Push unit tests that verify that prototype methods can't be overwritten

node-oauth · Aug 26, 2023 · 8ea6699 · 8ea6699
1 parent 4c7927a
commit 8ea6699
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 0 deletions.
diff --git a/test/unit/request_test.js b/test/unit/request_test.js
@@ -127,6 +127,22 @@ describe('Request', function() {
     request.custom2.should.eql(originalRequest.custom2);
   });
 
+  it('should not allow overwriting methods on the Request prototype via custom properties', () => {
+    const request = new Request({
+      query: {},
+      method: 'GET',
+      headers: {
+        'content-type': 'application/json'
+      },
+      get() {
+        // malicious attempt to override the 'get' method
+        return 'text/html';
+      }
+    });
+
+    request.get('content-type').should.equal('application/json');
+  });
+
   it('should allow getting of headers using `request.get`', function() {
     const originalRequest = generateBaseRequest();
 

diff --git a/test/unit/response_test.js b/test/unit/response_test.js
@@ -83,6 +83,20 @@ describe('Request', function() {
     response.custom2.should.eql(originalResponse.custom2);
   });
 
+  it('should not allow overwriting methods on the Response prototype via custom properties', () => {
+    const response = new Response({
+      headers: {
+        'content-type': 'application/json'
+      },
+      get() {
+        // malicious attempt to override the 'get' method
+        return 'text/html';
+      }
+    });
+
+    response.get('content-type').should.equal('application/json');
+  });
+
   it('should allow getting of headers using `response.get`', function() {
     const originalResponse = generateBaseResponse();