micromatch
diff --git a/‎lib/constants.js‎
Lines changed: 2 additions & 2 deletions b/‎lib/constants.js‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎test/malicious.js‎
Lines changed: 5 additions & 0 deletions b/‎test/malicious.js‎
Lines changed: 5 additions & 0 deletions
@@ -98,11 +98,11 @@ module.exports = {
  REGEX_REMOVE_BACKSLASH: /(?:\[.*?[^\\]\]|\\(?=.))/g,
 
  // Replace globs with equivalent patterns to reduce parsing time.
- REPLACEMENTS: {
+ REPLACEMENTS: Object.assign(Object.create(null), {
  '***': '*',
  '**/**': '**',
  '**/**/**': '**'
- },
+ }),
 
  // Digits
  CHAR_0: 48, /* 0 */
 
@@ -30,4 +30,9 @@ describe('handling of potential regex exploits', () => {
  assert(!isMatch('A', `!(${repeat(500)}A)`, { maxLength: 499 }));
  }, /Input length: 504, exceeds maximum allowed length: 499/);
  });
+ it('should be able to accept Object instance properties', () => {
+ assert(isMatch('constructor', 'constructor'), 'valid match');
+ assert(isMatch('__proto__', '__proto__'), 'valid match');
+ assert(isMatch('toString', 'toString'), 'valid match');
+ });
 });