Added positive assertions to tests

mui · May 23, 2024 · 4c06bae · 4c06bae
1 parent 17740f2
commit 4c06bae
Showing 1 changed file with 22 additions and 8 deletions.
diff --git a/packages/mui-utils/src/deepmerge/deepmerge.test.ts b/packages/mui-utils/src/deepmerge/deepmerge.test.ts
@@ -5,32 +5,46 @@ import deepmerge from './deepmerge';
 describe('deepmerge', () => {
   // https://snyk.io/blog/after-three-years-of-silence-a-new-jquery-prototype-pollution-vulnerability-emerges-once-again/
   it('should not be subject to prototype pollution via __proto__', () => {
-    deepmerge({}, JSON.parse('{ "myProperty": "a", "__proto__" : { "isAdmin" : true } }'), {
-      clone: false,
-    });
+    const result = deepmerge(
+      {},
+      JSON.parse('{ "myProperty": "a", "__proto__" : { "isAdmin" : true } }'),
+      {
+        clone: false,
+      },
+    );
 
+    // @ts-expect-error __proto__ is not on this object type
+    // eslint-disable-next-line no-proto
+    expect(result.__proto__).to.have.property('isAdmin');
     expect({}).not.to.have.property('isAdmin');
   });
 
   // https://cwe.mitre.org/data/definitions/915.html
   it('should not be subject to prototype pollution via constructor', () => {
-    deepmerge(
+    const result = deepmerge(
       {},
       JSON.parse('{ "myProperty": "a", "constructor" : { "prototype": { "isAdmin" : true } } }'),
       {
         clone: true,
       },
     );
 
+    expect(result.constructor.prototype).to.have.property('isAdmin');
     expect({}).not.to.have.property('isAdmin');
   });
 
   // https://cwe.mitre.org/data/definitions/915.html
   it('should not be subject to prototype pollution via prototype', () => {
-    deepmerge({}, JSON.parse('{ "myProperty": "a", "prototype": { "isAdmin" : true } }'), {
-      clone: false,
-    });
+    const result = deepmerge(
+      {},
+      JSON.parse('{ "myProperty": "a", "prototype": { "isAdmin" : true } }'),
+      {
+        clone: false,
+      },
+    );
 
+    // @ts-expect-error prototype is not on this object type
+    expect(result.prototype).to.have.property('isAdmin');
     expect({}).not.to.have.property('isAdmin');
   });
 
@@ -44,7 +58,7 @@ describe('deepmerge', () => {
     // eslint-disable-next-line no-proto
     expect(result.__proto__).to.have.property('isAdmin');
     expect({}).not.to.have.property('isAdmin');
-  })
+  });
 
   it('should merge objects across realms', function test() {
     if (!/jsdom/.test(window.navigator.userAgent)) {