more failing proto pollution tests

substack · substack · commit 13c01a532773 · 2020-03-10T09:04:33.000-10:00
diff --git a/test/proto.js b/test/proto.js
@@ -5,5 +5,33 @@ test('proto pollution', function (t) {
     var argv = parse(['--__proto__.x','123']);
     t.equal({}.x, undefined);
     t.equal(argv.__proto__.x, 123);
+    t.equal(argv.x, undefined);
+    t.end();
+});
+
+test('proto pollution (array)', function (t) {
+    var argv = parse(['--x','4','--x','5','--x.__proto__.z','789']);
+    t.equal({}.z, undefined);
+    t.deepEqual(argv.x, [4,5]);
+    t.equal(argv.x.z, undefined);
+    t.equal(argv.x.__proto__.z, 789);
+    t.end();
+});
+
+test('proto pollution (number)', function (t) {
+    var argv = parse(['--x','5','--x.__proto__.z','100']);
+    t.equal({}.z, undefined);
+    t.equal((4).z, undefined);
+    t.equal(argv.x, 5);
+    t.equal(argv.x.z, undefined);
+    t.end();
+});
+
+test('proto pollution (string)', function (t) {
+    var argv = parse(['--x','abc','--x.__proto__.z','def']);
+    t.equal({}.z, undefined);
+    t.equal('...'.z, undefined);
+    t.equal(argv.x, 'abc');
+    t.equal(argv.x.z, undefined);
     t.end();
 });
