0

I'm the tester of a JS api. The user will call our methods directly.

Example:

function funcWeGiveToUser(objFromUsers){
    // here we will loop over user provided object
}

The dev wrote the funcWeGiveToUser in such a way that we're blindly looping over objFromUsers, so I'm trying to prove that by blindly using the object with no validation bad things will happen.

Now I want to see if, by providing an objFromUsers that contains getters, I can somehow break the code (I've already accessed private data through this, yay!).

What I want is to make the object forever changing, so that when our API loops over it, it'll be redundant - but I'm not able to achieve that.

I tried writing such an object:

var objFromUsers = {
    get addNewOne(){
        this.counter = this.counter || 1;
        this["element"+ (this.counter++)] = "some value";
        return 2;
    }
}

But if I loop over it myself, this is the result:

for (el in objFromUsers) console.log(el+": "+objFromUsers[el]);
// addNewOne: 2
console.log(objFromUsers)
// {counter: 2, element1: "some value"}

Looping once more I indeed get the previously added element:

for (el in objFromUsers) console.log(el+": "+objFromUsers[el]);
// addNewOne: 2
// counter: 3
// element1: some value
console.log(objFromUsers)
// {counter: 3, element1: "some value", element2: "some value"}

However, I actually hoped the loop will forever see a new key, thus it'll keep iterating. Is it possible to make this kind of circular redundancy?

Adelin
  • 7,809
  • 5
  • 37
  • 65
  • You want to remove the previously added keys? – gurvinder372 Apr 04 '18 at 13:20
  • Well I was thinking to continuously add new keys, but you suggest an interesting test case. I'll think of how it applies for this API. But back to the context of this question, do you think it's possible to add new keys and at the same time loop over the new ones as well? – Adelin Apr 04 '18 at 13:21
  • Can you elaborate on *loop over the new ones as well* ? You want to increment the value of previously added properties as well? – gurvinder372 Apr 04 '18 at 13:22
  • This is an interesting questions because this **should** cause an infinite loop, yet it does not. Mozilla JS Docs state "Properties added to the object over which iteration is occurring may either be visited or omitted from iteration." – S. Walker Apr 04 '18 at 13:23
  • You may be better of by abstracting the whole idea of you managing a library out of the question and ask this: "How to create an infinite loop in JavaScript using a `for` statement" – S. Walker Apr 04 '18 at 13:25

1 Answers1

1

One example of how for..in can fail with untrusted input would be a Proxy object that does something nasty in its ownKeys trap:

evil = new Proxy({}, {
    ownKeys() {
        console.log('got ya');
        return [];
    }
});


for(x in evil) {
    console.log(x)
}
georg
  • 211,518
  • 52
  • 313
  • 390
  • I'm sorry, but what's the problem with this and how this answers OP question? – yqlim Apr 04 '18 at 14:16
  • @YongQuan: OP: "...we're blindly looping over objFromUsers, so I'm trying to prove that by blindly using the object with no validation bad things will happen" – georg Apr 04 '18 at 14:36