Utils.getObjectKeysSize doesn't work with null prototype objects #2846
Description
Describe the bug
When passing a JS object with a null prototype ([Object: null prototype] { <key>: <value> }), for instance an argument from a GraphQL query, to the andWhere() method of the QueryBuilder, the error TypeError: object.hasOwnProperty is not a function arises.
Stack trace
TypeError: object.hasOwnProperty is not a function
at Function.getObjectKeysSize (<project-root>/node_modules/@mikro-orm/core/utils/Utils.js:163:24)
at Function.inlinePrimaryKeyObjects (<project-root>/node_modules/@mikro-orm/core/utils/QueryHelper.js:47:72)
at <project-root>/node_modules/@mikro-orm/core/utils/QueryHelper.js:60:22
at Array.forEach (<anonymous>)
at Function.inlinePrimaryKeyObjects (<project-root>/node_modules/@mikro-orm/core/utils/QueryHelper.js:58:28)
at Function.processWhere (<project-root>/node_modules/@mikro-orm/core/utils/QueryHelper.js:70:25)
at QueryBuilder.where (<project-root>/node_modules/@mikro-orm/postgresql/node_modules/@mikro-orm/knex/query/QueryBuilder.js:136:39)
at QueryBuilder.andWhere (<project-root>/node_modules/@mikro-orm/postgresql/node_modules/@mikro-orm/knex/query/QueryBuilder.js:163:21)
To Reproduce
Steps to reproduce the behavior:
- Create a null prototype object:
const test = { key: "value", __proto__: null } - Pass that object to the QueryBuilder's andWhere method:
qb.andWhere({ test: test })
Expected behavior
The Utils.getObjectKeysSize works correctly with null prototype objects
Additional context
I've found that Utils.getObjectKeysSize calls object.hasOwnProperty directly, instead of using Object.prototype.hasOwnProperty.call:
mikro-orm/packages/core/src/utils/Utils.ts
Line 176 in ffe6bd8
Versions
| Dependency | Version |
|---|---|
| node | 14.19.0 |
| typescript | 4.5.2 |
| mikro-orm | 5.0.5 |
| postgres | 5.0.5 |