pp-runtime-gadgets/pocs/StringRaw-raw.PoC.js at main · ericcornelissen/pp-runtime-gadgets · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
// SPDX-License-Identifier: BlueOak-1.0.0

import { scoring } from "./score.js";

export const about = {
	function: "String.raw",
	link: "https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/raw",
	properties: ["'raw'"],
	description: `
The String.raw function takes a template and a set of substitutions. If the
template is an object, the raw property is used as a list of literals into which
the substitutions are placed. Hence, if the template is an object without the
raw property it could be polluted to control the resulting string.`,
	spectrace: [
		"https://tc39.es/ecma262/#sec-string.raw",
	],
};

export function prerequisite() {
	try {
		String.raw({}, "foobar");
		return [false, "unexpected success"];
	} catch {
		return [true, null];
	}
}

export function test() {
	Object.prototype.raw = ["foo", "bar"];

	const got = String.raw({}, "foobar");
	if (got === "foofoobarbar") {
		return true;
	} else {
		return false;
	}
}

export function cleanup() {
	delete Object.prototype.raw;
}

export function score() {
	return [
		scoring.INCORRECT_ARGUMENT_TYPE,
	];
}