Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WebGLRenderingContext getParameter override is detected in CreepJS as recursion error #110

Open
dekelev opened this issue Dec 2, 2022 · 3 comments
Open

WebGLRenderingContext getParameter override is detected in CreepJS as recursion error #110

dekelev opened this issue Dec 2, 2022 · 3 comments
Assignees
@barjin
Labels
bug Something isn't working. t-tooling Issues with this label are in the ownership of the tooling team.

Comments

@dekelev
Copy link

dekelev commented Dec 2, 2022

The following code override seems to be detected in CreepJS:

image

image

Any idea why it happens and if it can be fixed?

To Reproduce
Load CreepJS website.

Expected behavior
No detection.

System information:

  • OS: MacOS
  • Node.js version 16.14.0
@dekelev dekelev added the bug Something isn't working. label Dec 2, 2022
@barjin
Copy link
Collaborator

barjin commented Dec 2, 2022

Duplicate of #102 , direct cause of #100.

Just like with the #102 - let us know if you find out this change (#100) trips any real bot protection service in your pipeline - as CreepJS is notoriously pedantic but seldom used in any real-world applications. I won't close this issue as this should be addressed soon-ish. Either way, thank you for submitting this, feel free to add any extra information :)

@ja3abuser
Copy link

Duplicate of #102 , direct cause of #100.

Just like with the #102 - let us know if you find out this change (#100) trips any real bot protection service in your pipeline - as CreepJS is notoriously pedantic but seldom used in any real-world applications. I won't close this issue as this should be addressed soon-ish. Either way, thank you for submitting this, feel free to add any extra information :)

haha I detect "too much recursion" in my BOT/DDoS protection project :D
is that not a reason?

@barjin
Copy link
Collaborator

barjin commented Dec 7, 2022
edited
Loading

I think this one might be connected to the getChainCycleLie function from CreepJS - this tests the error line thrown by the JS execution engine when you try to set up a cyclic prototype chain - you cannot setup a prototype chain cycle as that might cause an infinite loop during property access.

The actual error line when setting the cyclic prototype differs between browsers (Chrome/Firefox...), but when you tamper with the prototype object, very often you override this behaviour with your injections; and then no error stops you from creating the cycle - which is exactly what this test tests.

The more you know, I guess? :)

@barjin barjin self-assigned this Jul 21, 2023
@barjin barjin added the t-tooling Issues with this label are in the ownership of the tooling team. label Jul 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@barjin barjin

Labels
bug Something isn't working. t-tooling Issues with this label are in the ownership of the tooling team.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dekelev @barjin @ja3abuser