From 03b49b66ccaf3dbb7084b0b9cd2183e63242d7fb Mon Sep 17 00:00:00 2001 From: Jinwoo Park Date: Mon, 13 Nov 2023 21:09:41 +0900 Subject: [PATCH 1/2] Chore: copy data argument to avoid mutate origin. copy data argument passed to mail.send method to avoid mutate original variable --- packages/mail/src/classes/mail-service.js | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/packages/mail/src/classes/mail-service.js b/packages/mail/src/classes/mail-service.js index 8f4bb8bb1..111930985 100644 --- a/packages/mail/src/classes/mail-service.js +++ b/packages/mail/src/classes/mail-service.js @@ -180,18 +180,20 @@ class MailService { //Send mail try { + // copy object to avoid mutating original + const args = data; //Append multiple flag to data if not set if (typeof data.isMultiple === 'undefined') { - data.isMultiple = isMultiple; + args.isMultiple = isMultiple; } //Append global substitution wrappers if not set in data if (typeof data.substitutionWrappers === 'undefined') { - data.substitutionWrappers = this.substitutionWrappers; + args.substitutionWrappers = this.substitutionWrappers; } //Create Mail instance from data and get JSON body for request - const mail = Mail.create(data); + const mail = Mail.create(args); const body = mail.toJSON(); //Filters the Mail body to avoid sensitive content leakage From 42fce6cfb4297bf5faa6f715e7dc4a20d015afe0 Mon Sep 17 00:00:00 2001 From: Jinwoo Park Date: Mon, 13 Nov 2023 21:36:08 +0900 Subject: [PATCH 2/2] shallow copy --- packages/mail/src/classes/mail-service.js | 5 ++- .../mail/src/classes/mail-service.spec.js | 33 +++++++++++++++++++ 2 files changed, 35 insertions(+), 3 deletions(-) create mode 100644 packages/mail/src/classes/mail-service.spec.js diff --git a/packages/mail/src/classes/mail-service.js b/packages/mail/src/classes/mail-service.js index 111930985..fcae2ea71 100644 --- a/packages/mail/src/classes/mail-service.js +++ b/packages/mail/src/classes/mail-service.js @@ -181,7 +181,7 @@ class MailService { try { // copy object to avoid mutating original - const args = data; + const args = { ...data }; //Append multiple flag to data if not set if (typeof data.isMultiple === 'undefined') { args.isMultiple = isMultiple; @@ -191,11 +191,10 @@ class MailService { if (typeof data.substitutionWrappers === 'undefined') { args.substitutionWrappers = this.substitutionWrappers; } - //Create Mail instance from data and get JSON body for request const mail = Mail.create(args); const body = mail.toJSON(); - + //Filters the Mail body to avoid sensitive content leakage this.filterSecrets(body); diff --git a/packages/mail/src/classes/mail-service.spec.js b/packages/mail/src/classes/mail-service.spec.js new file mode 100644 index 000000000..a6fea0014 --- /dev/null +++ b/packages/mail/src/classes/mail-service.spec.js @@ -0,0 +1,33 @@ +const { assert } = require('chai'); + +const MailService = require('./mail-service'); +describe('MailService send', () => { + it('should not mutate original data variable', () => { + const mailService = new MailService(); + mailService.setClient({ + request: (req, cb) => { + return new Promise((resolve) => { + resolve(); + }); + }, + }); + const data = { + to: 'test@example.com', + from: 'test@example.com', // Use the email address or domain you verified above + subject: 'Sending with Twilio SendGrid is Fun', + text: 'and easy to do anywhere, even with Node.js', + html: 'and easy to do anywhere, even with Node.js', + }; + return mailService.send(data).then(() => { + assert.deepStrictEqual(data, + { + to: 'test@example.com', + from: 'test@example.com', // Use the email address or domain you verified above + subject: 'Sending with Twilio SendGrid is Fun', + text: 'and easy to do anywhere, even with Node.js', + html: 'and easy to do anywhere, even with Node.js', + }); + + }); + }); +});