Cilmi-baarayaal ka socda Xarunta Helmholtz ee Amniga Macluumaadka (CISPA) iyo Machadka Boqortooyada ee Teknolojiyadda (Sweden) ayaa falanqeeyay ku habboonaanta wasakheynta tusaalaha ah ee walxaha JavaScript si loo abuuro weeraro fulineed oo ku saabsan madal Node.js iyo codsiyada caanka ah ee ku salaysan Node.js.
Wasakhowga nooca prototype wuxuu ka faa'iidaystaa sifada luqadda JavaScript taasoo u oggolaanaysa sifooyinka cusub in lagu daro asalka asalka ah ee shay kasta. Codsiyada waxaa ku jiri kara baloogyo kood ah (qalab) oo hawlgalkoodu uu saameeyo hanti la beddelay. Tusaale ahaan, koodku wuxuu ka koobnaan karaa dhisme sida 'const cmd = options.cmd || "/bin/sh"', kaas oo macquulkiisa la beddeli doono haddii weeraryahanku si guul leh ugu beddelo hantida "cmd" qaab-dhismeedka asalka ah.
Si weerarku u guuleysto, codsigu waa inuu awood u yeeshaa inuu isticmaalo xogta dibadda ka soo gasha si uu u abuuro hanti cusub oo ku jirta asalka shayga, waana in la helaa qalab ku xiran hantida la beddelay inta lagu jiro fulinta. Wax ka beddelka nooca prototype-ka waxaa lagu gaaraa iyadoo la adeegsanayo sifooyinka "__proto__" iyo "dhismaha" ee Node.js. Hantida "__proto__" waxay soo celisaa nooca fasalka shayga, hantida "dhismaha"-na waxay soo celisaa shaqada loo isticmaalay in lagu abuuro shayga.
Haddii koodhka codsigu uu ka kooban yahay qoondaynta "obj[a][b] = qiimaha" qiimayaashuna laga soo dejiyay xogta dibadda, weeraryahanku wuxuu dejin karaa "a" ilaa "__proto__" wuxuuna dejin karaa hantidooda oo lagu magacaabo "b" qiimahana "qiimaha" ku yaal asalka shayga (obj.__proto__.b = qiimaha;), iyadoo hantida lagu dejiyay tusaalaha ay ka muuqato dhammaan walxaha. Sidoo kale, haddii koodku ka kooban yahay tibaaxo sida "obj[a][b][c] = qiimaha," isagoo dejinaya "a" ilaa "dhisme" iyo "b" ilaa "prototype," hanti cusub oo lagu magacaabo "c" iyo qiimaha "qiimaha" waxaa lagu qeexi karaa dhammaan walxaha jira.
Tusaale ahaan beddelka tusaalaha: const o1 = {}; const o2 = Shay cusub (); o1.__proto__.x = 42; // waxaan abuurnaa hantida "x" ee ku jirta asalka asalka ah ee konsole.log (o2.x); // waxaan ka galnaa hantida "x" shay kale // wax soo saarku wuxuu noqon doonaa 42, maadaama asalka asalka ah, kaas oo sidoo kale loo isticmaalo shayga o2, lagu beddelay shayga o1
Tusaale ahaan koodhka nugul: function entryPoint (arg1, arg2, arg3){const obj = {}; const p = obj[arg1]; p[arg2] = arg3; soo celi p; }
Haddii doodaha shaqada entryPoint laga soo saaro xogta gelinta, weeraryahanku wuxuu u gudbin karaa "__proto__" arg1 wuxuuna abuuri karaa hanti leh magac kasta oo ku jira nooca asalka ah. Marka "toString" loo gudbiyo arg2 iyo 1 loo gudbiyo arg3, hantida "toString" waxaa lagu qeexi karaa (Object.prototype.toString=1) barnaamijkuna wuu burburi karaa marka la wacayo shaqada toString().
Tusaalooyinka xaaladaha keeni kara fulinta koodhka weerarka waxaa ka mid ah abuurista sifooyinka "ugu weyn", "qolof", "dhoofinta", "contextExtensions", iyo "env". Tusaale ahaan, weeraryahanku wuxuu abuuri karaa hanti "ugu weyn" oo ku jirta nooca asalka ah ee shay, isagoo dejinaya wadada loo maro qoraalkooda (Object.prototype.main = "./../../pwned.js"), hantidanna waxaa la wici doonaa marka loo baahdo ("xirmadayda-xirmada") la fuliyo haddii xirmada ku jirta aysan si cad u qeexin hantida "ugu weyn" ee ku jirta package.json (haddii hantida aan la qeexin, waxaa laga heli doonaa nooca asalka ah). Astaamaha "qolof", "dhoofinta", iyo "env" si la mid ah ayaa loo beddeli karaa: ha rootProto = Object.prototype; rootProto["dhoofinta"] = {«.":»./changelog.js"}; rootProto["1"] = "/path/to/npm/scripts/"; // kicinta call require("./target.js"); Shay.prototype.main = "/path/to/npm/scripts/changelog.js"; Shay.prototype.shell = "node"; Shay.prototype.env = {}; Shay.prototype.env.NODE_OPTIONS = "—inspect-brk=0.0.0.0:1337"; // wicitaanka kicinta ayaa u baahan ("bytes");
Cilmi-baarayaashu waxay falanqeeyeen 10 oo xirmooyin NPM ah oo leh tirada ugu badan ee ku-tiirsanaanta waxayna ogaadeen in 1958 ka mid ah aysan lahayn hanti weyn oo ku jirta package.json, 4420 waxay isticmaalaan waddooyin qaraabo ah oo ku jira bayaanka loo baahan yahay, iyo 355 waxay si toos ah u isticmaalaan API-ga beddelka amarka.
Tusaale shaqeynaya waa faa'iido lagu bartilmaameedsanayo dambe ee Parse Server, kaas oo ka gudbaya hantida evalFunctions. Si loo fududeeyo ogaanshaha nuglaanta noocaas ah, qalab isku daraya hababka falanqaynta ee taagan iyo kuwa firfircoon ayaa la sameeyay. Tijaabada Node.js waxay muujisay 11 qalab oo loo isticmaali karo in lagu bilaabo weeraro horseedaya fulinta koodka weerarka. Marka laga soo tago Parse Server, laba nugul oo la isticmaali karo ayaa sidoo kale lagu aqoonsaday NPM CLI.
Source: opennet.ru
