fix: security vulnerability that allows remote code execution (ghsa p6h4 93qp jhcm) (#7841)

2022-03-12 00:19:31 +01:00
parent 318c20319a
commit 886bfd7cac
10 changed files with 452 additions and 40 deletions
--- a/resources/buildConfigDefinitions.js
+++ b/resources/buildConfigDefinitions.js
@@ -150,6 +150,20 @@ function parseDefaultValue(elt, value, t) {
    literalValue = t.arrayExpression(array.map((value) => {
      if (typeof value == 'string') {
        return t.stringLiteral(value);
+      } else if (typeof value == 'number') {
+        return t.numericLiteral(value);
+      } else if (typeof value == 'object') {
+        const object = parsers.objectParser(value);
+        const props = Object.entries(object).map(([k, v]) => {
+          if (typeof v == 'string') {
+            return t.objectProperty(t.identifier(k), t.stringLiteral(v));
+          } else if (typeof v == 'number') {
+            return t.objectProperty(t.identifier(k), t.numericLiteral(v));
+          } else if (typeof v == 'boolean') {
+            return t.objectProperty(t.identifier(k), t.booleanLiteral(v));
+          }
+        });
+        return t.objectExpression(props);
      } else {
        throw new Error('Unable to parse array');
      }