Check for object prototype pollution and update variable names.

diff --git a/src/bin/server.ts b/src/bin/server.ts
index 59b46a6474f82ac01565a29fd8d3bb5d7ba6ec35..700e032fd974147fa26ee03f62861db5239b5a2f 100755 (executable)
--- a/src/bin/server.ts
+++ b/src/bin/server.ts
@@ -87,16 +87,20 @@ process.on('SIGHUP', async (): Promise<void> => {
        await loadConfig()
 })
 
-async function respond (res: http.ServerResponse, data: Buffer[]): Promise<void> {
+async function respond (res: http.ServerResponse, dataBuffer: Buffer[]): Promise<void> {
        let statusCode: number = 500
        let headers: http.OutgoingHttpHeaders = { 'Content-Type': 'application/json' }
        let response: string = 'request failed'
        try {
-               const datastring = Buffer.concat(data).toString()
+               const datastring = Buffer.concat(dataBuffer).toString()
                if (Buffer.byteLength(datastring) > MAX_BODY_SIZE) {
                        throw new Error('Data too large.')
                }
-               const { action, hash, work, difficulty }: WorkGenerateRequest | WorkValidateRequest = JSON.parse(datastring)
+               const data: WorkGenerateRequest | WorkValidateRequest = JSON.parse(datastring)
+               if (Object.getPrototypeOf(data) !== Object.prototype) {
+                       throw new Error('Data corrupted.')
+               }
+               const { action, hash, work, difficulty } = data
                if (action !== 'work_generate' && action !== 'work_validate') {
                        throw new Error('Action must be work_generate or work_validate.')
                }