admin/n8n-enterprise-unlocked
1
0
Fork 0
mirror of https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git synced 2025-12-17 01:56:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(core): Prevent prototype pollution in task runner (#12588)

Browse Source
This commit is contained in:
Iván Ovejero
2025-01-15 09:51:42 +01:00
committed by GitHub
parent 674ba3c59a
commit bdf266cf55
5 changed files with 99 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
packages/cli/src/task-runners/__tests__/task-runner-process.test.ts
View File

@@ -118,13 +118,14 @@ describe('TaskRunnerProcess', () => {
expect(options.env).not.toHaveProperty('NODE_OPTIONS');
});
it('should use --disallow-code-generation-from-strings flag', async () => {
it('should use --disallow-code-generation-from-strings and --disable-proto=delete flags', async () => {
jest.spyOn(authService, 'createGrantToken').mockResolvedValue('grantToken');
await taskRunnerProcess.start();
expect(spawnMock.mock.calls[0].at(1)).toEqual([
'--disallow-code-generation-from-strings',
'--disable-proto=delete',
expect.stringContaining('/packages/@n8n/task-runner/dist/start.js'),
]);
});