fix: security vulnerability that allows remote code execution (GHSA-p6h4-93qp-jhcm) (#7843)

2022-03-12 13:49:57 +01:00
parent a48015c3b0
commit 971adb5438
11 changed files with 445 additions and 40 deletions
--- a/resources/buildConfigDefinitions.js
+++ b/resources/buildConfigDefinitions.js
@@ -172,6 +172,20 @@ function parseDefaultValue(elt, value, t) {
    literalValue = t.arrayExpression(array.map((value) => {
      if (typeof value == 'string') {
        return t.stringLiteral(value);
+      } else if (typeof value == 'number') {
+        return t.numericLiteral(value);
+      } else if (typeof value == 'object') {
+        const object = parsers.objectParser(value);
+        const props = Object.entries(object).map(([k, v]) => {
+          if (typeof v == 'string') {
+            return t.objectProperty(t.identifier(k), t.stringLiteral(v));
+          } else if (typeof v == 'number') {
+            return t.objectProperty(t.identifier(k), t.numericLiteral(v));
+          } else if (typeof v == 'boolean') {
+            return t.objectProperty(t.identifier(k), t.booleanLiteral(v));
+          }
+        });
+        return t.objectExpression(props);
      } else {
        throw new Error('Unable to parse array');
      }