Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Helper to deal with dangerous strings

See original GitHub issue

🚀 Feature Request

JavaScript is subject to very strange bugs when using keys like __proto__ or reserved keywords.

The aim of this feature will be to come with a nice helper able to generate strings including various keywords such as:

'__prototype__', '__proto__' , 'proto'    , 'constructor', 'set'      , 'get'       ,
'break'        , 'case'      , 'class'    , 'catch'      , 'const'    , 'continue'  ,
'debugger'     , 'default'   , 'delete'   , 'do'         , 'else'     , 'export'    ,
'extends'      , 'finally'   , 'for'      , 'function'   , 'if'       , 'import'    ,
'in'           , 'instanceof', 'new'      , 'return'     , 'super'    , 'switch'    ,
'this'         , 'throw'     , 'try'      , 'typeof'     , 'var'      , 'void'      ,
'while'        , 'with'      , 'yield'    , 'enum'       , 'await'    , 'implements',
'let'          , 'package'   , 'protected', 'static'     , 'interface', 'private'   ,
'public'       , 'abstract'  , 'boolean'  , 'byte'       , 'char'     , 'double'    ,
'final'        , 'float'     , 'goto'     , 'int'        , 'long'     , 'native'    ,
'short'

_proto and related plus reserved keywords listed in https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Lexical_grammar_

It might also includes known vulnerabilities or keywords coming from other langages: SELECT, FROM…

Bugs like the one of letrec - see https://github.com/dubzzz/fast-check/issues/483 - would have been easier to detect with such helper.

Issue Analytics

State:
Created 4 years ago
Reactions:1
Comments:7 (6 by maintainers)

Top GitHub Comments

2reactions

dubzzzcommented, Jul 11, 2022

Will be the default for strings starting in v3.1

0reactions

dubzzzcommented, Mar 28, 2021

@ethanresnick

should this also be part of the bias of the normal fc.string arbitrary

It will be the default for the string and other related structures. The target for next versions of fast-check is to consider the full scope of possible inputs and to pin-point as soon as possible when this scope is wrong. If someone says: ‘my algorithm can handle any string, then it should also handle proto, otherwise it means that any is falsy’.

@tinydylan

I’m currently POC-ing a new way to build the core arbitraries of fast-check (https://github.com/dubzzz/fast-check/pull/1631). One of the aim is to be able to shrink easily any entry even some that were not directly generated through normal generators of fast-check. As a consequence, the string generator will be able to receive any string and shrink it to smaller cases. I hope to be able to unlock this issue with this rework. (for the moment just a POC, it may never be merged).

The consequence will be that magic strings like proto could be shrunk by fast-check, which is not the case today if the string was not produced by it.