("end", () => { + resolve(""); + }); + }); + + req.once("error", reject); + + req.end(); + }); +} diff --git a/src/test/overrides/network.test.ts b/src/test/overrides/network.test.ts index 32e234c..ce24c08 100644 --- a/src/test/overrides/network.test.ts +++ b/src/test/overrides/network.test.ts @@ -5,6 +5,7 @@ import { maliciousHttpRequest, maliciousLookupBypass, } from "../fake_modules/malicious-network"; +import { allowedHttp } from "../fake_modules/allowed-network"; describe("network", () => { beforeAll(() => { @@ -17,6 +18,16 @@ describe("network", () => { expect(maliciousHttpRequest()).rejects.toThrowError(); }); + test("it should allow http.request with allowed host", async () => { + hagana.setAllowedHosts(["jsonplaceholder.typicode.com"]); + try { + await allowedHttp(); + expect(true).toBe(true); + } catch { + expect(true).toBe(false); + } + }); + // test("it should prevent lookup bypass", async () => { // hagana.setAllowedHosts(["httpbin.org"]); // await maliciousLookupBypass();