Skip to content

Commit

Permalink
fix Unsafe JavaScript Equality Checking (#2183)
Browse files Browse the repository at this point in the history
  • Loading branch information
Xiaoshouzi-gh authored May 24, 2023
1 parent 52904f6 commit d563011
Show file tree
Hide file tree
Showing 5 changed files with 7 additions and 7 deletions.
2 changes: 1 addition & 1 deletion src/auth/auth-api-request.ts
Original file line number Diff line number Diff line change
Expand Up @@ -1603,7 +1603,7 @@ export abstract class AbstractAuthRequestHandler {
* @param email - The email of the user the link is being sent to.
* @param actionCodeSettings - The optional action code setings which defines whether
* the link is to be handled by a mobile app and the additional state information to be passed in the
* deep link, etc. Required when requestType == 'EMAIL_SIGNIN'
* deep link, etc. Required when requestType === 'EMAIL_SIGNIN'
* @param newEmail - The email address the account is being updated to.
* Required only for VERIFY_AND_CHANGE_EMAIL requests.
* @returns A promise that resolves with the email action link.
Expand Down
4 changes: 2 additions & 2 deletions src/auth/auth-config.ts
Original file line number Diff line number Diff line change
Expand Up @@ -1517,7 +1517,7 @@ export class OIDCConfig implements OIDCAuthProviderConfig {
const allKeys = Object.keys(options.responseType).length;
const enabledCount = Object.values(options.responseType).filter(Boolean).length;
// Only one of OAuth response types can be set to true.
if (allKeys > 1 && enabledCount != 1) {
if (allKeys > 1 && enabledCount !== 1) {
throw new FirebaseAuthError(
AuthClientErrorCode.INVALID_OAUTH_RESPONSETYPE,
'Only exactly one OAuth responseType should be set to true.',
Expand Down Expand Up @@ -1872,7 +1872,7 @@ export class RecaptchaAuthConfig implements RecaptchaConfig {
});
}

if (typeof options.useAccountDefender != 'undefined') {
if (typeof options.useAccountDefender !== 'undefined') {
if (!validator.isBoolean(options.useAccountDefender)) {
throw new FirebaseAuthError(
AuthClientErrorCode.INVALID_CONFIG,
Expand Down
2 changes: 1 addition & 1 deletion src/auth/tenant.ts
Original file line number Diff line number Diff line change
Expand Up @@ -287,7 +287,7 @@ export class Tenant {
MultiFactorAuthConfig.buildServerRequest(request.multiFactorConfig);
}
// Validate SMS Regions Config if provided.
if (typeof request.smsRegionConfig != 'undefined') {
if (typeof request.smsRegionConfig !== 'undefined') {
SmsRegionsAuthConfig.validate(request.smsRegionConfig);
}
// Validate reCAPTCHAConfig type if provided.
Expand Down
2 changes: 1 addition & 1 deletion src/auth/token-verifier.ts
Original file line number Diff line number Diff line change
Expand Up @@ -466,7 +466,7 @@ export class FirebaseTokenVerifier {
private safeDecode(jwtToken: string): Promise<DecodedToken> {
return decodeJwt(jwtToken)
.catch((err: JwtError) => {
if (err.code == JwtErrorCode.INVALID_ARGUMENT) {
if (err.code === JwtErrorCode.INVALID_ARGUMENT) {
const verifyJwtTokenDocsMessage = ` See ${this.tokenInfo.url} ` +
`for details on how to retrieve ${this.shortNameArticle} ${this.tokenInfo.shortName}.`;
const errorMessage = `Decoding ${this.tokenInfo.jwtName} failed. Make sure you passed ` +
Expand Down
4 changes: 2 additions & 2 deletions src/remote-config/remote-config-api-client-internal.ts
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ export class RemoteConfigApiClient {
public publishTemplate(template: RemoteConfigTemplate, options?: { force: boolean }): Promise<RemoteConfigTemplate> {
template = this.validateInputRemoteConfigTemplate(template);
let ifMatch: string = template.etag;
if (options && options.force == true) {
if (options && options.force === true) {
// setting `If-Match: *` forces the Remote Config template to be updated
// and circumvent the ETag, and the protection from that it provides.
ifMatch = '*';
Expand Down Expand Up @@ -244,7 +244,7 @@ export class RemoteConfigApiClient {
* @param {string} customEtag A custom etag to replace the etag fom the API response (Optional).
*/
private toRemoteConfigTemplate(resp: HttpResponse, customEtag?: string): RemoteConfigTemplate {
const etag = (typeof customEtag == 'undefined') ? resp.headers['etag'] : customEtag;
const etag = (typeof customEtag === 'undefined') ? resp.headers['etag'] : customEtag;
this.validateEtag(etag);
return {
conditions: resp.data.conditions,
Expand Down

0 comments on commit d563011

Please sign in to comment.