Ofufuza ochokera ku Helmholtz Center for Information Security (CISPA) ndi Royal Institute of Technology (Sweden) adasanthula kugwiritsa ntchito njira ya JavaScript prototype kuipitsa kuti apange kuukira pa nsanja ya Node.js ndi ntchito zodziwika bwino zochokera pamenepo, zomwe zimatsogolera ku kuphedwa kwa ma code.
Njira yoyipitsira zofananira imagwiritsa ntchito gawo la chilankhulo cha JavaScript yomwe imakupatsani mwayi wowonjezera zatsopano pamizu yachinthu chilichonse. Mapulogalamu angakhale ndi ma code blocks (zida) zomwe ntchito yake imakhudzidwa ndi malo olowa m'malo; mwachitsanzo, code ikhoza kukhala ndi zomangamanga monga 'const cmd = options.cmd || "/bin/sh"', malingaliro ake omwe angasinthidwe ngati wowukirayo atha kulowetsa katundu wa "cmd" muzotsatira za mizu.
Kuwukira kopambana kumafuna kuti pulogalamuyo igwiritse ntchito deta yakunja kuti ipange chinthu chatsopano pamizu yachinthucho, ndikuti kuchitako kumakumana ndi chida chomwe chimadalira katundu wosinthidwa. Kusintha mawonekedwe kumatheka pokonza "__proto__" ndi "zomanga" mu Node.js. Katundu wa "__proto__" amabweretsanso chitsanzo cha gulu la chinthucho, ndipo katundu wa "constructor" amabweza ntchito yomwe idagwiritsidwa ntchito popanga chinthucho.
Ngati nambala yofunsira ili ndi gawo "obj[a][b] = mtengo" ndipo zikhalidwe zimakhazikitsidwa kuchokera ku data yakunja, wowukira atha kuyika "a" pamtengo "__proto__" ndikukwaniritsa kuyika kwawo ndi dzina "b" ndi mtengo "mtengo" muzu wa chinthucho (obj.__proto__.b = mtengo;), ndi katundu wokhazikitsidwa mu chitsanzocho adzawoneka muzinthu zonse. Mofananamo, ngati code ili ndi mawu monga "obj[a][b][c] = mtengo", poika "a" ku mtengo wa "womanga", ndi "b" ku "prototype" muzinthu zonse zomwe zilipo, mukhoza fotokozani malo atsopano okhala ndi dzina "c" ndi mtengo "mtengo".
Chitsanzo cha kusintha chitsanzo: const o1 = {}; const o2 = Chinthu chatsopano (); o1.__proto__.x = 42; // pangani katundu "x" muzu lachitsanzo console.log (o2.x); // kupeza katundu "x" kuchokera ku chinthu china // zotulukazo zidzakhala 42, popeza mizu idasinthidwa kudzera mu chinthu o1, chomwe chimagwiritsidwanso ntchito mu chinthu o2.
Chitsanzo cha code yomwe ili pachiwopsezo: ntchito entryPoint (arg1, arg2, arg3){ const obj = {}; const p = obj[arg1]; p[arg2] = arg3; kubwerera p; }
Ngati mikangano ya ntchito ya entryPoint ipangidwa kuchokera ku data yolowetsa, ndiye kuti wowukira atha kupereka mtengo "__proto__" ku arg1 ndikupanga chinthu chokhala ndi dzina lililonse muzotsatira. Ngati mupereka arg2 mtengo "toString" ndi arg3 mtengo 1, mutha kufotokozera katundu wa "toString" (Object.prototype.toString=1) ndikuphwanya pulogalamuyo panthawi yoyimba kuString().
Zitsanzo za zochitika zomwe zingayambitse kupha ma code owukira ndi kupanga "main", "chipolopolo", "exports", "contextExtensions" ndi "env". Mwachitsanzo, woukira akhoza kupanga chinthu "chachikulu" muzu wa chinthu, ndikulembamo njira yopita ku zolemba zake (Object.prototype.main = "./../../pwned.js") ndi katunduyu adzayitanidwa pa nthawi ya kuphedwa mu code of construction amafuna("my-package"), ngati phukusi lophatikizidwa silikulongosola momveka bwino katundu "wamkulu" mu phukusi.json (ngati katunduyo sakufotokozedwa, idzapezedwa kuchokera ku mizu). Katundu wa "chipolopolo", "zotumiza kunja" ndi "env" zitha kulowetsedwa m'malo mofanana: let rootProto = Object.prototype; rootProto["exports"] = {".":"./changelog.js"}; rootProto["1"] = "/path/to/npm/scripts/"; // kuyambitsa kuyimba kumafunika ("./target.js"); Object.prototype.main = "/path/to/npm/scripts/changelog.js"; Object.prototype.shell = "node"; Object.prototype.env = {}; Object.prototype.env.NODE_OPTIONS = "-inspect-brk=0.0.0.0:1337"; // kuyambitsa kuyimba kumafunika ("bytes");
Ofufuzawo adasanthula ma phukusi a 10 a NPM okhala ndi chiwerengero chachikulu chodalira ndipo adapeza kuti 1958 mwa iwo alibe katundu wamkulu mu phukusi.json, 4420 amagwiritsa ntchito njira zofananira pazofunikira zawo, ndipo 355 amagwiritsa ntchito mwachindunji API yolowa m'malo.
Chitsanzo chogwira ntchito ndi mwayi wowukira Parse Server backend yomwe imaposa katundu wa evalFunctions. Kuti muchepetse kuzindikirika kwa zofooka zotere, zida zopangira zida zapangidwa zomwe zimaphatikiza njira zowunikira komanso zosunthika. Pakuyesedwa kwa Node.js, zida za 11 zidadziwika zomwe zitha kugwiritsidwa ntchito kukonza ziwopsezo zomwe zimatsogolera kukuphatikizika kwa code ya wowukirayo. Kuphatikiza pa Parse Server, ziwopsezo ziwiri zomwe zingagwiritsidwe ntchito zidadziwikanso mu NPM CLI.
Source: opennet.ru